Updated: Aug 25, 2021
In my interview last week with international cybersecurity expert, Dan Lohrmann, I sought to expand my current understanding of the potential security vulnerability inherent in distance learning for K-12 students. Lohrmann confirmed that K-12 public education is indeed one of many sectors where the full scope of security vulnerability is underestimated by those outside of the cybersecurity expertise sphere he has inhabited for more than thirty years.
One of the key statements Lohrmann made during our first conversation was that there is a critical need for transparent discussions regarding cybersecurity issues amongst all stakeholders within K-12 public education in the US. He emphasized the dynamic nature of the cybersecurity threats which all school districts face,`and the continuing evolution of nefarious cyber players who are constantly upping their game to circumvent the existing security measures inherent within digital applications used for online instruction. The magnitude of the overall security exposure in public schools has increased exponentially since the widespread implementation of digital distance learning, nearly one year ago, but the core issue already existed prior to the Covid-19 pandemic.
He further explains that the role of Chief Information Security Officers ("CISO"), and the effectiveness of their security practices and governance, is more crucial than ever for public school districts, just as they will be for any organization conducting an ever-increasing amount of its operations via digital platforms. President Biden's renewed emphasis upon the urgency of cybersecurity vigilance is a hopeful sign, according to Lohrmann, that government will model the requisite transparency and vigilance over the next few years, which information security warrants. The blueprint for how such vigilance will trickle down to digital classrooms is, however, still a work in progress.
For more information regarding Dan Lohrmann: https://www.govtech.com/authors/MT-Author-GT-Dan-Lohrmann.html
For me, as a doctoral student and learning technologist, it is a very small cognitive leap to conclude that public school districts are among the institutions least prepared to create a sophisticated, coordinated response to information/privacy breaches during digital instruction. California public schools are not known for innovative practices or state of the art technological initiatives. Public education in California, on the contrary, is known for its poor performance as measured by virtually any metric for measuring administrative successes or student outcomes.
What remains unclear as I research this issue, is how cybersecurity leadership will manifest itself within the domain of public education. Since public school districts in California, for instance, do not currently prioritize cybersecurity policies for students, students' families or for the thousands of public school teachers relentlessly ploughing ahead within the digital domain, how will such critical oversight be managed? In the public school contexts within which I work, the institutional role of CISO at either the school or district level is unheard of.
Will the only answer be for the federal government to ensure that public education adheres to nationally defined standards, similar to those it promulgated for students with disabilities through the federally legislated requirement of FAPE?
And how can we trust that a plan for cyber resiliency might be introduced into public educational practices, when the very subject of digital security breaches remains taboo for teachers to broach within their individual schools or district setting?
Today, there are more unanswered questions than concrete plans being proffered by public school districts. They are tasked with the solemn duty of supplying a safe space for millions of underserved students. If districts are asking these uncomfortable questions, they are doing so clandestinely, which does not build public confidence that comprehensive action is imminent.
But In order to tackle the monolithic undertaking highlighted in this post, i.e. to pre-empt and adapt to increasing threats, public education leaders will be forced to come clean regarding the clear risks to students and teachers, and which school systems demonstrate glaring levels of unpreparedness.
This will require breaking with historical traditions of sweeping difficult systemic issues under the proverbial bureaucratic rug that plagues and diminishes public education in California.