The 2025 Cybersecurity Awareness Month series will cover four key topics:

• Get to Know K12 SIX: Core Benefits of Membership (10/7): Join K12 SIX National Director Doug Levin alongside a panel of K12 SIX members as he provides an overview of the organization and the essential benefits that come with membership. Learn how joining the nonprofit exchange can equip your school community with the resources it needs to navigate the complex world of K-12 cybersecurity. This is also your first chance to get an early look at what’s in store for the 2026 National K-12 Cybersecurity Leadership Conference, and to learn how you can participate!

• Cybersecurity Education for K-12: Putting CISA’s Guidance into Action (10/14): Peter Kaplan, Director SLED Capture at Fortinet, and Al Nasturzio, Director of Training & Education Partners at Fortinet, will discuss how to implement the latest guidance from the Cybersecurity and Infrastructure Security Agency (CISA) into a practical and effective cybersecurity education program for your district.

• Pressure Building: Why All Districts Need a Solid Foundational Cybersecurity Program (10/21): This session from Identity Automation, featuring Cybersecurity Advisor Dr. Tim Tillman and Market Development Specialist Jack Welling, will highlight the increasing pressures faced by school systems and the critical importance of building a strong, foundational cybersecurity program to protect sensitive student and staff data.

• Passwords Must Go: The Future of Authentication in K-12 (10/28) Join Sriram Seshadri, Head of Security at Clever, and Mark Racine, former CIO of Boston Public Schools as they explore modern authentication methods and why moving beyond traditional passwords is the next step in securing K-12 systems.

  
  K-12 cybersecurity awareness month webinars are free and open to the public. Registration is required individually for each webinar. Click this link to learn more.

K12 SIX comments recommended that the Secretary consider adding an additional category of allowable projects and proposals under this proposed priority. Specifically, we believe the education sector could benefit from federal funding of efforts to enhance cybersecurity with AI, for AI, and from AI.

K12 SIX comments can be read here. Many other submissions are posted online at: https://www.regulations.gov/docket/ED-2025-OS-0118/comments

The National K-12 Cybersecurity Leadership Conference is a unique event designed to identify and share solutions and best practices to better defend the K-12 education sector from emerging cybersecurity threats, such as ransomware and data breaches. Participants from past conferences - 2023 (Austin), 2024 (Savannah), 2025 (San Diego) - report overwhelmingly positive feedback about the event:

"“So many of us are starving for K-12 cyber resources, and putting so many of us in the same room was one of the best events I’ve been a part of.”

“I just wanted to reach out to say thank you again for an amazing conference. My team and I all agreed that was by far one of our best conferences any of us have ever attended.”

“I encountered a group of individuals who were exceptionally friendly, helpful, and willing to share both their successes and challenges. Every table I joined was occupied by engaging professionals from across the US, setting aside politics and geography to discuss the common goal of cyber resilience. Despite the abundance of acronyms and technical jargon in our sector, I was reminded of our core mission: not to protect ‘data’ but to protect the safety of the children and colleagues we serve.”

“Grateful for the chance to share, learn, and collaborate with the best in K-12 cybersecurity. Looking forward to keeping the momentum going!”

This popular event has sold out in prior years so interested participants are encouraged to act fast to secure their seat.

Steering Committee members are drawn from across the U.S. and represent every category of K12 SIX membership: public and private K-12 organizations, school districts ranging in size from 2,200 to over 100,000 students, and regional and state education agencies. Members include:

• Diane Carnohan, Chief Information Security Officer, Virginia (VA) Department of Education

• Tony Dotts, Information Security Manager, Community High School District 99 (IL)

• Shawn Driscoll, Security Administrator, Park Hill School District (MO)

• Lisa Helme, Education Programs Division Director, Vermont (VT) Agency of Education

• Andy Lombardo, Director of Technology, Maryville City (TN) Schools

• April Mardock, Chief Information Security Officer, Washington (WA) School Information Processing Cooperative

• Tommy Pigeon, Director of Cybersecurity, Dallas (TX) Independent School District

• Laura Pollak, Supervisor, NASTECH, DPSS and Student Information Systems; Data Protection Officer, Nassau BOCES/RIC (NY)

