New ISAC for K–12 Schools Names National Director

A new information sharing and analysis center (ISAC) set up to help American school districts protect themselves against cyber-threats has named its first national director.

Heading up the Kindergarten Through Twelfth Grade Security Information Exchange, or K12 SIX, is president of consulting firm EdTech Strategies and the K–12 Cybersecurity Resource Center, Douglas Levin.

Levin is the founder of the K–12 Cybersecurity Resource Center and creator of the K–12 Cyber Incident Map, a visualization of cybersecurity-related incidents reported about US K–12 public schools and districts from 2016 to the present.

“I’ve been tracking the growth in attacks in this sector since 2016,” said Levin. “We’ve seen a marked increase over time, and a real spike since COVID-19. I’m glad to be joining an action-oriented organization that is working to proactively protect schools.”

K12 SIX was softly launched in October 2020 by the Global Resilience Foundation (GRF), a nonprofit subsidiary of the National Council of ISACs. It’s the first intelligence-sharing hub to be specifically created to meet the needs of local school districts in preventing and mitigating cyber-attacks.

Staff at K12 SIX are tasked with reviewing security incidents reported to them by schools. Their role is also to enrich and share actionable alerts based on intelligence provided by private security vendors, other sharing communities, and government sources.

The role of regional director at K12 SIX has been filled by Eric Lankford, former cyber-engineer with the Birdville Independent School District near Fort Worth, Texas.

Together, Levin and Lankford came up with the idea to create an ISAC for schools and approached the GRF with their proposal two years ago.

With no federal requirement for school districts to report data breaches, Levin believes that the Government Accountability Office (GAO) is not aware of the true extent of the problem. 

The GAO counted 99 school data breaches from July 2016 to May 2020 that compromised the personal information of thousands of students in kindergarten through high school. Levin counted 458 data breaches in school districts that impacted more than a million student records. 

While the GAO counted each cyber-attack as one incident regardless of how many school districts were affected, Levin counted each district’s data breach separately.

What’s Hot on Infosecurity Magazine?