Higher Ed Groups Slam New DHS Cyber Proposal
Lauren Coffey
July 18, 2024
New requirements for reporting cyberattacks would put undue stress on both small and large institutions, 16 organizations told the Department of Homeland Security in a letter.
More than a dozen higher education–focused organizations are hitting back against a federal proposal that would require the country’s 5,000-plus colleges and universities to report cybersecurity attacks.
Educause, a nonprofit focused on education and technology, sent a letter July 1 to express concerns about a proposal from the Cybersecurity and Infrastructure Security Agency (CISA), which falls under the Department of Homeland Security.
The proposal, filed May 6, expands on the Cyber Incident Reporting for Critical Infrastructure Act of 2022. That measure was born out of a larger effort to mitigate cyberattacks, which have increasingly seeped into the higher education sector in the last few years, namely following a mass breach by ransomware group Cl0p in 2023. It impacted thousands of higher education institutions and adjacent institutions, with some going as far as paying the group a ransom.
