{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Cybertraps Podcast","title":"Cybersecurity Grants for K-12 Schools Cybertraps LIVE 98","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/229af276\"></iframe>","width":"100%","height":180,"duration":2504,"description":"Show Notes The Problem The K–12 Cybersecurity Resource Center, tracked 408 cybersecurity incidents that hit K–12 institutions over the past year, an 18 percent increase from 2019 and an average of two cyberattacks per school day aimed at the nation’s education system. The most widespread cyber incidents were ransomware attacks, in which a hacker infiltrates a network and hold it for ransom, along with data breaches of student and staff personal data that included everything from bullying reports to Social Security numbers. Class invasions were also a significant trend, with these incidents involving a malicious actor gaining access to an online video conferencing system and disrupting it, often with inappropriate images or words. This trend was seen particularly at the beginning of the pandemic, and was used to interrupt classes on video conferencing platform Zoom in so many situations that the term “Zoombombing” was coined. News Items Passage of $1 Billion Department of Homeland Security cybersecurity grant program While the grants will technically be administered by the Federal Emergency Management Agency, which has long been DHS’s main grant-making unit, the Infrastructure Investment and Jobs Act calls on CISA to serve in an advisory capacity — work that Wales said has already started. The infrastructure law requires each state to develop a comprehensive cybersecurity plan to qualify for the grants, and about 80% of the total funds will eventually make their way to local jurisdictions. Wales told Clarke that leaves CISA with several questions to answer before the money begins flowing, which is expected in 2022. Goal is development of “common baseline” – That’s likely to include some cybersecurity steps that are commonly described as fundamental — multi-factor authentication, limiting the number of privileged user accounts on a government network, patching vulnerabilities as soon as they’re identified and running regular risk assessments. But those are...","thumbnail_url":"https://img.transistorcdn.com/-npbjlTwEpH5Ybi_ySNRhS-EfNqaI7Ep1svTppTGhLE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9zaG93/LzQxNTcyLzE2ODM5/MjY0NDktYXJ0d29y/ay5qcGc.webp","thumbnail_width":300,"thumbnail_height":300}