At a glance.
- CISA offers cybersecurity guidance for US schools.
- DOJ files antitrust lawsuit against Google.
CISA offers cybersecurity guidance for US schools.
The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a report on education cybersecurity called Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats. With a high volume of sensitive data and few resources to protect it, schools have become a lucrative target for cyberattackers, a fact that was only exacerbated by the pandemic and the increased reliance on remote learning technology. The report offers recommendations to help K-12 schools bolster their cybersecurity posture. Informed by feedback from lawmakers, government officials, and members of the K-12 community, the guidance is composed of three overarching areas: investing in cybersecurity measures, addressing resource limitations, and improving collaboration and information sharing. The report is accompanied with a toolkit consisting of resources for building more robust school cybersecurity programs, and it emphasizes that leadership is key: “These recommendations are presented with a caveat: change must come from the top down. Leaders must establish and reinforce a cybersecure culture. Information technology and cybersecurity personnel cannot bear the burden alone.”
Rick McElroy, Principal Cybersecurity Strategist at VMware, wrote to draw attention to the importance of common, achievable standards for school administrators.
“CISA’s latest guidance for K-12 schools is extremely beneficial, as it gives educators and administrators a common criteria to work against when bolstering their security posture. It also comes at a pivotal time, since last year alone, more than 1,000 schools in the U.S. fell victim to ransomware attacks. A lack of security awareness and training, in addition to limited funding and resources, are all creating the ideal environment for cybercriminals to gain access to substantial amounts of personal student or research data in the education sector.
"One area that should be emphasized in this plan is a means for K-12 schools to find and retain cybersecurity talent. Security programs for K-12 schools are generally underfunded and understaffed - grant dollars and an increase in budgets should be prioritized to help schools achieve their cybersecurity goals.”
Poojan Kumar, Co-founder and CEO of Clumio, reviews the recent state of the threat to the education sector and offers some counsel about how it might better protect itself.
“In the last three months alone, there have been at least a dozen high-profile data breaches and ransomware attacks impacting school districts, higher educational institutions, and education technology companies (e.g., Chegg, McGraw Hill, and Illuminate). For a sector that is supposed to be a custodian of sensitive information for millions of students— including financial, demographic, health, and transcript data—its overall security practices have been woeful. Unfortunately, given the rampant use of unencrypted cloud databases, publicly accessible unstructured data buckets, and unsecure backups, these breaches are hardly shocking. Despite requiring adherence to the Children's Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA), many companies and institutions in the educational sector still continue to be lax about student data protection.
"Any identifiable information needs to be encrypted, access controlled, and backed in immutable air-gapped cloud vaults. This ensures that even if a data breach occurs, the information remains secure and cannot be accessed or tampered with, and there’s always a safe copy to recover from. Educational institutions and edtech companies must take these basic data security steps to protect the privacy of our students.”
DOJ files antitrust lawsuit against Google.
The US Department of Justice (DOJ) is suing Google parent company Alphabet, Inc. over allegations that the tech giant is abusing its monopoly over digital advertising tech to drown out the competition. Eight states have joined the lawsuit, which claims that Google “corrupted legitimate competition in the ad tech industry by engaging in a systematic campaign to seize control of the wide swath of high-tech tools used by publishers, advertisers and brokers to facilitate digital advertising.” As Vox explains, the DOJ is accusing Google of forcing ad buyers and sellers to use Google’s advertising tech at less favorable terms for them than those another company might offer, meaning websites get less revenue from online advertising than they otherwise would, and advertisers are in turn paying more. Attorney General Merrick Garland said at a press conference yesterday, “For 15 years Google has pursued a course of anticompetitive conduct that has allowed it to halt the rise of rival technologies, manipulate auction mechanics, insulate itself from competition, and forced advertisers and publishers to use its tools. Google has engaged in exclusionary conduct that has severely weakened if not destroyed competition in the ad-tech industry.”
In addition to asking Google to cease its anti competitive practices, the suit calls for Google to sell many of its ad tech products, which include software used for buying and selling ads, an advertising marketplace, and a service for displaying the ads on the web. As the New York Times notes, this is the fifth antitrust lawsuit filed by US officials against Google in the past three years and denotes an ongoing battle between big tech and global lawmakers, who assert that tech giants are using their dominance to unfairly influence the digital marketplace. A Google spokesperson told the Wall Street Journal, “DOJ is doubling down on a flawed argument that would slow innovation, raise advertising fees, and make it harder for thousands of small businesses and publishers to grow,” the spokesman said.