The UC Berkeley Center for Long-Term Cybersecurity (CLTC) serves as a beacon of hope for under-resourced organizations like schools, local governments, and non-profits, which are increasingly vulnerable to a growing volume of cyberattacks. According to a report, there are over 60,000 hacking attempts made against schools every month.
- The CLTC has established a Research Hub that offers tools and support to these under-resourced organizations, enabling them to better defend against cyber threats.
- The hub is staffed by a team of experts from various fields, including cybersecurity, artificial intelligence, and data science.
- The CLTC’s efforts are not limited to research alone; they also provide hands-on support and training to these organizations, allowing them to better understand and mitigate cyber risks.
- By bridging the cybersecurity gap for under-resourced organizations, the CLTC hopes to create a safer online environment for everyone.
- The initiative is a remarkable example of how academia and industry can come together to address a pressing issue and make a tangible difference.
Historical Context
Cybersecurity threats to public institutions aren’t new — they’ve been climbing steadily since the early 2010s. In 2014, the Los Angeles Unified School District suffered a major breach when a former employee accessed and altered student records, exposing weaknesses in internal access controls. A few years later, in 2018, a ransomware attack on Atlanta’s city government shut down key services for days, costing the city over $17 million in recovery. These incidents weren’t isolated. By 2020, the FBI reported a 300% increase in cybercrime complaints since the start of the pandemic, with local governments and educational bodies among the hardest hit.
Schools, in particular, became prime targets. Their networks often run outdated software, lack dedicated IT staff, and store vast amounts of personal data — from student grades to Social Security numbers. Non-profits face similar hurdles. Many operate on tight budgets and rely on volunteers, leaving little room for cybersecurity investment. Yet, they handle sensitive donor and client information, making them attractive to attackers.
Until recently, most cybersecurity innovation came from the private sector, tailored to large enterprises with deep pockets. Startups and tech giants alike built tools for companies that could afford intrusion detection systems, 24/7 security operations centers, and incident response teams. The needs of smaller, underfunded organizations were often an afterthought.
That began to shift in the mid-2010s as researchers and policymakers recognized the systemic risk posed by weak links in the digital ecosystem. In 2016, the U.S. Department of Homeland Security launched the K-12 Cybersecurity Initiative, aiming to improve awareness and response in schools. The Government Accountability Office followed in 2019 with a report urging federal agencies to better support local governments’ cybersecurity efforts. But progress was slow, and implementation uneven.
The CLTC’s Research Hub emerged from this backdrop — not as a sudden response to a single event, but as part of a longer arc of institutional recognition that cybersecurity can’t be left to market forces alone. Founded in 2017, the CLTC itself was built on the idea that long-term digital safety requires collaboration across disciplines and sectors. The Research Hub, launched several years later, puts that philosophy into action by focusing on organizations that have been historically excluded from the cybersecurity conversation.
Key Takeaways
Solving a Critical Problem
The CLTC’s Research Hub is addressing a critical problem that has been largely overlooked until now. With the increasing volume of cyberattacks, under-resourced organizations are finding it increasingly difficult to keep up with the changing threat landscape.
Schools, for example, are targeted not just for their data, but because they’re easy entry points. A compromised school network can serve as a launchpad for attacks on families, universities, or even regional infrastructure. Local governments manage utilities, emergency services, and voting systems — all of which become vulnerable when basic defenses are missing. The ripple effects go far beyond the immediate victim.
The problem isn’t just technical. Many of these organizations don’t know where to start. They lack the expertise to assess their own risk, interpret vendor claims, or prioritize fixes. A 2021 survey by the K-12 Security Information Exchange found that only 18% of school districts had a full-time cybersecurity staff member. That’s where the CLTC steps in — not to replace IT teams, but to equip them with practical, actionable knowledge.
Expert Team
The CLTC has assembled a team of experts from various fields, including cybersecurity, artificial intelligence, and data science. This diverse team is well-equipped to tackle the complex challenges posed by cyber threats.
The integration of AI and data science into cybersecurity isn’t just a buzzword here. It’s central to how the hub operates. Machine learning models help identify patterns in attack data, allowing the team to predict where threats are likely to emerge next. Natural language processing tools scan public breach reports and dark web forums to extract real-time intelligence. These insights are then translated into plain-language guidance that non-experts can use.
The team also includes social scientists and policy researchers, reflecting the CLTC’s broader mission. They study how people make decisions under pressure, how institutions adopt new technologies, and what policy levers can encourage better security practices. That interdisciplinary lens is rare in cybersecurity — a field that often focuses narrowly on code and controls. But it’s essential when working with organizations that don’t think of themselves as “tech” entities.
Hands-on Support
The CLTC’s efforts go beyond mere research; they also provide hands-on support and training to under-resourced organizations. This enables these organizations to better understand and mitigate cyber risks, ultimately creating a safer online environment.