• Dave Robinson, Chief Information Officer, Baylor School (TN)

• Michael Sujka, Director of Technology, Westerly (RI) Public Schools

• Richard Thomas, Director of Cybersecurity, Linn Benton Lincoln ESD (OR)

• Jon Walker, Director of Information Security & Systems Architecture, St. Vrain Valley School District (CO)

“As we enter the 2025-26 school year, K12 SIX’s Steering Committee will play a vital role in addressing the cybersecurity challenges facing school systems nationwide. Their leadership will chart the future direction of K12 SIX programs, ensure members’ evolving cybersecurity needs are met, and help guide the growth and resilience of the sector,” said Doug Levin, K12 SIX director.

“Cybersecurity in K-12 is just too big and too underfunded for any one district to handle on its own,” said Steering Committee member Richard Thomas. “What makes K12 SIX so valuable is that it gives us a way to come together—sharing knowledge, support, and threat intelligence so we can all do a better job protecting our schools.”

Steering Committee member Jon Walker added: “Within just a few months of joining, our district received actionable intelligence that directly helped us prevent a potential cyber incident. If you’re responsible for protecting a learning environment, joining K12 SIX isn’t optional, it’s essential."

Purpose-built for the K-12 community—and focused exclusively on the unique context in which schools operate—K12 SIX analysts work in collaboration with members to leverage dozens of private and public data sources and analytic tools to:

• Provide early warnings of K-12 specific cyber threats

• Monitor the security of edtech vendors upon which school systems rely

• Identify evolving trends in K-12 cyber attacks and policy affecting K-12 cyber readiness

• Provide K-12 specific cybersecurity guidance and share best practices

K12 SIX also serves as the host of the National K-12 Cybersecurity Leadership Conference, the premier professional development and networking event for K-12 IT and cybersecurity professionals. The fourth annual conference will be held in February 2026 in Albuquerque, New Mexico.

Information about membership eligibility and benefits is available here. Membership and/or sponsorship inquires can be directed here. Working together, we can increase the resilience of the K-12 education sector against ransomware attacks, student data breaches, and sophisticated phishing scams.

Key features of the Essential Protections series:

• Communicates plain language descriptions of recommended cybersecurity controls and tips to know whether they have been successfully implemented

• Offers detailed guidance on implementation expectations, with detailed rubrics to assist with continuous improvement

• Provides insights into both the implementation costs (money and time) and impact on end users of recommendations

• Includes a free, private self-assessment that generates customized advice to prioritize cybersecurity control implementation

• Aligned to national cybersecurity frameworks, such as those published by Center for Internet Security, Cybersecurity and Infrastructure Security Agency (CISA), and National Institute of Standards and Technology (NIST).

• Updated annually for each new school year.

Feedback is being sought through June 6, 2025 for this year and can be provided via this form.

Your input into the next iteration of the Essential Protections is key to ensuring the ongoing relevance and usefulness of the work. Should you have any other questions or input, please direct it to info@k12six.org.

The Data Breach Investigations Report (DBIR) focuses on the analysis of anonymized cybersecurity incident data that Verizon collects every year from almost a hundred data contributors. Those data points are normalized using the Vocabulary for Event Recording and Incident Sharing (VERIS) framework, which provides a foundation for statistical analysis of this type of data.

For more information and to access the report, visit: https://www.verizon.com/business/resources/reports/dbir/

What happened?

Read:

• Abrams, Lawrence. “PowerSchool hack exposes student, teacher data from K-12 districts” Bleeping Computer. 7 January 2025.

• Doe, Dissent (pseudonym). “PowerSchool discloses breach affecting hosted and self-hosted school k-12 districts.” DataBeaches.net. 8 January 2025.

• Merod, Anna. “PowerSchool data breach possibly exposed student, staff data.” Cybersecurity Dive. 10 January 2025.

PowerSchool has reportedly hired the cybersecurity firm CrowdStrike to conduct a forensic analysis with additional details. PowerSchool has promised to share this report with customers.

How did it happen?

While PowerSchool has claimed a strong cybersecurity culture, it had a failure of cybersecurity controls and was victimized by an as-of-yet unnamed malicious threat actor.

