CISA K-12 Report Blog

In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued an eye-opening report titled, Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats. The report details the cybersecurity risks facing K-12 organizations and includes guidance for policymakers and leaders in the K-12 community. Industry technology leaders and K-12 cybersecurity and IT staff would also be wise to take note of the findings and recommendations in the CISA K-12 report.

As IT and networking technologies become more integrated into learning, an increasing number of cyberthreats are leaving our students, families and educators vulnerable. Many districts throughout the United States are struggling to address these attacks with limited cybersecurity professionals, limited budgets and limited knowledge of how to address modern-day threats that focus on K-12 organizations.

At the highest levels, the CISA K-12 report presents three key findings, along with recommendations for education and IT leaders.

3 Key Findings

1. With finite resources, K-12 institutions can take a small number of steps to significantly reduce cybersecurity risk.


    • Focus on high priority security controls.
    • Utilize CISA CPGs for guidance on control recommendations.
    • Develop a cybersecurity plan utilizing the US National Institute of Standards and Technology (NIST) Cybersecurity Framework.

2. Many school districts struggle with insufficient IT resources and cybersecurity capacity.


    • Pursue funds and grants that are focused on cybersecurity.
    • Utilize free or low-cost services or offerings to make near-term improvements.
    • Request that your technology partners provide offerings with strong security controls.
    • Migrate from on-premise offerings and services to cloud-native offerings.

3. K-12 entities cannot single-handedly identify and prioritize emerging threats, vulnerabilities or risks.


    • Build communities and join relevant cybersecurity focused organizations.
    • Become a member of an Information Sharing and Analysis Center (ISAC).
    • Build partnerships with your local law enforcement, local FBI and CISA personnel.

Interviewed stakeholders provided feedback in the report that highlighted four main challenges: lack of resources, simplification, prioritization and governance. Here are some of the ways that Palo Alto Networks can help today’s K-12 organizations address these topics of concern.

Challenge: Lack of Resources

The Palo Alto Networks Cybersecurity Academy focuses on providing educators with the information they need to deliver modern-day, real-life education about cybersecurity. Many school districts with science, technology, engineering, art and math (STEAM) pathways include cybersecurity as one of the options for students to pursue. The Cyber A.C.E.S., or Activities in Cybersecurity Education for Students, also help empower students ages 5-15 to have safe online experiences. Together, the Cyber A.C.E.S. program and the Cybersecurity Academy set the stage for young adults to move into cyber roles as soon as they graduate.

Another focus area for resources is utilizing automated and integrated technologies to ensure you are getting the most out of your security posture with little to no need for human interaction. The Palo Alto Networks platform is natively integrated and has built-in automation that focuses on simplifying what used to be difficult security controls. This simplification allows for K-12 organizations to have stronger security postures with fewer cybersecurity professionals.

For your current cybersecurity professionals, Palo Alto Networks Beacon is the place for learning everything you need to know about cybersecurity and the Palo Alto Networks platform. With basic “101” style courses from cybersecurity to advanced threat hunting and incident response, the Beacon portal has you covered.

Challenge: Simplification

As mentioned above, the Palo Alto Networks platform approach focuses on simplifying security controls and making them more effective through automation and native integrations. Threat intelligence is natively shared through network, endpoint and cloud products. This allows organizations to feel confident that their cybersecurity controls are working together to protect their best interests.

Beyond the cybersecurity controls and products, Palo Alto Networks also provides industry-leading, vendor-agnostic guidance around building cybersecurity plans, proactive cybersecurity services, incident response capabilities and more through Unit 42. Cybersecurity plans can be built out to align with guidance from NIST, CIS, CISA or other compliance and framework guidelines. These offerings take into consideration the unique environments in each organization and the challenges they face to provide them with actionable plans to implement strong security postures. To further develop cybersecurity professionals within your organization, Unit 42 also provides tabletop exercises and various cybersecurity assessments to help you learn how to better protect yourself.

Challenge: Prioritization and Governance

Unit 42 also helps organizations understand the various roles and responsibilities of a strong cyber governance model. Virtual CISO offerings, recommendations on alignment to cybersecurity frameworks, and other governance-focused services allow for organizations to get a jump start on building a holistic cybersecurity approach.

Furthermore, Palo Alto Networks products, such as AIOps, best-practices configurations and professional services offerings all focus on implementing your cybersecurity posture with alignment to the cybersecurity frameworks you choose. Recommendations around the criticality of a specific cybersecurity control allow organizations to prioritize their cybersecurity approach in securing their critical assets.

Immediate Next Steps

Palo Alto Networks is well-positioned to help K-12 organizations control the cybersecurity narrative and get ahead of the threats that they face daily. An approach with Palo Alto Networks allows organizations to simplify their cybersecurity stack making for more effective and easier-to-manage controls. This often leads to the ability to collapse complex security offerings into 2-3 control areas offered as part of the Palo Alto Networks platform, saving organizations money. Beyond that, the vendor-agnostic approach of Unit 42’s services allows organizations to build strong cybersecurity plans and to govern around those plans to ensure they are enabling secure learning environments for their students. Finally, the education offerings from the Academy Program, Cyber A.C.E.S., and Beacon allow for your organizations to have a holistic approach to educating their current and future cybersecurity professionals.

To learn more about how Palo Alto Networks can help, connect with our team.