California Military Department to Conduct School Safety Assessments
Under recently enacted California law, local education agencies and individual schools can ask the California Military Department (CMD) to conduct independent security assessments to eliminate cybersecurity vulnerabilities.
By law, schools and local education agencies must be under the jurisdiction of the CMD and pay for the assessment to be eligible.
Regarding the evaluation criteria, the military department and the school or individual educational agency will define the parameters of the evaluation.
Col. Darrin Bender, CMD’s director of government affairs, said the idea came from the agency’s previous experience with security assessments for state agencies.
Based on this earlier experience, Assembly Member Ed Chau D-Monterey Park sponsored the bill to allow the military department to do the same type of work with schools.
âLocal education agencies and school districts are starting to see higher threat levels of ransomware and a lot of bad behavior from cybercriminals,â Bender said. As a result, Chau drafted the bill with input from CMD.
The biggest question about the bill, he said, was “Can you do this, and to what extent or on what scale can you meet the new demand?” Bender’s response is, “We can certainly do that and design the assessments as we did for district-specific state agency assessments.” “
To provide a bit more context on this process, Col. Jim Parsons, CMD Cyber ââDefense Chief, said, âIn fact, we’ve done over 200 independent security assessments for the agencies. Some have been done twice for the same agency to see how the results have changed.
In some cases, Parsons said, vulnerabilities were reduced by 40 or 50 percent after performing the security assessments.
As for using this model in schools, the trick is to address the scope of the assessment before deciding what the department should work on.
âThe reach of a huge school district will, of course, be different from that of a smaller one,â Parsons said. “Remote technology in the classroom has come under a number of attacks and continues to develop.”
A second area to be examined is the state of school networks.
âI think one of the things is to inspect what you expect,â Parsons said. âKnowing the state of a school or educational agency’s network can pay huge dividends in seeing what their network looks like from an outside perspective. “
One of the challenges for the future may be to add the necessary staff members to the group overseeing these assessments.
âThese types of skills are so limited,â Parsons said. âThere are so many cyber experts ready to do this kind of work; scalability will also be an issue in 2021 if demand increases over the next few years. “
âThis concept is brand new; we haven’t done any educational evaluations yet. However, we look forward to working with schools and various educational organizations to protect them from cyber threats, âhe said.