What should PowerSchool SIS customers do?

Read:

• Vesco, Brandi. “How Districts Can Face Fallout from PowerSchool SIS Breach.” Government Technology. 10 January 2025.

• Lazzarotti, Joseph L. “FAQs for Schools and Persons Affected By the PowerSchool Data Breach.” JacksonLewis. 11 January 2025.

Affected customers saw both student and teacher tables exfiltrated. Self-hosted customers should be prepared to install forthcoming security patches. All customers should review logs (customer-developed, unofficial guidance) and make notifications to school community members and state officials, as appropriate. Post-incident it is vital that school systems re-evaluate their third-party cyber risk management practices, pre- and post-procurement, as well as consider establishing or re-evaluating data minimization practices. (Both of these practices are among those that K12 SIX recommends.) Finally, current and former school community members should be on guard for potential phishing/social engineering attempts using this incident as pretext.

What should customers of other PowerSchool products do?

Based on available information, there is no reason to believe that any other PowerSchool product was impacted as part of this incident. Going forward, it is vital that school systems re-evaluate their third-party cyber risk management practices, pre- and post-procurement, for all vendors.

What should current and former school staff, parents, and students do?

Read:

• Zimmermann, Ale. “How to protect your child's identity amid PowerSchool data breach.” NBC Boston. 9 January 2025.

• Doe, Dissent (pseudonym). “PowerSchool Incident: A few resources for teachers, parents, and former students“. DataBreaches.net. 10 January 2025.

• Yee, Alaina. “PowerSchool hackers have your kid’s info. These 3 steps will protect them.” PCWorld. 20 January 2025.

Current and former school community members should be on guard for potential phishing/social engineering attempts using this incident as pretext.

Select TV news reports:

For further reading:

• What K-12 Leaders Need to Know - a short list of actionable cybersecurity defenses that all school districts should prioritize for implementation

• Implementation Rubrics – defines implementation standards for each of the K12 SIX recommended defenses

• District Self-Assessment Tool - helps K-12 leaders prioritize time and resources in communicating about and addressing the cybersecurity risks facing their school community and kickstarting their cybersecurity plans

Developed by K-12 IT practitioners, for K-12 IT practitioners—and aligned to cybersecurity risk management best practices—the K12 SIX Essentials series establishes baseline cybersecurity standards for U.S. school systems and provides guidance and tools to support their implementation. K12 SIX-recommended practices are designed to defend against the most common cyber threats facing school districts, including those identified by K12 SIX, the Federal Bureau of Investigation (FBI), the Cybersecurity & Infrastructure Security Agency (CISA), the U.S. Department of Education (ED), and school insurance carriers.

The 2024-25 School Year updates represent a refinement and enhancement to last year’s edition. While we retain our high-level recommendations (14 controls in 5 categories), numerous updates have been made to implementation guidance to reflect the evolving K-12 cybersecurity threat environment. In addition, alignments to both the NIST Cybersecurity Framework and the CIS Critical Security Controls have been updated to reflect their continued evolution.

Join us on October 22, 2024 at 1 pm ET for a webinar (“Protect Your Schools & Students: The K12 SIX Essential Cybersecurity Protections”) to preview the updates to the series and understand how school systems nationwide are putting them to use.

K-12 cybersecurity webinars will be held each Tuesday at 1pm ET during October, beginning on October 8:

• Strengthening K-12 Cybersecurity Through an Identity-First Approach (10/8): Featuring Raj Kapur, Executive Director of Information Technology for Orange County Public Schools (OCPS), and Michael Webb, CTO of Identity Automation

• Optimizing K-12 Security: Measure, Learn, Certify (10/15): Featuring Tom Ashley, Education Strategist, CDW

• Protect Your Schools & Students: The K12 SIX Essential Cybersecurity Protections (10/22): Featuring Brad Hagg, Director of Educational Technology, Indiana Department of Education, John LaPlante, President, Vinson, April Mardock, CISO, Seattle Public Schools, Michael Potter, IT Security Analyst, Northwest Regional Education Service District, and Doug Levin, Director, K12 SIX

