Question to the Department for Education:

To ask His Majesty's Government, following several recent school closures resulting from cyberattacks, what steps they are taking to ensure (1) schools, and (2) other public services, have good cyber resilience.

The Department recognises that cyber security is a concern for many schools and academy trusts. To support schools with this, the Department released Cyber Security Standards in October 2022, which can be found here: https://www.gov.uk/guidance/meeting-digital-and-technology-standards-in-schools-and-colleges/cyber-security-standards-for-schools-and-colleges. These standards provide a base level requirement for good cyber security practices in schools, helping to raise resilience across the sector and make schools harder targets. Many of the areas suggested for improvement are low cost or free to implement.

The Department’s Risk Protection Arrangement (RPA) has more than 9,500 member schools, which constitutes 43% of eligible schools in England, and includes cover for cyber incidents as standard from the 2022/23 membership years. In the event of a cyber incident, RPA members have access to a 24/7 incident response service. Since September 2022, cyber cover has been available to multi academy trust RPA members, provided they meet the required criteria.

Jisc is the UK digital, data and technology agency focused on education, research and innovation. The Department continues to fund Jisc to provide quality connectivity and cyber security to Further Education colleges in England. In addition to network cyber security measures, Jisc provides advice, guidance, and training on cyber security, including alerts and information on identified security risks. This support includes access to a Cyber Security Incident Response Team. Jisc offers similar support to Higher Education, funded by the Office for Students.

The Department also continues to work closely with the NCSC (National Cyber Security Centre) to identify incidents and conduct analysis to monitor and identify emerging cyber threats.

Schools can access cyber security training for staff from the NCSC and the NCSC Active Cyber Defence tools are now available to all schools. These assist in protecting schools from a range of attacks. Further advice can be found on the NCSC schools’ website at: https://www.ncsc.gov.uk/section/education-skills/cyber-security-schools.

In the event of a cyber attack, the Department has a cyber security team who can provide advice and guidance to assist with recovery. To report an incident and receive support, schools can contact: sector.incidentreporting@education.gov.uk. Schools are also encouraged to report all cyber incidents to Action Fraud via their reporting site here: https://www.actionfraud.police.uk/.

The Department will continue to develop the support and tools offered to schools and academy trusts to improve their cyber security and resilience. This will help to streamline reporting and data capture and improve mutual understanding between the Department and schools.