The National Institute of Standards and Technology (NIST) is a federal agency that doesn’t impose regulations. Its focus is to act as an unbiased agency that provides scientific data and publishes best practices for a variety of things, including cybersecurity. The NIST Cybersecurity Framework was originally released in 2014 and continues to be updated since then.
As states look for ways to improve student data privacy laws and K-12 cybersecurity resilience, several are using the framework to guide new regulations and guidelines. As a district IT leader, it’s a good idea to familiarize yourself with the NIST cybersecurity framework to develop, audit, and strengthen your own cybersecurity infrastructure.
In 2013, Executive Order 13636 called for an effort to share cybersecurity threat insights, and to create a framework for reducing the risk to the nation’s critical systems. NIST was chosen to fulfill this Executive Order because of its reputation for establishing partnerships with private sector industries, educational institutions, and other government agencies to address critical national issues.
NIST conducted a process that included obtaining information from its partners to describe existing best practices for cybersecurity, to identify critical areas that weren’t included in existing best practices, and to develop plans for closing those gaps.
NIST reviewed the information they received and held framework workshops to encourage debate on a range of security issues. In July 2013, NIST published a preliminary Cybersecurity Framework that was widely discussed and NIST held additional workshops.
In February 2014, NIST released Version 1.0 of the Framework. The agency continues to encourage review by holding workshops to refine the Framework. NIST released Version 1.1 of the Framework in April 2018.
It’s no secret that K-12 school districts collect and store an extraordinary amount of sensitive data. That data ranges from personal information about students to data used to run the business side of a school district. Protecting this information is critical, and using a framework to plan and execute your district’s cybersecurity strategy can be helpful. A 2016 survey found that 95% of IT security professionals that use some kind of cybersecurity framework experience benefits including greater security operations effectiveness, improved compliance, and a greater ability to present security readiness information and issues to leadership.
K-12 districts are near the top of the list of organizations that cybercriminals attack. Districts reported a 62% increase in cyber incidents in 2019 compared to 2018, and a 256% increase in data breaches. It’s obvious that K-12 cybersecurity is a significant issue for district leaders.
The NIST Cybersecurity Framework offers many benefits to school districts in managing the cybersecurity threat because it:
The NIST Cybersecurity Framework identifies five steps you can take to avoid cyberattacks. Here’s a brief summary of each step.
Does your school district use G Suite, Office 365, or both? If so, keep in mind that perimeter-based cybersecurity tools, such as a next gen firewall, aren’t enough.
A variety of unique K-12 cloud risks increases a district’s vulnerability. And, the native security administration tools in G Suite and Office 365 make it difficult and time-consuming to configure settings, detect incidents, and find the information you need to respond. You can address those issues by including cloud security into your district’s cybersecurity framework.
No school district can afford to ignore the cybersecurity risks they face. Unchecked cybersecurity risks can disrupt schools and the district’s business operations. There’s also a real risk of financial repercussions, harming students and employees, and degrading student data privacy. A cybersecurity attack can cost the district money, time, frustration, and often a reduction in the community’s faith in the district’s ability to protect their children.
Using the NIST Cybersecurity Framework, whether required by state regulations or not, provides a great guide to strengthen your district’s defenses. Learn how you can implement a K-12 NIST Cybersecurity Framework in your district to better protect student, staff, and financial data.