February 5, 2022

Bill would fund cybersecurity program for New Mexico schools

Public school officials say the problem is becoming almost as prevalent as bullying on the playground: cyberattacks.

In early January, a ransomware attack on Finalsite, an internet software company that runs websites for thousands of public schools across the nation, led to a computer system blackout for about 5,000 schools.

Later that month, a cyberattack on Albuquerque Public Schools led to a district shutdown.
New Mexico lawmakers on both sides of the aisle want to fight back. A group of Democratic and Republican House members has introduced a bill that would appropriate $45 million to the state Public Education Department to develop a cybersecurity program for schools over a three-year period.

The House Education Committee held a hearing on the bill Friday but did not take a vote due to requests by lawmakers for some changes that would ensure charter schools are included in the program.
The bill calls for a response and recovery process and training for employees and students to identify and address potential cyberattacks.

In the first phase, 35 school districts and 18 charter schools would receive $8 million to start cybersecurity programs in fiscal year 2023. The education department would hire three new employees to oversee the program under House Bill 122.

“The idea is to get this into place and right away,” said Lee Reynolds, director of information technology at Rio Rancho Public Schools.

Reynolds said nearly every cyberattack faced by schools comes through a phishing scam — an effort to gain personal information, such as bank account or Social Security numbers, by pretending to be a legitimate business.

“This can’t wait,” he said. “We need this funding; we need it now.”

One of the bill’s four sponsors, Rep. Raymundo Lara, D-Chamberino, said he hopes the employee training portion of the legislation helps teachers understand how to identify such scams and refrain from responding to them — an act that can infect an entire computer system.

“I hope there’s a lot of emphasis on that training aspect,” he said.

Max Baca, the information technology director at New Mexico Highlands University, told lawmakers, “We need to move quickly on this. More and more schools are going to be vulnerable. It’s only going to hinder our students.”

Committee members agreed to revisit the bill for a possible vote Monday after the sponsors make amendments.

Neal Weaver, chief information and strategy officer for Santa Fe Public Schools, said in an interview after the hearing the most important component of HB 122 is “to educate so we can keep these cyberattacks from happening.”

“We look at cyberthreats from the perspective not of ‘if’ but ‘when,’ ” he said.
In the seven years Weaver has been employed with the district, he said it has only experienced one cyberattack, and that was against a vendor, not the district itself.  

“We are doing everything we can to keep them from happening, but we prepare for when they do happen,” he said.