- California's community college system may soon receive $100 million to bolster cybersecurity after tens of thousands of fake student applications flooded campuses last year in a suspected effort to fraudulently obtain student aid.
- Lawmakers considered the funding, which is part of Gov. Gavin Newsom's budget proposal, during a committee hearing Tuesday about the state's higher education funding for fiscal 2023. Although they didn't vote on the issue, no one voiced any opposition.
- The proposal would allocate $25 million in annual funding, which could be used for hiring staff to combat cyberattacks and contracting with consultants to assess cybersecurity efforts. The remaining $75 million would be one-time funding for initiatives such as assessing system vulnerabilities and purchasing software to detect fraudulent applications.
The proposal comes after news broke last year that the 1.8 million-student California Community Colleges system received some 65,000 fraudulent student financial aid applications. The applications prompted the U.S. Department of Education to launch an investigation, and at least six community colleges told EdSource they suspect they've given financial aid to fake students.
The proposal could help the system improve its cybersecurity, according to a legislative analysis. The analysis recommends that lawmakers approve $23 million of the proposal devoted to ongoing funding for cybersecurity staff, which would ensure each community college district has at least one employee devoted to such efforts. It also recommends that lawmakers approve the bulk of the one-time funding but allocate funds in a way that gives the least prepared colleges the most money. Lawmakers should request more information on other proposed line items, it said.
"We find merit with providing funds for colleges that they can use to hire some dedicated cybersecurity staff," Paul Steenhausen, a policy analyst for the California Legislative Analyst's Office, said during Tuesday's hearing. "You don't have that in a lot of colleges."
System officials also voiced support for the proposal.
"Our system needs a strong investment in technology resources, especially cybersecurity," Lizette Navarette, an executive vice chancellor for the system, said during the hearing. "The severity of our needs continue to increase."
Navarette added that another community college district experienced a cybersecurity attack last month but did not specify which one. Officials suspect that previous attacks have targeted part of the roughly $1.6 billion that the system received in coronavirus relief funding.
The California Community Colleges system is a target for fraud because it offers admission to all applicants, one community college official told EdSource. California isn't the only place, however, where scammers have sought to take advantage of low barriers to student enrollment. Salt Lake Community College said last week that it has also received fraudulent applications after the institution waived application fees, but officials have not specified how many they've received.
Potential students submit their applications to California's community colleges through a systemwide portal called CCCApply. The one-time funding would include $5 million to redesign the platform to add security features and data reporting capabilities to track applicant information.
"Modernizing state and district-level technology and infrastructure and CCCApply are critical to ensure faculty and student sensitive data are protected from these attacks," Navarette said Tuesday.
The system chancellor's office has indicated that it plans to require districts to meet certain requirements to receive any of the proposed funding, according to the legislative analysis. Those would include completing an annual cybersecurity self-assessment and submitting monthly reports on any incidents of application, enrollment or financial aid fraud.
The system's community colleges have failed to report such information to the chancellor's office before. Although the office requested that all 116 colleges in the system report fraud involving fake students, roughly 40% of them did not submit such information, the Los Angeles Times reported.