CIPA Compliance: Cybersecurity Introduction
by Serena Raymond on Mar 9, 2020 12:00:00 AM
Since it was put in place in 2000 by the FCC, schools in the U.S. have had to maintain CIPA compliance. With the proliferation of the internet, CIPA became a necessary precaution to keep children safe online while at school. Over the years, the FCC has made updates to CIPA as the internet has changed a lot in the last 20 years.
CIPA stands for “Children’s Internet Protection Act.” The main goal of the act is to block “children’s access to obscene or harmful content over the Internet.” This protection act "must block or filter Internet access to pictures that are: (a) obscene; (b) child pornography; or (c) harmful to minors (for computers that are accessed by minors)".
Where did CIPA come from?
During the ‘90s and early 2000s, the internet was very different than it is now. Today, roughly 4.5 billion people worldwide are active internet users. In 2000, there were only 361 million internet users worldwide.
We now have an average of over six connected devices per person, whereas in the early 2000s it was under one per person.
A lot of students did not have internet access at home. To access the internet, students had to rely on their schools’ library computers.
In the late ‘90s, the world wide web started to become a major resource for students. Wikipedia was founded in 2001, and persuasive essays were never the same again. Computer classes became mandatory, homework required students to access certain websites, and by 2005 blogging was massively popular. Some students even had email!
Every student had a different reason to be online at school, and it wasn’t always to study. There was a danger of students accessing inappropriate content from violent and disturbing content to pornographic material.
And while data breaches wouldn’t start to become prevalent until 2004, there was a very real danger that students would inadvertently download a computer virus. While this is not a main component of CIPA compliance, it is worth noting.
Internet access at schools today
While a large majority of students certainly have internet access at home, compared to the low number in 2000, students still need to access the internet during school hours.
Students are doing homework during study halls and spending more time in classes where the traditional desk is replaced by a computer work station.
In fact, there are plenty of schools that now send children home with a school-issued laptop. Schools are also responsible for those devices. As in, they’re responsible for what those students access on those computers.
If anything, schools are even more accountable for students’ online behavior than ever before.
Why is CIPA compliance important?
CIPA doesn’t only apply to schools. It also applies to public libraries where children without an internet connection at home are likely to do their homework. CIPA compliance is mandatory for schools and libraries that wish to receive E-rate funding.
The E-rate funding program is a way for schools and libraries to receive affordable broadband or other discounts for internet access and internal connections.
Now that you understand the importance of CIPA compliance, what does it really consist of?
Schools and libraries are required to:
- Implement internet safety policies (also known as Acceptable Use Policy or AUP)
- Monitor the online activities of minors
- Provide education for minors about appropriate online behavior (this includes behavior on social networks, chat rooms, as well as cyberbullying awareness and response)
Their internet safety policies must keep minors:
- From accessing inappropriate content and materials harmful to them
- Safe and secure while using email, chat rooms, or other direct online communications
- From “hacking” or engaging in other unlawful activities
- From disclosing personal information about themselves or their peers
To gain compliance, schools will need to deploy the right type of security software as well as keep up with regular education sessions about appropriate online behavior.
How DNSFilter supports CIPA compliance
At a glance, CIPA requirements focus on mitigating harm to students as well as harm done by students. This includes blocking access to:
- Violent and disturbing content
- Pornographic content
- Content promoting self-harm or harming others
- Malicious content (malware, ransomware, phishing sites)
The easiest and most affordable way to prevent students from accessing this type of content is implementing a DNS security solution. DNSFilter can help schools and libraries block all of these sites and more, keeping students safe and secure online.
In fact, DNSFilter has a prebuilt, one-click CIPA compliance filter making it easy for school and library IT teams to block the websites they need to. DNSFilter also has a roaming clients feature, allowing schools to place these same filtering policies on devices that are taken off of school property.
Interested in learning more about how DNSFilter protects schools from cybersecurity threats? Read our case study.
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.
TL;DR: SASE is broadening—it is about more than just access! It is about endpoint protection and user-based access…and it's called Security Service Edge (SSE). All of the aspects of the joint NSA and CISA guidance on Protective DNS (PDNS) and user-level policies are part of the secure category, originally launched by Gartner in January 2022. Regardless, it’s been interesting to see the NSA and CISA create guidance recognizing the breadth of cyber...