Indiana lawmakers want to mandate uniform cybersecurity policies for schools, state agencies

By Kirsten Adair, IPB News | Published on in Education, Government, Politics, Technology
Representative Matt Lehman wears a black suit jacket and a silver tie. He raises one hand into the air while he speaks into a microphone held in his other hand.
Rep. Matt Lehman (R-Berne) is one of the bill’s sponsors. He said not having these policies in place is like leaving the doors to a building unlocked. (Brandon Smith/IPB News)

Indiana school officials say they are facing increased cybersecurity threats. A bill moving through the House would address mounting cybersecurity concerns by requiring school corporations and some other state agencies to adhere to uniform policies.

Hackers use cybersecurity attacks against schools to steal or sell student information like addresses and Social Security numbers. They can also halt school operations until the district pays them money.

Under SB 472, the Indiana Office of Technology and the Indiana Department of Education would work together on technology resource and cybersecurity policy requirements for school corporations.

The Office of Technology would also develop cybersecurity and technology resource guidelines for some other state agencies, political subdivisions and state educational institutions.

Public entities would be required to report their policies to the IOT every two years.

Rep. Matt Lehman (R-Berne) is one of the bill’s sponsors. He said not having these policies in place is like leaving the doors to a building unlocked.

“I have no key, which means my doors not locked at all,” he said. “This bill says you’ve gotta have a key, and we’re going to give you some parameters and help you with guidelines on how to build that key.”

READ MORE: How do I follow Indiana’s legislative session? Here’s your guide to demystify the process

Join the conversation and sign up for our weekly text group: the Indiana Two-Way. Your comments and questions help us find the answers you need on statewide issues, including our project Civically, Indiana and our 2025 bill tracker.

The bill also creates a grant that would help schools, state agencies and local governments pay for some cybersecurity liability insurance premiums. According to the U.S. Government Accountability Office, increases in the number of cyberattacks have dramatically raised the cost of cybersecurity insurance, which is meant to provide some financial relief in the event of a cyberattack.

Money for that fund would come from fines levied by the Indiana attorney general if an adult website does not properly implement an age verification method, a database owner does not safeguard Indiana residents’ personal information or provide notice of a security breach, or a business otherwise violates consumer data protection law.

Kirsten is our education reporter. Contact her at [email protected] or follow her on Twitter at @kirsten_adair.

NOW PLAYING

Indiana Public Radio

Live on 92.1 FM Muncie | 90.9 FM Marion | 91.1 FM Hagerstown / New Castle

From IPR