Cybersecurity & Safety

MLTI Cyber Performance Grants!

Reporting Guide HERE

State and Local Cybersecurity Planning Grant

Student Data Privacy

The Maine Student Privacy Alliance (MESPA) is a collaboration of Maine school districts and vendors with the common goal of protecting students' privacy.

The MESPA seeks to set standards and hold members accountable to those standards so that all online applications implemented by schools are safe for everyone involved without having to renegotiate terms on every occasion. Sample Privacy Agreement HERE. MESPA supports COPPA, the Children’s Online Privacy Protection Act.

Student Safety

Student online safety is a partnership between schools and families. Maine schools are required to follow CIPA law for content filtration and implement policies for acceptable use. School districts' CIPA requirements begin with the Internet Service Provider, Network Maine who deploy content filtering. In addition, many communities deploy the use of additional software on their networks and or devices to support online safety at school and or at home.

Common Sense

Stay Safe Online

Cybersecurity

Cybersecurity in Maine Schools is a team effort from Internet Service Providers, IT equipment vendors, school employees, and the State and Federal government. Data Breaches, ransomware attacks, and other cyber-criminal activity are on the climb in school districts across the country.

The Internet Service Provider (ISP) for Maine's K12 public schools is the Maine School Library Network (MSLN). Network Maine (NWM) is located at the University of Maine in Orono and provides ISP services via state legislation and the federal E-Rate process. Network Maine is a member of the Regional Research and Educational Networks of the United States (The Quilt) and provides high-speed internet to all Maine schools.

The Maine School and Library Network (MSLN) has been in operation since 1996. Today, MSLN provides internet access to approximately 950 schools and libraries statewide. MSLN is paid for using a combination of funding from the Federal E-Rate program (approximately 60% of the cost) and the Maine Telecommunications Education Access Fund (MTEAF) (approximately 40% of the cost). Funds are generated through an assessment on interstate phone bills for the Federal E-Rate portion and on intrastate bills for the MTEAF portion. The Legislature authorized the creation of the MTEAF in 1999 (35-A M.R.S.A. § 7104-B). The rule implementing the Maine Telecommunications Education Access Fund is Chapter 285.

Network Maine is the first line of cyber defense for Maine schools, implementing top industry content filtration, malware and DDoS detection. In addition, Maine schools have access to a local portal service that allows for the customization of various security tools and settings.

The Maine DOE works with the Cybersecurity and Infrastructure Agency (CISA), and the Maine School Safety Center to assist Maine schools with information and programs that help to grow cyber maturity. Please see the What You Can Do Now section of this website to learn about actions that can be taken today to help secure educational IT infrastructure.

CISA Maine, Region 1, CISA Services and Tools, CISA YouTube Channel, MS-ISAC Registration, Stop Ransomware, Cyber Incident Prep, Assessment Resources, MFA Fact Sheet, K12SIX Cyber Incident Map, K12SIS Cybersecurity Frameworks

District Technology Plans

Maine school districts are required to maintain a local technology plan. The Department of Education is available to guide the development and upgrade of technology plans.

There are also multiple non-profit state and national organizations to assist in technology plan development. These include the U.S. Department of Education's Future Ready Schools and ISTE's Essentials Conditions for Tech Use in Schools.

Technology & Local Control

Local school systems determine their cyberinfrastructure based on local goals, and unique variables such as geography, the number of schools and grade levels, municipal structures, and more. Local control items include but are not limited to:

Topology Choices, Geographical Network Consideration, Firewalls, Switches, Servers, Cloud Services, Municipal Partnerships, Wide and Local Area Network Design, Wireless Access Points, Community Network Access, Student Device Access, IT Contracted Services, IT Staff to Device Ratios, the Internet of Things, Tech Culture, Bandwidth, Filtering Levels, Security and Incident Response Plans, Technology Plans, Academic Integration, Student/Staff Data Privacy Teams, Media Release Permission Forms, Vendor Services, Student Information Systems, Classroom Applications, Take Home Use Fee/Insurance, Acceptable Use Policy, Network Monitoring, Student Data Privacy Contracts, Student and Staff Support, Video Conferencing, Server Security, Cloud Services, Device Deployment, and MORE.

The DOE can provide guidance to local systems as needed. (Photo: Boothbay, Oakland, Noble, and Newport Schools)

Cyber Insurance

Cyber insurance costs for school systems has been on the incline. Policies include specific requirements or guidelines as a component of coverage requirements.

Guidelines and or requirements for cyber insurance: Email Security, Internal Security, MFA, Backup and Recovery Policies, Ransomware Prevention, Student Data Privacy, Cyber Incident Response Plans, Tabletop Exercises, Phishing training, and more.

Zero Day and What can be done NOW!

“The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue. “Zero-Day” is commonly associated with the terms Vulnerability, Exploit, and Threat. It is important to understand the difference.” Definition from Crowdstrike

Below are some short tutorials from the Center for Internet Security and CISA on what schools could do NOW to promote cybersecurity.

Tools, Presentations and Resources