• Safeguarding Students' Digital Identities in Today’s Tech-Driven Education (10/29): Featuring Mohit Gupta, Director of Product, Clever, Mark Racine, former CIO, Boston Public Schools, and Chad Meyer, Director of Technology, Milwaukee Public Schools

K-12 cybersecurity webinars are free and open to the public. Registration is required individually for each webinar. To register and learn more: https://www.k12six.org/webinars

“Cyber incidents affecting U.S. K-12 school systems have been growing both more frequent and severe,” said Doug Levin, K12 SIX Director. “Just as school systems defend against and prepare for other operational disruptions, it is imperative that they assess their cybersecurity posture and put in place a plan to address weaknesses and deficiencies. Joining a K-12 specific cyber threat intelligence community such as K12 SIX should be on the roadmap for every K-12 organization that relies on technology for its operations.”

Eligible services and equipment include solutions in the following categories: Advanced/Next Generation Firewalls; Endpoint Protection; Identity Protection and Authentication; and Monitoring, Detection, and Response. Nonetheless, the FCC clarifies that named categories and services should be considered ‘non-exhaustive’ and that the Pilot Program will permit applicants to select from a wide variety of cybersecurity services and equipment ‘to best meet their needs’ (albeit with some narrow exceptions).

Given the current cybersecurity posture of the K-12 sector—including the scarcity of K-12 IT staff with cybersecurity experience —such an open-ended pilot program may feel like both a blessing and a curse. Which eligible services would make the most impact? What time and expertise are required from K-12 staff to successfully implement any given solution? What will come of cybersecurity investments after the conclusion of the pilot program?

To that end, K12 SIX members collaborated to identify and assess a wide array of potentially eligible commercial cybersecurity activities and solutions that may significantly reduce cybersecurity risks commonly facing school systems. While school districts are strongly encouraged to conduct an independent, vendor-neutral self-assessment—such as the K12 SIX Cybersecurity District Self-Assessment Tool—to inform the most appropriate next steps in uplifting their cybersecurity program, K12 SIX recommendations are designed to spur ideas about how school systems of varying cybersecurity maturities and capacity can take best advantage of this pilot funding opportunity.

The guidance, FCC Schools and Libraries Cybersecurity Pilot Program: Advice for K-12 Applicants on Maximizing the Impact, is available for download here.

The 2025 National K-12 Cybersecurity Leadership Conference is a unique event designed to identify and share solutions and best practices to better defend the K-12 education sector from emerging cybersecurity threats, such as ransomware and data breaches. Participants from past conferences - 2023 (Austin), 2024 (Savannah) - report overwhelmingly positive feedback about the event:

"Each session was highly informative, and directly offered help for daily challenges in cybersecurity. Most conferences I attend, the sessions are presented by vendors and meant to sell a solution. These sessions were vendor agnostic and offered real help and advice."

"The keynote speakers were amazing, sessions were relevant and informative, and the time to talk to colleagues from around the country was invaluable."

“Each session that I attended was very informative, whether it be seeing how a school in a different state approached obstacles or incidents, or state agencies with helpful hints."

"The most beneficial part of the conference was networking with the U.S. Department of Education, CISA, and other educational institutions, as well as vendors. As a newcomer to cyber, the presentations selected appeared to meet multiple experience levels, and allowed me to learn more and provided takeaways for continued education. "

This popular event has sold out in prior years so interested participants are encouraged to act fast to secure their seat.

When K-12 user accounts are compromised, it takes more than a password reset to ensure the ongoing security and privacy of your school system’s data and IT systems. Developed by K-12 IT practitioners for K-12 practitioners, this checklist and accompanying guidance can help direct your response.

In responding to a reasonable belief of an account compromise, K12 SIX advises IT staff to:

• Act with Urgency: Time is of the essence to minimize the impact of a compromised account.

• Document Your Work: Thoroughly document every step and evidence found for analysis and possible legal action.

• Preserve Evidence: Avoid unnecessary changes that might taint evidence, especially if legal action seems likely. Consult experts if needed.

• Follow Best Practices: Recognizing that some steps may change based on your license or configuration.

To learn more and access this new guidance, visit https://www.k12six.org/essentials-series.

