The publication is reproduced in full below:
{time} 1600
K-12 CYBERSECURITY ACT OF 2021
Mr. THOMPSON of Mississippi. Madam Speaker, I move to suspend the rules and pass the bill (S. 1917) to establish a K-12 education cybersecurity initiative, and for other purposes.
The Clerk read the title of the bill.
The text of the bill is as follows:
S. 1917
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``K-12 Cybersecurity Act of 2021''.
SEC. 2. FINDINGS.
Congress finds the following:
(1) K-12 educational institutions across the United States are facing cyber attacks.
(2) Cyber attacks place the information systems of K-12 educational institutions at risk of possible disclosure of sensitive student and employee information, including--
(A) grades and information on scholastic development;
(B) medical records;
(C) family records; and
(D) personally identifiable information.
(3) Providing K-12 educational institutions with resources to aid cybersecurity efforts will help K-12 educational institutions prevent, detect, and respond to cyber events.
SEC. 3. K-12 EDUCATION CYBERSECURITY INITIATIVE.
(a) Definitions.--In this section:
(1) Cybersecurity risk.--The term ``cybersecurity risk'' has the meaning given the term in section 2209 of the Homeland Security Act of 2002 (6 U.S.C. 659).
(2) Director.--The term ``Director'' means the Director of Cybersecurity and Infrastructure Security.
(3) Information system.--The term ``information system'' has the meaning given the term in section 3502 of title 44, United States Code.
(4) K-12 educational institution.--The term ``K-12 educational institution'' means an elementary school or a secondary school, as those terms are defined in section 8101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 7801).
(b) Study.--
(1) In general.--Not later than 120 days after the date of enactment of this Act, the Director, in accordance with subsection (g)(1), shall conduct a study on the specific cybersecurity risks facing K-12 educational institutions that--
(A) analyzes how identified cybersecurity risks specifically impact K-12 educational institutions;
(B) includes an evaluation of the challenges K-12 educational institutions face in--
(i) securing--
(I) information systems owned, leased, or relied upon by K-12 educational institutions; and
(II) sensitive student and employee records; and
(ii) implementing cybersecurity protocols;
(C) identifies cybersecurity challenges relating to remote learning; and
(D) evaluates the most accessible ways to communicate cybersecurity recommendations and tools.
(2) Congressional briefing.--Not later than 120 days after the date of enactment of this Act, the Director shall provide a Congressional briefing on the study conducted under paragraph (1).
(c) Cybersecurity Recommendations.--Not later than 60 days after the completion of the study required under subsection
(b)(1), the Director, in accordance with subsection (g)(1), shall develop recommendations that include cybersecurity guidelines designed to assist K-12 educational institutions in facing the cybersecurity risks described in subsection
(b)(1), using the findings of the study.
(d) Online Training Toolkit.--Not later than 120 days after the completion of the development of the recommendations required under subsection (c), the Director shall develop an online training toolkit designed for officials at K-12 educational institutions to--
(1) educate the officials about the cybersecurity recommendations developed under subsection (c); and
(2) provide strategies for the officials to implement the recommendations developed under subsection (c).
(e) Public Availability.--The Director shall make available on the website of the Department of Homeland Security with other information relating to school safety the following:
(1) The findings of the study conducted under subsection
(b)(1).
(2) The cybersecurity recommendations developed under subsection (c).
(3) The online training toolkit developed under subsection
(d).
(f) Voluntary Use.--The use of the cybersecurity recommendations developed under (c) by K-12 educational institutions shall be voluntary.
(g) Consultation.--
(1) In general.--In the course of the conduction of the study required under subsection (b)(1) and the development of the recommendations required under subsection (c), the Director shall consult with individuals and entities focused on cybersecurity and education, as appropriate, including--
(A) teachers;
(B) school administrators;
(C) Federal agencies;
(D) non-Federal cybersecurity entities with experience in education issues; and
(E) private sector organizations.
(2) Inapplicability of faca.--The Federal Advisory Committee Act (5 U.S.C App.) shall not apply to any consultation under paragraph (1).
