Representatives from the Utah Education and Telehealth Network described the organization’s statewide role and urged the task force to consider regional staffing and consortium services to raise baseline protections in rural and smaller districts.

"UETN has sort of continued what started at the University of Utah. ... We connect all public education, all of higher education, including private institutions, all charters and over 80 libraries," said Spencer Jenkins, executive director of UETN.

Nut graf: UETN provides statewide network services up to the demarcation point for local entities, hosts consortium contracts such as Canvas, and performs network-level security monitoring and outreach. UETN and its security director, Troy Jessup, recommended using regional service agencies and shared tools—rather than asking every small district to build full security teams—to address staffing and capability gaps.

Troy Jessup described more than 100 local security assessments UETN has performed and the organization’s penetration-testing and incident-response capabilities. "We do assessments that include penetration testing where we go in and try and break into their systems," Jessup said, noting UETN provides many assessments at low or no cost to LEAs.

UETN and the auditors both reported a pattern: degree-granting institutions generally show higher implementation of CIS controls while technical colleges, school districts and charter schools show progressively lower implementation. Jenkins said that trend correlates with the availability of dedicated cybersecurity staff: "When you look at the percentage of institution types with dedicated cybersecurity staff, you can definitely see a difference in the amount of controls."

UETN recommended expanding regional approaches already in place: the four regional service centers funded with technical directors and trainers, shared licensing, coordinated endpoint detection and response (EDR) implementations and regular webinars and incident coordination. Jenkins and Jessup said UETN is already running penetration testing, webinars and an annual SaintCon security conference for education technology staff.

Ending: UETN officials requested continued support for centralized and regional services and suggested the Legislature and task force consider funding staff positions that would extend UETN’s outreach and assessment capacity into underserved districts.