K-12 Cybersecurity Initiative
Overview
What is the K-12 Cybersecurity Initiative?
In response to the increasing threat of ransomware and other malicious cyber activity targeting local educational agencies (LEAs) across Texas, the Texas Education Agency (TEA) launched the K-12 Cybersecurity Initiative in 2023. The initiative was made possible through funding approved by the 88th Texas Legislature, which supported TEA’s request for dedicated cybersecurity resources to help LEAs strengthen their defenses and respond to emerging cyber risks.
The program officially started on September 1, 2023, and was initially funded through the FY24/FY25 biennium (September 2023–August 2025). We are pleased to share that the 89th Texas Legislature has approved an additional $42 million in funding for the FY26/FY27 biennium (September 2025–August 2027), ensuring the continuation and expansion of this critical initiative. Remaining funds from FY24/FY25 have also been transferred forward to support ongoing efforts.
The goal of the initiative is to deliver immediate, practical solutions to help LEAs defend against major cyber incidents, such as ransomware attacks. Priority is given to rural LEAs, and cybersecurity practitioners are available through regional education service centers to support the implementation of cybersecurity controls aligned with the scope of this initiative.
Biennial Funding Updates
FY24/FY25
- The program officially launched on September 1, 2023, with funding provided through the FY24/FY25 biennium (September 2023–August 2025).
FY26/FY27
- The Texas legislature has approved $42M for the continuation of this initiative in TEA’s FY26/FY27 budget (September 2025–August 2027). Remaining funds from FY24/FY25 have been carried forward.
Future Projections
- Updates will be provided as additional funding decisions are made in future legislative sessions.
The following cybersecurity controls are highly encouraged for all Local Education Agencies (LEAs) to implement between September 1, 2023, and August 31, 2025 and fall within the scope of the K-12 Cybersecurity Initiative:
- Implement fully managed Endpoint Detection and Response (EDR) on LEA servers and applicable staff devices.
TEA will fully fund licenses with limited distribution. See details below. - Implement Multi-Factor Authentication (MFA) for staff email systems.
- Ensure DMARC Compliance to enhance protection against phishing and spoofing.
- Restrict local administrator access to minimize the risk of unauthorized system changes.
- Complete a Texas Cybersecurity Framework (TCF) assessment to get a baseline of your cybersecurity program and action plan for improving your maturity.
- TCF assessment is provided on first come first served basis by TEA through Department of Information Resources (DIR) program.
- Implement Network Detection and Response (NDR).
- NDR Pilot is paused to new customers as we evaluate current participation and future capacity.
For FY26–FY27, the Texas State Legislature has approved an additional $42 million to continue advancing the K–12 Cybersecurity Initiative. These funds will support the following key efforts:
• Expansion of Managed EDR Services
Continued support for the current Managed Endpoint Detection and Response (EDR) offering, with a focus on increasing adoption among additional LEAs within scope.
• Ongoing TCF Assessments
Continued funding for additional Texas Cybersecurity Framework (TCF) assessments through the Texas Department of Information Resources (DIR) Managed Security Services (MSS).
• Continued Support for Education Service Centers (ESCs)
Additional funding to enable ESCs to provide technical assistance to their LEAs in support of the K–12 Cybersecurity Initiative.
• Implementation of Additional Security Controls
Support for additional security controls at each LEA to further strengthen cybersecurity maturity across the state.
How much money was appropriated for the K-12 Cybersecurity Initiative?
The Texas State Legislature initially appropriated $55M to support the K-12 Cybersecurity Initiative and an additional $42M for FY26/FY27. From the legislative entry into the budget:
It is the intent of the Legislature that the Texas Education Agency enter into an interagency agreement with the Department of Information Resources (DIR) to provide cybersecurity services for LEAs in accordance with DIR Strategy C.1.2, Security Services. Cybersecurity services to be provided by DIR may include but are not limited to, cybersecurity assessments, endpoint detection response, and network detection response.
