Appendix F - Cybersecurity Statement
Just like we have over the past 30 years, KDE will continue to promote, recommend, and potentially require tools and processes to be put in place as needed to protect, as much as possible, students, staff, and our K-12 learning environment. We pursue this path with the intent of preserving and safeguarding the quality of learning experiences and educational opportunities. These elements, which encourage universally available access to high-quality resources and information, are crucial in bridging educational gaps and improving the learning process as a whole. The coming years will require us to be vigilant, flexible, and forward-thinking to ensure that we minimize risk while at the same time not over-emphasizing security to the point that it endangers learning.
School districts and state departments of education across the nation, including in Kentucky, continue to face ever-increasing cybersecurity threats. K-12 Education has been heavily targeted by cybercriminals ranging in size and sophistication from single individuals to nations/states. Evidence shows that attacks are coming from nearly every nation including the U.S.A. where bad actors, with malicious intent, have exercised the ability to purchase, for a few dollars, sophisticated attacks aimed against our schools and districts. In fact, the number of unauthorized connection attempts against Kentucky K-12 networks that are blocked annually by statewide security services has increased from 4 billion annual attempts to over 76 billion attempts.
The chart below was provided to us by Microsoft. Based on their data from May of 2023, it clearly shows that education is the leading target for malware and ransomware attacks by a wide, wide margin. While these data represent a snapshot, it is a picture that has looked the same for several years and there's no evidence it will change or that the attacks will lessen. In the face of such attacks, it makes sense that Kentucky's schools and districts would respond by placing a priority on cyber-defenses.
Figure F1. A report detailing the most affected industries in terms of cybersecurity attacks . [Source]
Today’s Master Plan for Technology recognizes the need for adequate and appropriate cybersecurity as well as how cybersecurity is not a separate requirement to be implemented on its own but rather integrated with the educational process.
Contents - Appendix E < Appendix F > Appendix G