CISA invites K-12 edtech providers to sign secure design pledge

With cyberattacks against K-12 schools on the rise, CISA is seeking commitments from edtech makers to design products that are more secure.
Jen Easterly
Cybersecurity and Infrastructure Security Agency Director Jen Easterly testifies before a House Homeland Security Subcommittee, at the Rayburn House Office Building on April 28, 2022 in Washington, DC. (Kevin Dietsch / Getty Images)

The Cybersecurity and Infrastructure Security Agency on Tuesday announced a voluntary pledge for K-12 educational technology companies to commit to designing their products with greater built-in security.

“We need to address K-12 cybersecurity issues at its foundation by ensuring schools and administrators have access to technology and software that is safe and secure right out of the box,” CISA Director Jen Easterly said in the agency’s announcement.

Cases of ransomware and malicious cyber activity, especially those aimed at K-12 school districts in the United States, are on the rise. A school district in Carlisle, Pennsylvania, this month became one of the latest ransomware victims.

The Biden administration has also acknowledged the vulnerability faced by school districts with outdated security systems. In March, the White House released its National Cybersecurity Strategy, which outlines how to help school districts fight cybersecurity threats across the country through training and computer system upgrades. Rural districts in particular are prime targets, as they often have fewer resources to devote to cybersecurity.


Companies that sign CISA’s pledge are publicly agreeing to adopt three principles:

  1. Take ownership of customer security outcomes.
  2. Embrace radical transparency and accountability.
  3. Lead from the top by making secure technology a key priority for company leadership.

In addition, the pledge also includes specific, publicly measurable “secure by design” principles companies are committing to when they sign. PowerSchool, Classlink, Clever, GG4L, Instructure, and D2L, some of the largest providers of K-12 education software in the United States, have all signed the pledge.

“We need all K-12 software manufacturers to help us improve cybersecurity for the education sector by committing to prioritize security as a critical element of product development,” Easterly said.

Sophia Fox-Sowell

Written by Sophia Fox-Sowell

Sophia Fox-Sowell reports on artificial intelligence, cybersecurity and government regulation for StateScoop. She was previously a multimedia producer for CNET, where her coverage focused on private sector innovation in food production, climate change and space through podcasts and video content. She earned her bachelor’s in anthropology at Wagner College and master’s in media innovation from Northeastern University.

Latest Podcasts