K-12 Leadership Roles Around Cyber Security
The primary responsibility of a school district is the education of its students. But in order for the educational process to succeed, district leaders – Principals, Superintendents, School Boards or Committees – also have to deal with many other issues, including protecting personal safety and facility security.
From the time students get on a school bus or walk onto school grounds to the moment they leave school property, district leaders know they are legally, morally, professionally, and politically responsible for those children’s safety. Baring some totally unforeseeable act of nature there are simply no excuses for not implementing reasonable levels of preventative planning and action.
Similarly, district leaders know they are responsible for the security of their physical plant – both in order to protect the buildings and equipment the district uses and because an insecure facility opens the door for attacks on student safety. There is no question that school property must be protected from unauthorized use.
Cyberspace may be an invisible, virtual world. But like the school library, it is a place through which students pass and in which they do various kinds of work. Protecting individual safety and facility security is just as important in cyberspace as it is in the physical space of the school building. The same level of leadership concern, attention, and supervision is required to ensure safety and security in both physical and electronic locations.
Schools contain increasing amounts of sensitive data such as social security numbers, birth dates, home and email addresses, health records, grades, immigration status and passport numbers, and more. Increasingly, government reporting requirements and the need for more evidence-based decision-making are forcing schools to centralize this data in electronic formats. This makes the data more useful. It also makes the data more accessible, not always by the intended people for the intended reasons.
In one respect, cyberspace presents an even more serious level of potential legal liability than most school buildings. Unless a district takes adequate steps to enhance security, it is possible – and not uncommon – for criminal or anti-social groups to secretly take control of key components of a school’s technology infrastructure and use these facilities to launch disruptive and illegal attacks on others. It is as if a violent gang had set up headquarters in the school’s teacher lounge and was terrorizing the neighborhood.
Failure to protect a system’s cyber security can result in disruption of classroom and administrative functions, severe damage to individuals, loss of public support, and serious legal violations. Simply saying “we didn’t know” is not a good defense. Simply telling someone else to “take care of the situation” is not enough. It is the responsibility of leadership to know – and to act. Leaders need to become informed, mobilize the needed teams, push for appropriate testing and planning, secure the resources and supervise the implementation, and follow up to ensure that risk reduction efforts had the desired results.