K12 SIX serves as the national non-profit information sharing and analysis center for the K-12 education facilities critical infrastructure subsector. Launched in late 2020 as a subsidiary of the Global Resilience Federation, K12 SIX members include public and private school systems of all sizes, regional education agencies (ESAs), and state departments of education (SEAs). Collectively, the K12 SIX membership serves millions of students from coast to coast. In addition to multi-directional information sharing, K12 SIX develops school specific best practices and guidance, provides professional development to K-12 IT leaders, and advocates for the cybersecurity needs of the sector.

In short, K12 SIX is supportive of the aims of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and views the proposed regulations as enabling foundational information infrastructure for national civil cyber defense.

A lack of actionable and timely information on K-12 cyber incidents has made it exceedingly difficult for federal and state policymakers to ascertain trends in the scope and severity of the cybersecurity challenge, has hindered law enforcement effectiveness, and put school community members—including students, families, and educators—at avoidable risk of identity theft and credit/tax fraud. Moreover, it has allowed overseas threat actors to systematically exploit vulnerabilities in commonly implemented technologies found in U.S. public school systems to deploy ransomware and extort millions of taxpayer dollars from victims.

In submitted comments, K12 SIX offered feedback on issues with CIRCIA implementation specific to the K-12 education facilities critical infrastructure subsector. Other interested parties may submit comments on the CIRCIA NPRM through July 3, 2024 by following directions here.

Key features of the Essential Protections series:

• Communicates plain language descriptions of recommended cybersecurity controls and tips to know whether they have been successfully implemented

• Offers detailed guidance on implementation expectations, with detailed rubrics to assist with continuous improvement

• Provides insights into both the implementation costs (money and time) and impact on end users of recommendations

• Includes a free, private self-assessment that generates customized advice to prioritize cybersecurity control implementation

• Aligned to national cybersecurity frameworks, such as those published by the Center for Internet Security, the Cybersecurity and Infrastructure Security Agency, and the National Institute of Standards and Technology.

• Updated annually for the new school year.

Feedback is being sought through May 31, 2024 for this year and can be provided via this form.

Your input into the next iteration of the Essential Protections is key to ensuring the ongoing relevance and usefulness of the work. Should you have any other questions or input, please direct it to info@k12six.org.

K12 Security Information eXchange (K12 SIX) and representatives of its membership are pleased to sit alongside other key stakeholder organizations on the GCC, such as AASA, Association of Educational Service Agencies, Consortium for School Networking, Council of Administrators of Special Education, Council of Chief State School Officers, Council of Great City Schools, National Association of Elementary School Principals, National Association of Secondary School Principals, National Association of State CIOs, National Rural Education Association, National School Boards Association, and State Educational Technology Directors Association.

Following the kickoff meeting, K12 SIX Director Doug Levin applauded the Administration’s commitment to addressing the emerging cybersecurity needs of the K-12 sector, “Cybersecurity incidents experienced by school systems nationwide have demonstrated that the K-12 sector both needs and deserves support specifically tailored to its unique context. We applaud the U.S. Department of Education for fulfilling its commitment—in partnership with CISA—to launching the Education Facilities Subsector GCC and strengthening collaboration among and between members of the K-12 community and the Federal government. K12 SIX looks forward to working alongside GCC stakeholders to increase the cybersecurity resilience of the nation’s school systems.”

Malwarebytes, a global provider of real-time cyber protection, offers ThreatDown solutions that combine award-winning endpoint security, threat surface reduction and 24/7 managed services to support K-12 districts and schools defending against today’s modern threats. Purpose-built to be easy to use for K-12, ThreatDown solutions can take down cybersecurity threats, complexity, and costs.

“We’re pleased to have partners like ThreatDown working with us to strengthen threat awareness and information sharing among members from the U.S. K-12 community,” said K12 SIX National Director Doug Levin. “The education sector faces significant threats from malicious actors seeking to steal student and educator data or hold it for ransom. It is only through a concerted and collaborative effort that we will be able to stem the tide of K-12 cyberattacks.”

