WASHINGTON — Virginia school systems may not have the resources to protect the personal data of students and teachers against cyber threats.
At a meeting of the Virginia Cyber Security Commission in Arlington on Wednesday, Paul Kurtz, chairman of the Infrastructure and Commonwealth Network Protection Work Group, said the problem appears to be spread across the commonwealth, but that it seems to be a more significant issue in smaller school systems.
“It’s a big issue up here in Northern Virginia, but when you go into local school districts [elsewhere in the state], it’s pretty much wide open,” Kurtz says. He is the former senior director for critical infrastructure protection on the White House Homeland Security Council, and is currently the chief strategy officer at CyberPoint.
“We had very interesting discussions in our work group meeting last week about how schools, really across the state, don’t have the assets to protect [cyber infrastructure],” Kurtz says.
He says the issue becomes even more important as more students use technology in the classroom, creating more data that must be secured.
In addition to recommendations for school systems, the commission also plans to address protection of the commonwealth’s own networks and data storage.
Commission Co-Chairman Richard A. Clarke, a former White House security and counterterror expert, asked the commission to be sure that recommendations to Gov. Terry McAuliffe are concrete, so that they can be easily presented to the General Assembly for action next winter or implemented by executive order.
After the meeting Wednesday, McAuliffe signed several bills that had been suggested by the commission for this year’s General Assembly session. The measures aim to make it easier for police to search computers, allow prosecutors to keep some parts of ongoing investigations into child predators secret, and clearly place the responsibility for data protection on the leaders of state agencies.
McAuliffe also disclosed that he had just learned that two of his children’s personal data was exposed in this winter’s massive Anthem health care data breach.
The commission, whose other co-chair is Virginia Technology Secretary Karen Jackson, is also moving toward recommendations on changes to criminal law to keep up with changing technologies, and how to grow the number of degree and certificate programs in Virginia that can lead to cyber security jobs.
Secretary of Education Anne Holton said at the meeting that one of the biggest gaps is at the associate degree level, where easier access and clearer lists of requirements could lead more people to seek degrees in the field.
The recommendations will also aim to grow the number of cyber security jobs in the commonwealth.