Question to the Department for Education:
To ask the Secretary of State for Education, what steps she is taking to help ensure cyber security and resilience in (a) schools, (b) academies and (c) other educational establishments.
Education is a devolved matter, and the response outlines the information for England only.
Whilst education institutions are responsible for their own IT, the department supports schools, colleges and other education institutions to enhance their cyber resilience through various initiatives.
The department has published a set of 11 core digital and technology standards. These can be found here: https://www.gov.uk/guidance/meeting-digital-and-technology-standards-in-schools-and-colleges/cyber-security-standards-for-schools-and-colleges. Developed by technical and educational experts, these standards provide guidance on the essential technology and infrastructure required to meet both business and teaching needs. The standards cover key areas, including connectivity, cyber security, filtering and monitoring, cloud services, servers and storage, digital accessibility, leadership and governance and devices.
Adhering to these cyber security standards helps schools and colleges mitigate the risk of cyber-attacks and minimise disruption in the event of a cyber incident. Additionally, compliance ensures sensitive data is securely protected and critical data is backed up effectively.
The department has a dedicated sector cyber security team that provides appropriate advice and guidance to help schools and colleges meet these standards and maintain robust cyber security practices.
Further support is available through the department’s Risk Protection Arrangement (RPA), which has included cyber incident cover as a standard benefit since the 2022/23 membership year. RPA members have access to a 24/7 Incident Response Service in the event of a cyber incident, with 56% of schools in England currently participating in the RPA.
The department also collaborates with the National Cyber Security Centre (NCSC), Jisc and other organisations to further support educational institutions. This includes providing access to the NCSC’s Protective DNS (PDNS) service, part of its Active Cyber Defence suite, which offers ongoing protection against malware and other network-based threats for schools, colleges and universities.
Further guidance on cyber security for schools can be found here: https://www.ncsc.gov.uk/section/education-skills/cyber-security-schools.