EdLawConnect Blog

In early July 2022, College of the Desert fell victim to a cybersecurity attack disabling the College’s online services and phone lines, leaving many employees without access to email, and students without access to many vital services.  This was not the first attack for the College, and is a story that is all too common.  Colleges and universities continue to experience high levels of ransomware attacks in 2022, continuing the trend from 2021, resulting in increased fiscal costs on already tight budgets.  News reports identified that approximately 74% of ransomware attaches on higher education institutions were successful, which was a higher rate than in other industries.[1]  While higher education institutions may have insurance, these successful attacks have interrupted operations and placed a burden on already strained budgets.

To combat this growing concern, the current California Budget includes $75 million in one-time funds allocated to the California Community Colleges (CCC) Board of Governors for distribution to community college districts for the purpose of implementing local and systemwide technology and data security measures that will support improved oversight of fraud mitigation and cybersecurity efforts.  Assembly Bill (AB) 183, which allocates the funds, does not provide a specific allocation formula, but provides the following restrictions on the purposes for the funds:

• Security upgrades and malware prevention for education technology platforms, including student data systems, learning management systems, and enrollment management systems;

• System enhancements and modernization efforts for the CCCApply system, including building in multifactor authentication, mobile phone compatibility, compatibility with the federal Americans with Disabilities Act, and streamlining the application process;

• Costs for monitoring and assessing security risks; and

• Efforts to improve the quality of online and distance education.

To address the workforce shortage in the area of cybersecurity, AB 183 establishes the Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program.  With preference given to California State University (CSU) campuses that have or are already developing regional pipeline programs in cybersecurity with the CCC, the goal is to create a pilot program aligning the cybersecurity workforce needs of employers with the education and training provided by colleges, increasing the pipeline of students pursuing cybersecurity careers. 

AB 183’s $75 million investment and creation of the Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program are two steps in combating this ongoing issue.  The Chancellor’s Office is currently reviewing and deciding on the allocation of funds, but in total California’s community colleges can expect some additional financial relief in the near future.  If you have concerns about cybersecurity, or need assistance in addressing an information breach, contact the authors of this post or your legal counsel.

[1] https://www.insidehighered.com/news/2022/07/22/ransomware-attacks-against-higher-ed-increase

This AALRR post is intended for informational purposes only and should not be relied upon in reaching a conclusion in a particular area of law. Applicability of the legal principles discussed may differ substantially in individual situations. Receipt of this or any other AALRR publication does not create an attorney-client relationship. The Firm is not responsible for inadvertent errors that may occur in the publishing process. 

  © 2022 Atkinson, Andelson, Loya, Ruud & Romo