Cyber Security for the Digital District

Just fill out the form below, and we'll contact you whenever new information, case studies and best practices are posted to the site!

Cyber Security: Protect Your District's Assets. Preserve the Freedom to Learn.

By Steven E. Miller

Central to the Cyber Security project is the belief that technology, while a necessary part of the solution, is insufficient to address security issues alone. The most important element of any security process is people – users, staff, policy-makers, and other stakeholders. No security system will succeed without user support. The users must have confidence that the IT system as a whole is contributing enough value to their teaching and learning goals to justify maintaining its integrity by accepting the inconveniences required to follow secure practices. No security plan will be properly implemented if the IT staff lacks the resources and skills needed to make it work. No system will be maintained over time if policy makers and stakeholders are not convinced that it is important enough to warrant their attention and a portion of their limited funds.

The second most important aspect of a security program is policy. The best protection against security risks comes from having the best possible set of Standard Operating Procedures, which are shaped by the values and beliefs of the district and its community and made concrete in the policies that impact IT administration. These start with data privacy policies, go on to cover operational policies concerning the frequency of back-ups and other day-to-day issues, and extend through the full gamut of Acceptable Use Policies governing user behavior, including the question of who has the right to load what software on which machines. We need always to remember the goal is increased student learning. While security procedures are a necessary precondition, they are not an end in themselves.

A Shared Responsibility

Cyber Security is an issue of systems architecture more then of individual responsibility. When it comes to automobiles, the driver is responsible for stopping at red lights. The industry is responsible for creating engines that don't explode. In terms of cyber space, we need to increase the education community’s awareness and improve general practice. Expecting millions of individuals to remember to do all the things that even rudimentary security currently requires is a useless strategy. Educators need to do their part in raising awareness and keeping our own houses in order, but the government needs to work with industry to create a better overall architecture.

Technology provides the tools that allow IT professionals to implement the policies that serve the people’s efforts to meet their district’s educational goals. Without good tools, it is impossible to do the job. But the tools are simply the tools.

Furthermore, education is a unique field. Students learn through inquiry and exploration. Teachers are often able to take advantage of unforeseen "teachable moments." Learning is often motivated by students' desire to deal with dramatic, meaningful, contemporary issues that require access to an incredibly broad variety of information and to an enormous amount of communication among people all around the world. It is vital that K-12 leaders exercise care in protecting their students’ safety and their systems’ security without becoming paranoid or defensive. We cannot be willfully ignorant or unprotected; but neither can we over-react in ways that undermine our primary mission of encouraging student learning and growth. Instead, we must adopt straightforward security practices that recognize risks and deal with them proactively, providing our children with access to information and ensuring their freedom to learn.

Steven E. Miller, Project Manager for Cyber Security for the Digital District, is Executive Director of Mass Networks Education Partnership and a CoSN Board Member.