Iowa Congressman Zach Nunn is among the lawmakers putting forward a bill aimed at improving schools’ ability to protect students against cyber-attacks.
In the wake of a ransomware attack at the Des Moines Public Schools in January that resulted in a data breach, Nunn and Democratic Representative Doris Matsui have introduced the “Enhancing K-12 Cybersecurity” Act. Among other things, the bill creates a K-12 cybersecurity technology improvement program, establishes a cybersecurity information exchange, and creates a cybersecurity incident registry. Speaking on KMA’s “Morning Line” program Monday morning, the Bondurant Republican says the measure focuses on preventing ransomware attacks even from potential foreign entities.
“It can be a cyber-criminal, it can be a narco cartel, it can be a foreign state actor like Russia, Iran, or China, who attempts to exploit a ransom of currency – usually cryptocurrency is the preferred payment – and holds your data or hemorrhages that out,” said Nunn.
The legislation would also dedicate $20 million to address school cybersecurity issues. Nunn says the educational sector is particularly in need of safeguards due to the amount of information that would be accessible regarding the country’s youths.
“Whether it’s their medical information they turned into the school, their personal identification information that is kept on school servers, or if it’s some of their information that might be very detailed to them whether they’ve got a learning capability or challenge, or there’s any personally identifying information about them or their family,” he said. “Once that’s breached and that information is taken hostage by a foreign actor, that’s something that is going to echo with them the rest of their lives.”
Nunn emphasized the information exchange and incident registry, encouraging districts to report and share what happens in cybersecurity incidents. He says cybersecurity crimes not only pose a threat to the respective school districts but also to “national security,” especially when foreign actors are doing the ransomware.
“Once they’ve found one soft target in a school and it works, then they repeat that time after time – we saw that just here in Iowa where schools were getting rolled with a very similar type of ransomware that was proven effective in the first one,” said Nunn. “Schools didn’t have a good way to alert it and in some cases were not alerting it at all out of embarrassment or concerns for liability. We want them to come forward – when a crime is being committed, we want them to alert it so the crime doesn’t continue to happen.”
Nunn also pointed to the fiscal impact of cybersecurity crimes and ransoms on school districts.
“A lot of these things that are being settled in a ransomware, the average is about $2 million,” Nunn emphasized. “We expect this to only increase national to a quarter-of-a-trillion dollars here in the years to come in unpaid ransom that ends up really impacting baseline budgets for school districts.