WASHINGTON, D.C. — In this era of online learning that has come to define life for students nationwide living with the realities of COVID-19, there is bipartisan concern for schools getting hacked and digital threats like ransomware.

The Senate Homeland Security and Governmental Affairs Committee held a hearing Wednesday to press Brandon Wales, the Acting Director of the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security,​ about what controls are in place to protect schools that have shifted to distance learning.

A number of school districts around the country have become recent victims of ransomware attacks including Fairfax County Public Schools in Northern Virginia.

"Cyber security is a 21st century public policy problem that just is not solveable or really even manageable by 20th century government means. Regulation, mandates and centralized action in general, these approaches are inadequate to match the pace of change that we have witnessed in the cyber security realm in recent years," said Sen. Rand Paul, (R-Ky), who oversaw the hearing.

"We are encouraging schools to participate through the information sharing mechanisms that have been created. For example, the Multi-state Information Sharing and Analysis Center (MS-ISAC), which is a free resource available that we have invested in from the department for state and local governments," Wales said.

"Today, 2,000 school districts, schools and IT organizations are part of that MS-ISAC and there are additional resources and tools that states and school districts can take part in that can help them ensure their protection against ransomware and other attacks. For example, the MS-ISAC offers malicious domain blocking so that known malicious domains would be blocked from activity on those networks."

The hearing was the first for Wales after President Trump fired former cyber security director Chris Krebs last month for disputing conspiracy theories and maintaining there was no widespread fraud in the 2020 election. 

When the school year began, Jefferson County, Kentucky virtual classrooms were interrupted by students who traded log-in information to access private classroms.

"Dr. Paul's hearing on Wednesday helps spread awareness not only of the latest attacks and how they have been combated but also of the work being done in both government and private sectors to protect Kentuckians and all other Americans," said a spokesperson for Paul's office, noting a key takeaway fron the hearing is to ensure every organization has their Remote Desktop Protocol (RDP) properly configured.

The Kentucky Department of Education is participating in the MS-ISAC program.