K-12 Cybersecurity Initiative
IMPORTANT UPDATE - Continuation of the program:
TEA is currently developing additional recommendations and goals for the FY26/FY27 (September 1, 2025 - August 31, 2027) continuation of the program.
The Texas Education Agency (TEA) remains committed to enhancing cybersecurity within Texas public schools. While the current funding cycle for the K-12 Cybersecurity Initiative is nearing completion, Texas legislative leadership has shown continued support for these critical efforts by carrying the program forward with $42M in TEA’s funding for FY26/FY27. While this is not official until the appropriation bill is officially passed by the legislature and signed by the Governor in May/June 2025, all indicators are positive.
Overview
What is the K-12 Cybersecurity Initiative?
To counter the rising surge of ransomware and malicious activity affecting local educational agencies (LEAs) around the state, the Texas Education Agency (TEA) submitted an exceptional item request for funding to the Texas Legislature to provide cybersecurity resources to LEAs. We are pleased to announce that our request has been approved, and we will be able to distribute in-kind services with these funds between September 1, 2023 and August 31, 2025.
The purpose of this initiative is to provide immediate solutions to protect LEAs from major cyber incidents, such as ransomware. Priority will be given to rural LEAs, and cybersecurity practitioners will be available at your regional education service center to assist with implementation of cybersecurity controls that fall within scope of this initiative.
The following cybersecurity controls are highly encouraged for all LEAs to implement between September 1, 2023 and August 31, 2025 and fall within the scope of this initiative:
- Implement fully managed Endpoint Detection and Response (EDR) on LEA servers and applicable staff devices. TEA will fully fund licenses with limited distribution. See details below.
- Implement Multi-Factor Authentication (MFA) on staff email systems.
- Implement email protocol security configurations.
- Restrict local admin access.
The following cybersecurity controls are funded on a first come first served basis by TEA through the Department of Information Resources (DIR) Shared Technology Services (STS) program and are recommended to mature LEA cybersecurity posture. These controls fall within scope of this initiative:
- Complete a third-party K-12 Cybersecurity Assessment to get a baseline of your cybersecurity maturity and action plan for improving cybersecurity posture.
- Implement Network Detection and Response (NDR), especially for schools with cameras and other Internet of Things (IoT) devices. (Currently pausing new customers into the NDR program as we evaluate capacity.)
The following cybersecurity controls are recommended to prioritize, but do not currently fall within scope of this initiative:
- Security Awareness Training for staff with access to network resources.
- Ensure backups are encrypted, stored off network, and tested regularly.
- Encryption of sensitive data
- Segment networks
- Third-Party Risk Management
How much money was appropriated for the K-12 Cybersecurity Initiative?
The Texas State Legislature appropriated $55M to support the K-12 Cybersecurity Initiative. From the legislative entry into the budget:
- It is the intent of the Legislature that the Texas Education Agency enters into an interagency agreement with the Department of Information Resources (DIR) to provide cybersecurity services for LEAs in accordance with DIR Strategy C.1.2, Security Services. Cybersecurity services to be provided by DIR may include but are not limited to, cybersecurity assessments, endpoint detection response, and network detection response.
| Funded Service Type | Availability Scope | Status |
|---|---|---|
| Cybersecurity technical assistance provided by ESCs | All LEAs | As offered per ESC |
| TEA-funded third-party cybersecurity assessments | Available to all LEAs. First come, first served | Request through STS Portal |
| TEA-funded Endpoint Detection & Response (EDR) subscriptions through the end of 2024-25 SY | Prioritized for small & midsize LEAs | Request through STS Portal |
| NDR phase 1 pilot program is now closed | Pilot group of LEAs and ESCs | Evaluate pilot participants to determine next steps |
Program Scope*
INTER-LOCAL AGREEMENT WITH DIR SHARED TECHNOLOGY SERVICES (STS) REQUIRED
LEAs will need to sign DIR’s inter-local agreement to receive the in-scope services from DIR’s STS, Managed Security Services (MSS) program. Our goal is to have all eligible LEAs onboarded with a signed inter-local agreement by September 1, 2023, so the services can be distributed as soon as possible. After the inter-local agreement is in place, eligible LEAs may then request in scope services through the STS program, which will be paid for by TEA starting September 1, 2023 through August 31, 2025. The MSS vendor, or your regional education service center may reach out to your LEA to help facilitate this process. Details about this process were discussed in the April Cybersecurity Coordinator call.