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from Mississippi (Mr. Thompson) and the gentleman from Mississippi (Mr. Guest) each will control 20 minutes.
The Chair recognizes the gentleman from Mississippi (Mr. Thompson).
General Leave
Mr. THOMPSON of Mississippi. Madam Speaker, I ask unanimous consent that all Members have 5 legislative days to revise and extend their remarks and to include extraneous material on this measure.
The SPEAKER pro tempore. Is there objection to the request of the gentleman from Mississippi?
There was no objection.
Mr. THOMPSON of Mississippi. Madam Speaker, I yield myself such time as I may consume.
Madam Speaker, in the past few weeks, millions of students have returned to school across the country. The range of public health, safety, and security risks that schools face today is truly astounding.
In recent years, schools have increasingly been subjected to ransomware attacks where cybercriminals lock networks and demand ransom payments, sometimes while threatening to release sensitive information, including students' personal data.
According to the K-12 Cybersecurity Resource Center, in 2020 alone, there were over 480 publicly disclosed cyber incidents at schools in the United States, an 18 percent increase over the previous year.
Notably, the rate of such incidents increased in the second half of last year as COVID-19 forced schools to shift to virtual learning, creating new risks, such as the disruption of online classes and online school meetings.
The impacts of ransomware attacks on schools have included the cancellation of classes, the release of sensitive information, like the name of a 9-year-old student being evaluated for a disability, and costs as high as $7.7 million for Baltimore County schools to respond to and recover from a November 2020 attack.
With many schools still operating under virtual or hybrid conditions because of the ongoing COVID-19 pandemic, the vulnerabilities to such cyberattacks are even greater.
In December, the FBI Cybersecurity and Infrastructure Security Agency, or CISA, and the Multi-State Information Sharing and Analysis Center released a joint cybersecurity advisory to alert schools to the increase in cyber threats and provide best practices on how to reduce the risk of such incidents.
To further assist K-12 schools, we must do more to help schools guard against cyber threats.
S. 1917, the K-12 Cybersecurity Act, introduced by Senator Gary Peters from Michigan, requires CISA to conduct a study of the cybersecurity risks facing K-12 educational institutions and develop recommendations based on that study.
By developing an online training tool kit for schools, and making the study and recommendations publicly available, CISA will be able to provide schools with targeted information to better protect their networks and reduce their cybersecurity risk.
An identical version of this legislation was introduced in the House by the gentleman from Rhode Island (Mr. Langevin) and cosponsored by Representatives Matsui, Slotkin, Garbarino, and Clyde. The House measure was reported favorably by the Homeland Security Committee by voice vote in July.
Passing S. 1917 today would send this bill to the President for signature, allowing CISA to begin this important work to better secure our schools.
Mr. Speaker, I urge my colleagues to support this legislation, and I reserve the balance of my time.
Mr. GUEST. Mr. Speaker, I yield myself such time as I may consume.
I rise today in support of S. 1917, the K-12 Cybersecurity Act of 2021.
Schools around our country are increasingly the target of malicious cyber actors and have recently been targeted with a deluge of ransomware attacks.
This legislation introduced by Chairman Peters and passed by the Senate mirrors the House version spearheaded by Representatives Langevin, Garbarino, and Matsui.
This bill requires CISA to conduct a study to develop recommendations and provide resources regarding specific cybersecurity risks facing K-
12 educational institutions. Importantly, it requires CISA to do so in consultation with teachers, schools, administrators, Federal agencies, nine Federal cybersecurity entities, and other private-sector organizations.
In doing so, the study required by this bill would help the Federal Government better support schools in defending against cyber threats.
I urge Members to join me in supporting S. 1917, and I reserve the balance of my time.
Mr. THOMPSON of Mississippi. Mr. Speaker, while we are in the process of getting the sponsor of this legislation prepared to give his comments, let me say that we all have been involved in making sure that our schools are as safe as possible. Clearly, this legislation, as offered by Senator Peters and Representative Langevin and others, is integral to making sure that our schools are kept as safe as possible from cyberattacks.
