K-12 Cybersecurity Insider | 11/17/2025 edition
A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Sign up for the K12 SIX mailing list to have future editions delivered to your inbox.
Mark Your Calendar
11/18 - From ABC to PhD: Building K-12 Cyber Defense from Kindergarten to Staff Room (sponsored by Infosec Institute)
11/19 - K12 SIX Monthly Membership Meeting (member-only)
In the News
VA School District Recovering from Cyber Incident that Forced Districtwide Closures
Manassas City (VA) Public Schools continue their efforts to recover from a significant cyber incident experienced on or about November 9 that disrupted internet and phone service and led to school closures across the district. (The proximity of the incident to a national holiday may have helped avoid even greater disruption.) Phone service was interrupted for about 5 days while ‘some technology tools’ may still remain offline as recovery efforts continue. The threat actor has not been publicly identified, nor has there been a confirmation of an extortion demand.
In a blog post entitled “Why Securing Things ‘Backwards’ Is So Difficult in K–12 IT,” Brad Cornell drops some wisdom on the challenges of trying to overhaul a school system’s cybersecurity posture without disrupting learning (too much). As he writes: “Transitioning from ‘anything goes’ to ‘secured by design’ is one of the hardest shifts for schools to make. Not because people don’t care about security, but because securing things backwards means undoing years of habits, expectations, and legacy decisions.” The post concludes with some good tips on tactics that can help pave the path toward greater buy-in and ultimately resilience.
Good News, Bad News: SLCGP Reauthorized in Government Funding Deal
Good news: the end of the longest federal government shutdown in history late Wednesday night also reauthorized a popular federal cybersecurity grant program for state and local governments: the State and Local Cybersecurity Grant Program (SLCGP). The bad news: the reauthorization only extends the program until January 30. What the program looks like the future - including funding levels - all remains open for debate. The National Association of State Chief Information Officers (NASCIO) response: “Congress should act swiftly to provide certainty and stability for state governments by passing a long-term extension…, combined with adequate levels of funding, that will allow stakeholders to strengthen their cyber defenses and meet the challenges of the future.”
4th Annual National K-12 Cybersecurity Leadership Conference (Feb 2026)
Hosted by the K12 Security Information eXchange (K12 SIX), the 2026 National K-12 Cybersecurity Leadership Conference is a unique event designed to identify and share solutions and best practices to better defend the K-12 education sector from emerging cybersecurity threats, such as ransomware and data breaches. The fourth annual conference will be held February 24-26, 2026 in Albuquerque, New Mexico. Named a “top K-12 conference to attend in 2026” by K-12 Dive.
Members Get More
The K12 Security Information eXchange (K12 SIX) operates as the independent, non-profit information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Founded in 2020, organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.