LIMITED DISTRIBUTION OF EDR PER LEA ENROLLMENT
It is TEA’s intention to focus on small and rural LEAs for the distribution of EDR services through DIR’s MSS. The EDR provided, which replaces traditional anti-virus software and incorporates threat intelligence along with malicious behavior characteristics on endpoints, will be fully managed to eliminate additional LEA overhead and is one of the best solutions to prevent ransomware and secure devices. The current vendors under the MSS contract for EDR are CrowdStrike and SentinelOne. To provide a scope that we can reasonably accommodate with the funding provided, TEA will limit the distribution for LEAs with a total enrollment of 50,000 and below, with a range from 30 licenses up to licenses equal to 30% of student enrollment, whichever is larger. It is TEA’s intent to focus on high-risk and impact devices, so initial distribution should focus on servers and central office staff with any remaining licenses distributed to other staff devices that have access to sensitive data.
SCHOOL DISTRICT CYBERSECURITY ASSESSMENTS (SDCA)
Cybersecurity assessments will also be available to LEAs as part of this initiative and will also be provided by the MSS vendor through DIR’s services catalog. The intent of these assessments is to provide a high-level look at the overall state of cybersecurity in Texas’ K-12 public entities. TEA will not receive detailed copies of reports for any individual LEA. TEA will only receive an aggregate report of the assessments. Refer to the TX K12 Cybersecurity Assessment Quick Start Guide for details on how to request a Cybersecurity Assessment for your district.
*The program scope is subject to change in order to achieve initiative goals. Initiative implementation details are still in development. TEA will provide updates through Cybersecurity Coordinator Forum webinars and this site.
Steps to Onboarding LEAs to the Texas Department of Information Resources (DIR) STS Portal and the K12 Initiative:
- The DIR Onboard process begins when the LEA returns the New Customer Form to DIR.
- The LEAs will need to sign DIR’s InterLocal Contract (ILC) to receive the in-scope services from DIR’s Shared Technology Services Program (STS), Managed Security Services (MSS) program. This will be sent to the InterAgency Contact (IAC) on page 1 of the New Customer Information Form for their review and signature.
- Onboard to the STS portal – this portal allows your entity to make requests for services, review proposed services and review any associated costs with those services. This will be sent to the Service Operations Contact on Page 1 of the New Customer Information Form.
- When DIR has finalized the signature process on the ILC and returns it to the LEA, the LEA will receive a “Welcome Aboard” email from DIR, and LEA can put in a request for service.
- Log in to the STS portal to request TEA-funded EDR and School District Cybersecurity Assessment through DIR’s contracted MSS provider.
Note: All onboarding emails will come from STS System Message dirsharedservices@ service-now.com. Please make sure to whitelist this domain.
Resources
Webinars & Slide Decks
You may register for the Cybersecurity Coordinator Forum series using your LEA email address.
- April 2023 Cybersecurity Coordinator Forum Webinar
- May 2023 Cybersecurity Coordinator Forum Webinar
- June 2023 Cybersecurity Coordinator Forum Webinar
- August 2023 Cybersecurity Coordinator Forum Webinar
- September 2023 Cybersecurity Coordinator Forum Webinar
- February 2024 Cybersecurity Coordinator Forum Webinar
- March 2024 Cybersecurity Coordinator Forum Webinar
- April 2024 Cybersecurity Coordinator Forum Webinar
- Webinar Slide Deck - April 2024 (PDF)
Other Resources
- K-12 Cybersecurity TAA - June
- K-12 Cybersecurity TAA - September
- STS New Customer Form
- FAQs
For more information contact:
Texas Department of Information Resources CISO Office at DIRSecurity@dir.texas.gov
Texas Education Agency Cybersecurity team Cybersecurity@tea.texas.gov