DeWine's TechGuard Shields Ohio Schools From Cyberattacks, Ditching Federal Red Tape

Cybercriminals have set their sights on our schools, exploiting vulnerabilities in systems that hold sensitive student and staff data. Ohio Governor Mike DeWine, alongside CyberOhio and the Department of Education and Workforce, has launched a groundbreaking response: the TechGuard platform. This initiative delivers hands-on cybersecurity training and simulated cyberattacks to every K-12 school in the state, empowering educators and administrators to fight back against phishing, ransomware, and malware. It’s a decisive step toward safeguarding our children’s information and ensuring schools remain places of learning, not targets for exploitation.

The stakes couldn’t be higher. Schools across the nation face a barrage of cyber threats, with 82 percent of K-12 organizations reporting security incidents between July 2023 and December 2024. Ransomware attacks targeting schools surged by 69 percent in the same period, and phishing emails remain the primary gateway for these breaches. Ohio’s response isn’t just timely; it’s a clarion call for states to take responsibility for their own defenses, rejecting the notion that distant federal bureaucracies hold the answers.

What makes Ohio’s approach stand out is its focus on practical, role-based training. From teachers to cafeteria workers, TechGuard’s 1,300 learning modules equip every school employee with the skills to spot and stop cyber threats. This isn’t about flashy technology or empty promises; it’s about giving real people the tools to protect their communities. As cyberattacks grow more sophisticated, Ohio is proving that local innovation can outpace the threats.

Ohio’s TechGuard initiative reflects a core belief: states and local communities are best equipped to address their unique challenges. By leveraging CyberOhio, a program DeWine pioneered as attorney general, the state has built a robust framework that coordinates efforts across schools, government agencies, and private partners. This approach avoids the one-size-fits-all federal mandates that often burden schools with compliance costs while failing to address specific needs. For example, only 48 percent of school districts nationwide have formal data retention or encryption policies, a gap Ohio is closing through targeted training and resources.

Contrast this with calls from some policymakers for centralized federal oversight, such as expanding the Department of Education’s role or imposing mandatory incident reporting. These proposals risk stifling innovation and diverting resources to bureaucratic red tape. Federal programs like the FCC’s $200 million cybersecurity pilot may sound appealing, but they often come with strings attached, undermining local autonomy. Ohio’s model, rooted in public-private partnerships and state-level coordination, delivers results without surrendering control to Washington.

Historical precedent supports this approach. Since the mid-2010s, states like New York and Texas have successfully implemented school-specific cybersecurity regulations, proving that localized strategies can align with federal guidelines without heavy-handed oversight. Ohio’s adoption of the NIST 800-53 security framework and its IronPort email filtering system, which blocks over 112 million malicious emails annually, further demonstrates that states can lead with precision and accountability.

TechGuard’s strength lies in its evidence-based design. Studies show that organizations with regular cybersecurity awareness training see security incidents drop by up to 70 percent, and trained users are 30 percent less likely to fall for phishing scams. Ohio’s platform delivers customized modules tailored to each school role, from coaches to administrators, ensuring that training is relevant and actionable. Simulated phishing campaigns and ransomware exercises reinforce learning, helping staff recognize threats in real time.

This isn’t theoretical. The 2022 Illuminate Education breach exposed hundreds of thousands of student records, and a 2023 Cleo file transfer breach compromised data from 700,000 Chicago Public Schools students. These incidents highlight the cost of inadequate training and vendor oversight. Ohio’s proactive stance, including its use of the Ohio Cyber Range Institute for hands-on exercises, ensures that schools aren’t just reacting to threats but staying ahead of them.

Some argue that federal grants and standardized frameworks are the answer, but these often prioritize compliance over practical outcomes. Only 52 percent of organizations nationwide conduct anti-phishing simulations, and fewer than 30 percent offer ransomware-focused training. Ohio’s comprehensive approach, backed by the Management Council’s expertise, sets a higher standard, proving that states can deliver measurable results without waiting for federal handouts.

Ohio’s TechGuard initiative is more than a state program; it’s a model for the nation. By prioritizing local control, practical training, and public-private collaboration, the state is addressing a critical need while preserving the autonomy of its schools. This approach aligns with the broader push for state-led solutions, as seen in recent laws like Alabama’s K-12 Technology and Cybersecurity Leadership Act and Virginia’s protections for sensitive cybersecurity data. These efforts show that states can innovate faster and more effectively than federal agencies.

As cyber threats evolve, with AI-driven social engineering and timed attacks exploiting academic calendars, the need for agile, community-driven defenses grows. Ohio’s investment in its 5,000-mile OARnet fiber network and MARCS radio system ensures continuity during crises, while its high school cyber academies prepare the next generation for a digital world. This is what leadership looks like: not waiting for permission, but taking action to protect what matters most.

The alternative—centralized federal mandates—risks creating bloated programs that fail to adapt to local realities. Ohio’s success challenges the narrative that schools need Washington’s guidance to stay safe. Instead, it proves that when states take the lead, they can deliver results that are both effective and sustainable.

Ohio’s TechGuard platform is a testament to what’s possible when leaders prioritize action over bureaucracy. By equipping schools with the tools to combat cyber threats, the state is protecting not just data but the trust of parents and communities. This initiative sends a clear message: our children’s safety and privacy are non-negotiable, and states have the power to make that a reality.

As other states watch Ohio’s progress, they have a choice: follow its lead with bold, localized solutions or cede control to federal overreach. The evidence is clear—state-driven programs like TechGuard deliver results that federal mandates can’t match. Ohio has set the standard; now it’s time for the nation to rise to the challenge and secure our schools for generations to come.