Mr. Speaker, I yield 3 minutes to the gentleman from Rhode Island
(Mr. Langevin), the sponsor of the House version of this bill.
Mr. LANGEVIN. Mr. Speaker, I thank the gentleman for yielding, and I commend the chairman for his strong leadership on cybersecurity issues and in support of this act before us today.
This bill, the House companion of which I sponsored with Representatives Matsui, Katko, and Garbarino, would help address a serious issue that has not received the attention it deserves: the cyber threats targeting our Nation's schools.
The education of our children is clearly a critical function, yet the increasing frequency and severity of cyber threats targeting K-12 schools have jeopardized the education of students across America.
In the past 4 years, more than 1,000 educational organizations across the country have fallen victim to cybercriminals. More than 400 incidents have occurred in the past year alone. What is more, an increasing proportion of these incidents are ransomware attacks that are particularly debilitating to the operation of our schools.
Our students and educators have experienced more than enough disruption in the past year and a half. We cannot afford to let this issue continue to go unaddressed.
Many of our schools do not have the resources to counter the cyber threats that we face. Without assistance, this problem will continue to get worse, jeopardizing our students' privacy and ability to learn.
Fortunately, this Congress has already demonstrated a recognition of the government's need to provide cybersecurity assistance to entities that perform essential functions yet live below the cybersecurity poverty line, unable to defend themselves against the myriad threats they face.
It is why we took steps to invest $50 million in support for State and local government entities as part of the forthcoming reconciliation bill.
It is also why I fought to increase the budget of the Cybersecurity and Infrastructure Security Agency by more than $400 million earlier this year. I thank Chairwoman Roybal-Allard for her leadership, and I thank her team and the members of the Appropriations Committee, along with Chairman Thompson and his team and the members of the Homeland Security Committee.
It should also be the reason that we pass the K-12 Cybersecurity Act into law without delay.
This bill would direct the Cybersecurity and Infrastructure Security Agency to study the cybersecurity risks facing our elementary schools and secondary schools.
With a detailed understanding of the specific cybersecurity challenges facing our schools, including challenges raised by remote learning, CISA would then be required to develop cybersecurity recommendations and online training tools for educational officials at K-12 institutions. Our educators and administrators would be equipped with the knowledge they need to better defend themselves against cyber threats and keep our schools safe for our students.
Mr. Speaker, I thank Representative Matsui for her tireless attention to this issue and Representatives Garbarino, Slotkin, and Clyde for joining us in advancing this legislation. I recognize the efforts of my colleagues in the Senate, Senator Peters and Senator Scott, who deftly shepherded this bill through their Chamber. Finally, I recognize my good friend, Chairman Bennie Thompson, for ensuring this bill received the consideration it deserves.
Mr. Speaker, I urge my colleagues to support this important legislation.
Mr. GUEST. Mr. Speaker, I urge all Members to support this bill, and I yield back the balance of my time.
Mr. THOMPSON of Mississippi. Mr. Speaker, I yield myself the balance of my time.
With sophisticated cybercriminals operating overseas launching ransomware attacks on our schools, it is essential that the Federal Government step up efforts to support the cybersecurity of our schools.
Without more assistance, many of our Nation's school districts will continue to be vulnerable, as many lack the cyber expertise to defend against these incidents.
Enactment of the K-12 Cybersecurity Act would enhance the technical support provided by CISA to schools to help better protect school IT networks.
Mr. Speaker, I urge my colleagues to support S. 1917, and I yield back the balance of my time.
The SPEAKER pro tempore (Mr. Cuellar). The question is on the motion offered by the gentleman from Mississippi (Mr. Thompson) that the House suspend the rules and pass the bill, S. 1917.
The question was taken; and (two-thirds being in the affirmative) the rules were suspended and the bill was passed.
A motion to reconsider was laid on the table.
____________________
SOURCE: Congressional Record Vol. 167, No. 170
The Congressional Record is a unique source of public documentation. It started in 1873, documenting nearly all the major and minor policies being discussed and debated.
House Representatives' salaries are historically higher than the median US income.
Alerts Sign-up