| Funded Service Type | Availability Scope | Status |
|---|---|---|
| Cybersecurity technical assistance provided by ESCs | All LEAs | As offered per ESC |
| TEA-funded third-party cybersecurity assessments | Available to all LEAs. First come, first served | Request through STS Portal |
| TEA-funded Endpoint Detection & Response (EDR) subscriptions | Prioritized for small & midsize LEAs | Request through STS Portal |
| NDR phase 1 pilot program is now closed | Pilot group of LEAs and ESCs | Evaluate pilot participants to determine next steps |
Program Scope*
INTER-LOCAL AGREEMENT WITH DIR SHARED TECHNOLOGY SERVICES (STS) REQUIRED
LEAs will need to sign DIR’s inter-local agreement to receive the in-scope services from DIR’s STS, Managed Security Services (MSS) program. Our goal is to have all eligible LEAs onboarded with a signed inter-local agreement so the services can be distributed as soon as possible. After the inter-local agreement is in place, eligible LEAs may then request in scope services through the STS program, which will be paid for by TEA. The MSS vendor, or your regional education service center may reach out to your LEA to help facilitate this process. Details about this process were discussed in the April Cybersecurity Coordinator call.
LIMITED DISTRIBUTION OF EDR PER LEA ENROLLMENT
It is TEA’s intention to focus on small and rural LEAs for the distribution of EDR services through DIR’s MSS. The EDR provided, which replaces traditional anti-virus software and incorporates threat intelligence along with malicious behavior characteristics on endpoints, will be fully managed to eliminate additional LEA overhead and is one of the best solutions to prevent ransomware and secure devices. The current vendors under the MSS contract for EDR are CrowdStrike and SentinelOne. To provide a scope that we can reasonably accommodate with the funding provided, TEA will limit the distribution for LEAs with a total enrollment of 50,000 and below, with a range from 30 licenses up to licenses equal to 30% of student enrollment, whichever is larger. It is TEA’s intent to focus on high-risk and impact devices, so initial distribution should focus on servers and central office staff with any remaining licenses distributed to other staff devices that have access to sensitive data.
TEXAS CYBERSECURITY FRAMEWORK ASSESSMENT
Cybersecurity assessments will also be available to LEAs as part of this initiative and will also be provided by the MSS vendor through DIR’s services catalog. The intent of these assessments is to provide a high-level look at the overall state of cybersecurity in Texas’ K-12 public entities. TEA will not receive detailed copies of reports for any individual LEA. TEA will only receive an aggregate report of the assessments. Refer to the TX K12 Cybersecurity Assessment Quick Start Guide for details on how to request a Cybersecurity Assessment for your district.
*The program scope is subject to change in order to achieve initiative goals. Initiative implementation details are still in development. TEA will provide updates through Cybersecurity Coordinator Forum webinars and this site.
Steps to Onboarding LEAs to the Texas Department of Information Resources (DIR) STS Portal and the K12 Initiative:
- The DIR Onboard process begins when the LEA returns the New Customer Form to DIR.
- The LEAs will need to sign DIR’s InterLocal Contract (ILC) to receive the in-scope services from DIR’s Shared Technology Services Program (STS), Managed Security Services (MSS) program. This will be sent to the InterAgency Contact (IAC) on page 1 of the New Customer Information Form for their review and signature.
- Onboard to the STS portal – this portal allows your entity to make requests for services, review proposed services and review any associated costs with those services. This will be sent to the Service Operations Contact on Page 1 of the New Customer Information Form.
- When DIR has finalized the signature process on the ILC and returns it to the LEA, the LEA will receive a “Welcome Aboard” email from DIR, and LEA can put in a request for service.
- Log in to the STS portal to request TEA-funded EDR and School District Cybersecurity Assessment through DIR’s contracted MSS provider.
Note: All onboarding emails will come from STS System Message dirsharedservices@ service-now.com. Please make sure to whitelist this domain.
Resources
Webinars & Slide Decks
You may register for the Cybersecurity Coordinator Forum series using your LEA email address.
- April 2023 Cybersecurity Coordinator Forum Webinar
- May 2023 Cybersecurity Coordinator Forum Webinar
- June 2023 Cybersecurity Coordinator Forum Webinar
- August 2023 Cybersecurity Coordinator Forum Webinar
- September 2023 Cybersecurity Coordinator Forum Webinar
- February 2024 Cybersecurity Coordinator Forum Webinar
- March 2024 Cybersecurity Coordinator Forum Webinar
- April 2024 Cybersecurity Coordinator Forum Webinar
- Webinar Slide Deck - April 2024 (PDF)
Other Resources
- K-12 Cybersecurity TAA - June
- K-12 Cybersecurity TAA - September
- STS New Customer Form
- FAQs
For more information contact:
Texas Department of Information Resources CISO Office at DIRSecurity@dir.texas.gov
Texas Education Agency Cybersecurity team Cybersecurity@tea.texas.gov