Support takes many forms. Some organizations get direct consultations, where CLTC staff review network configurations, recommend patches, or help draft incident response plans. Others participate in workshops that simulate ransomware attacks or phishing campaigns, giving staff real-world practice in crisis management. The hub also develops open-source tools — lightweight, easy-to-deploy software that can monitor network traffic, flag suspicious logins, or automate routine security checks.
One such tool, currently in beta, uses behavioral analytics to detect insider threats in school districts. It doesn’t rely on expensive hardware or cloud subscriptions. Instead, it runs on existing infrastructure, making it accessible to districts with limited IT budgets. Feedback from early adopters has been positive — administrators report catching unauthorized access attempts they would have otherwise missed.
Training is tailored to the audience. IT staff get technical deep dives. School principals and city managers receive high-level briefings on risk management. Even teachers and frontline workers learn how to spot phishing emails or secure their classroom devices. The goal isn’t to turn everyone into a cyber expert — it’s to build a culture of awareness.
The Scope of the Problem
- There are over 60,000 hacking attempts made against schools every month.
- Under-resourced organizations lack the resources and expertise to effectively defend against cyber threats.
- The CLTC’s Research Hub aims to bridge this gap by providing tools and support to these organizations.
- The initiative is a collaborative effort between academia and industry, bringing together experts from various fields to address a pressing issue.
The scale of exposure is staggering. K–12 schools in the U.S. educate over 50 million students. Each one has a digital footprint — accounts in learning platforms, records in district databases, devices connected to school Wi-Fi. The average school district uses more than 700 different ed-tech tools, many of which collect and store personal data. That’s a vast attack surface, often guarded by a single overworked IT person.
Local governments aren’t much better off. A 2022 report from the National Association of Counties found that 60% of counties had no dedicated cybersecurity staff. When attacks happen — and they do, frequently — response is delayed, recovery is slow, and data is often lost for good.
Non-profits sit in the same trap. They may handle medical records, legal aid data, or immigration information. A breach can destroy trust in a matter of hours. Yet most don’t have the funds to hire consultants or buy enterprise-grade software.
The CLTC’s hub doesn’t pretend to solve all of this overnight. But it does offer a model: start small, focus on the most urgent risks, and build capacity over time. It’s not about perfection — it’s about progress.
The Future of Cybersecurity
As the threat landscape continues to evolve, it’s essential that under-resourced organizations have access to the tools and support they need to stay ahead of cyber threats. The CLTC’s Research Hub is a crucial step towards creating a safer online environment for everyone.
The hub’s approach could influence how cybersecurity is taught, funded, and implemented in the public sector. If successful, it might inspire similar centers at other universities. Imagine a network of regional hubs, each adapted to local needs — one focusing on rural school districts, another on urban housing authorities, a third on tribal governments.
There’s also potential for policy impact. Right now, federal funding for local cybersecurity is fragmented. Some grants exist, but they’re often hard to access or come with rigid requirements. The CLTC’s work could inform future legislation, showing what kinds of support actually work on the ground.
What This Means For You
The CLTC’s Research Hub has significant implications for under-resourced organizations, which will now have access to the tools and support they need to better defend against cyber threats. As the threat landscape continues to evolve, it’s essential that organizations of all sizes take proactive steps to ensure their online security.
For a school district IT director, this could mean getting help configuring firewalls or interpreting audit logs without paying for a third-party consultant. It could mean receiving an alert from a CLTC-developed tool that someone tried to exfiltrate student data — and knowing exactly who to call.
For a city manager overseeing a small-town government, it might mean attending a tabletop exercise that walks them through a ransomware attack. They’ll learn which systems to prioritize, who needs to be notified, and how to communicate with the public — all before a real crisis hits.
For a non-profit founder running a community health clinic, it could mean using a free, open-source checklist from the hub to assess their digital hygiene. They’ll learn how to encrypt patient files, secure their email, and train staff — practical steps that don’t require a tech background.
These aren’t hypotheticals. Early pilot programs have already reached dozens of organizations. The feedback is consistent: people feel more prepared, more confident, less alone.
What’s Next?
As the CLTC’s Research Hub continues to grow and evolve, it will be fascinating to see how it tackles the complex challenges posed by cyber threats. Will it be able to bridge the cybersecurity gap for under-resourced organizations? Only. But the direction is promising.
The hub plans to expand its outreach to more regions, partner with additional industry stakeholders, and refine its tools based on real-world feedback. Metrics will matter — not just how many attacks are prevented, but how many organizations feel more capable of managing risk.
There are still questions. Can this model be sustained without constant grant funding? How do you measure success when the goal is often to prevent something that never happens? And can a university-based team keep pace with attackers who adapt daily?
Those challenges won’t vanish. But the CLTC isn’t trying to build a fortress. It’s trying to build resilience — one school, one city, one organization at a time.
Sources: Dark Reading, UC Berkeley