###

About K12 SIX

The K12 Security Information eXchange (K12 SIX) is a cyber threat information sharing community dedicated solely to the needs of U.S. primary and secondary education organizations. This non-profit member community is a cost-effective forum for crowdsourcing security information among a vetted, trusted group of professionals with a common interest, using common technology and with supporting, independent analysis from the K12 SIX security staff. K12 SIX is a member of the Global Resilience Federation multisector network of information sharing communities. Visit www.k12six.org to learn more. Contact us for membership information/media inquiries.

1.  The proposed pilot program will be successful only to the degree it builds upon foundational K-12 cybersecurity risk management practices designed to address systemic challenges facing the sector. 

2.  The goals of the proposed pilot program must recognize the unique context in which it will operate and—in close consultation with the U.S. Department of Education and the Cybersecurity and Infrastructure Security Agency (CISA)—support comprehensive long-term improvements.

3.  The  proposed pilot program is too small and too slow to make a difference given the scope of challenges facing the K-12 sector. 

Members of the public are encouraged to read and view all comments about the proposed program at the FCC's website by accessing their ECFS (electronic comment filing system) and searching for proceeding "23-234" https://www.fcc.gov/ecfs/search/search-filings/results?q=(proceedings.name:(%2223-234%22)) That same system can also be used to submit a new comment (by January 29, 2024) or reply to comments made by others (by February 27, 2024).

Developed by K-12 IT practitioners, for K-12 IT practitioners—and aligned to cybersecurity risk management best practices—the K12 SIX Essential Cybersecurity Protections series establishes baseline cybersecurity standards for U.S. school districts and provides guidance and tools to support their implementation. The series includes:

• K12 SIX Essential Cybersecurity Protections for the 2023-2024 School Year: What K-12 Leaders Need to Know- communicates a short list of actionable cybersecurity protections that all school districts should prioritize for implementation

• K12 SIX Essential Cybersecurity Protections for the 2023-2024 School Year: Implementation Standards- defines implementation standards for each of the K12 SIX recommended protections

• K12 SIX Cybersecurity District Self-Assessment Tool for the 2023-2024 School Year-  helps K-12 leaders prioritize time and resources in addressing the cybersecurity risks facing their school community

While there is no shortage of general cybersecurity guidance available from government and private organizations, K-12 education leaders face unique context and constraints when implementing cybersecurity defenses in a school setting.

“What may be essential to a Fortune 500 company may not be as essential to a school district outside Chicago, and vice versa. The K12 SIX Essential Cybersecurity Protections were designed by K-12, for K-12,” said Tony Dotts, Information Security Manager at Community High School District 99 in Illinois.

David Mendez, Information Security Manager at Region 10 Education Service Center in Texas added, “It can be daunting and a bit overwhelming to navigate the labyrinth of cybersecurity frameworks, guidelines, and best practices, especially in K12! However, the K12 SIX Essential Cybersecurity Protections, with its simplicity, clarity, and actionable guidelines, provides a robust starting point toward bolstering the resilience of our school districts' ever evolving cyber risks."

K12 SIX-recommended practices are designed to defend against the most common cyber threats facing schools, including those identified by K12 SIX, the Federal Bureau of Investigation, the Cybersecurity & Infrastructure Security Agency, and school insurance carriers. Careful consideration has been made to emphasize protective measures that can be reasonably and cost-effectively implemented in most typical school settings.

Speaking of her involvement in the development of these new resources, Dellea Underwood, Assistant Director of Technology for Frederick County Public Schools in Virginia shared, “It has been a privilege to collaborate with K-12 school systems of varying sizes across the country on a project that can benefit all other school districts! Together, by sharing our stories we can build a stronger future for all K-12s!”

Learn more and download the new guidance for free at https://www.k12six.org/essentials-series.

Developed by SETDA’s Cybersecurity & Privacy Collaborative, this resource is designed to identify essential resources, assess state-level K-12 cybersecurity advocacy initiatives, and craft policy recommendations to enhance cybersecurity readiness within these districts. The publication offers details on how state agencies and other support organizations are empowering their smallest districts to secure their data and networks. From detailing various funding sources to providing insights into statewide and regional partnerships and offering practical examples of cybersecurity training, the document is a must-read for everyone involved in helping districts improve their cybersecurity posture.