Printable View    sign in

NewsroomThe latest CSBA news, blog posts, publications, research and resources for members and the news media

California schools unite behind AB 1023 to deter cyberattacks and protect student privacy


Assemblymember Diane Papan joins the California School Boards Association and the Sacramento County Office of Education to urge increased cybersecurity support for TK-12 schools

Sacramento, Calif. (June 28, 2023) — California took another step toward providing its TK-12 schools with a needed layer of protection from cyberattacks and data theft when Assembly Bill 1023 (Papan-San Mateo) passed out of the Senate’s Governmental Organization Committee on June 27. Cybercrime is on the rise across the country and, increasingly, public schools are the target of sophisticated attacks that capture sensitive data, violate privacy, dismantle operations and extort funds from school districts and county offices of education.

On June 26, Assemblymember Diane Papan told a crowd at Elk Grove Unified School District’s Florence Markofer Elementary that she authored CSBA-sponsored AB 1023 to provide local educational agencies with resources to defend against cyberattacks and protect sensitive data for students, staff and families.

Assemblymember Papan makes a powerful case for AB 1023, CSBA-sponsored legislation that would increase cybersecurity resources and support for TK-12 schools.

CSBA President Susan Markarian gives an interview to Elk Grove USD student journalists after the AB 1023 press conference at Florence Markofer Elementary.


“As technology plays a greater role in schools and in society, we must develop safeguards to protect critical data and safeguard the privacy of students, families and staff — particularly from nefarious actors willing to disrupt public education and put our communities at risk,” said Papan. “Current law fails to offer the support school districts and county offices of education need to defend against cyberthreats and mitigate any successful attacks.”

AB 1023 would ensure that the California Cybersecurity Integration Center (Cal-CSIC) is required to provide direct cybersecurity assistance to TK-12 schools, allowing them to prepare for and respond to cyberattacks more effectively.

“AB 1023 would bring needed attention and resources to cybersecurity, an overlooked aspect of school safety,” said CSBA President Susan Markarian. “Schools have access to more sensitive information and fulfill a more essential purpose than virtually any other local government agency and deserve robust, focused support to prepare for ransomware attacks. Additional support is important for all school districts — and is especially critical for small districts that often lack the resources and candidate pool to hire experienced cybersecurity personnel. That’s why CSBA is focused on providing members with information, guidance, resources and protocols they can use to strengthen cyberdefense.”

Ransomware attacks have grown in recent years and schools have increasingly been identified as soft targets lacking the capacity to ward off hackers. In addition, greater reliance on technology to deliver instruction and services since the COVID-19 pandemic has left schools increasingly vulnerable to cyberattacks. In 2022, cyberattacks against the education sector increased by 36 percent from the previous year. For local educational agencies, it is not a matter of if — but when — their school information systems will be subject to a cyberattack, which can render the entire school district or county office of education unable to conduct the day-to-day business of educating students.

In California, LEAs as large as Los Angeles USD and as small as the Glenn County Office of Education have been victimized by cybercrime, with the Glenn County attack prompting a multiple-day closure of school districts that were supported by the county office of education.

“While we are doing our best to combat these threats, we can’t do it alone, as most education technology departments are understaffed with limited resources. AB 1023 is an important step that will provide cybersecurity guidance and coordination to school districts, county offices of education and charter schools from the California Cybersecurity Integration Center,” said Jerry Jones, executive director, Sacramento County Office of Education Technology Services. “This change will ensure that the state agency tasked with protecting California’s critical infrastructure and computer networks will provide greater focus, assistance and support to K-12 agencies.”

Visit CSBA's cybersecurity webpage
Download cybersecurity guidance and resources
Watch the press conference



CSBA is a nonprofit association representing nearly 1,000 PreK-12 school districts
and county offices of education throughout California.