# UC Berkeley's Center Bridges Critical Cybersecurity Gap for Schools, Nonprofits, and Local Governments


As cyberattacks targeting public institutions and nonprofits reach historic levels, many organizations—particularly schools, local governments, and smaller nonprofits—lack the resources and expertise to defend themselves effectively. The UC Berkeley Center for Long-Term Cybersecurity (CLTC) is stepping into this gap, providing specialized tools, guidance, and direct support to help under-resourced institutions strengthen their defenses against an increasingly sophisticated threat landscape.


## The Mounting Threat


The scale of cyberattacks targeting critical public institutions has grown exponentially over the past five years. Schools, local government agencies, and nonprofits represent particularly attractive targets for adversaries—they often lack dedicated security staff, operate on constrained budgets, and manage sensitive data including student records, voter information, and financial records.


Recent trends highlight the severity:


  • School districts face ransomware attacks that disrupt operations, compromise student data, and drain limited technology budgets
  • Local governments struggle with infrastructure attacks that impact emergency services, permit systems, and citizen databases
  • Nonprofits managing critical social services face threats that could compromise beneficiary information and operational continuity

    • Unlike large corporations with dedicated Chief Information Security Officer (CISO) positions and six or seven-figure cybersecurity budgets, these organizations often have a single IT administrator managing everything from email servers to network security—a task impossible to execute properly without specialized support.


    ## Who Is the Center for Long-Term Cybersecurity?


    The UC Berkeley CLTC, based at one of the nation's premier computer science and engineering institutions, was founded with a mission to help organizations that don't have access to enterprise-grade security resources. The center bridges the gap between cutting-edge academic cybersecurity research and the practical needs of real-world organizations that typically operate far from Silicon Valley's resource levels.


    Key characteristics of CLTC's approach:


  • Academic rigor combined with pragmatic, implementable solutions
  • Focus on long-term resilience rather than reactive incident response alone
  • Tailored guidance for organizations with minimal existing security infrastructure
  • Direct partnerships with schools, local governments, and nonprofits across California and beyond

    • ## Tools and Resources Available


    CLTC offers a multi-layered approach to closing the cybersecurity expertise gap:


    ### Cybersecurity Assessment Programs

    The center provides structured assessments that help organizations understand their current security posture without requiring expensive external consultants. These assessments identify:

  • Critical vulnerabilities and configuration weaknesses
  • Gaps in access controls and authentication practices
  • Compliance issues related to data protection regulations
  • Prioritized remediation roadmaps

    • ### Open-Source Security Tools and Templates

    Rather than licensing expensive enterprise solutions, CLTC develops and distributes open-source tools specifically designed for resource-constrained environments. These include:

  • Security policy templates tailored for schools and local governments
  • Incident response playbooks
  • Risk assessment frameworks
  • Configuration guides for common systems

    • ### Direct Technical Consultation

    CLTC staff and affiliated researchers provide direct guidance on implementation, helping organizations apply security best practices to their specific environments and constraints.


    ### Training and Capacity Building

    The center offers workshops and training programs designed to build internal cybersecurity capacity within organizations, helping staff understand threats, implement controls, and develop security awareness programs.


    ## Why the Gap Exists


    Understanding why under-resourced organizations remain vulnerable reveals systemic challenges:


    Expertise Shortage

    The cybersecurity industry has created a massive talent gap. Experienced security professionals command premium salaries, and organizations competing for their attention include Fortune 500 companies with unlimited budgets. A school district cannot compete with Microsoft or Google for security talent.


    Budget Constraints

    A typical school district's technology budget must cover hardware, software licenses, network infrastructure, and staffing. Cybersecurity often represents less than 10% of that total, and districts frequently prioritize classroom technology over security infrastructure.


    Complexity and Fragmentation

    Modern IT environments mix legacy systems, cloud services, mobile devices, and third-party integrations—creating a complex attack surface that requires sophisticated expertise to defend adequately.


    Knowledge Asymmetry

    Threat actors have professional-grade tools, training, and organization. Undersourced defenders are fighting with one hand tied behind their back, often lacking even basic awareness of current threats.


    ## Real-World Impact


    CLTC's work has already demonstrated measurable impact across California's educational and public sectors:


  • School districts have implemented foundational security controls preventing common attack vectors
  • Local election offices have strengthened protections around voter databases and election infrastructure
  • Nonprofits serving vulnerable populations have secured sensitive beneficiary information
  • County agencies have improved incident response capabilities and business continuity planning

    • ## Implications for Organizations


    The existence of programs like CLTC sends an important signal: cybersecurity is not exclusively a corporate problem, and support exists for organizations operating outside the enterprise sphere.


    For schools: The CLTC model demonstrates that protection of student data and educational infrastructure is achievable without unlimited budgets—it requires prioritization, structured guidance, and access to expert consultation.


    For local governments: Cybersecurity capabilities directly impact public trust, service continuity, and protection of critical infrastructure. CLTC's approach helps smaller municipalities access expertise previously available only to large cities with dedicated security teams.


    For nonprofits: Organizations serving vulnerable populations—homeless services, domestic violence shelters, healthcare nonprofits—manage particularly sensitive data. CLTC's support helps them protect beneficiaries while maintaining limited IT budgets.


    ## Recommendations for Organizations


    If your organization falls into an under-resourced category, consider these steps:


    1. Conduct an honest assessment of your current security posture—identify which critical systems store sensitive data and which are most vulnerable

    2. Reach out to resources like CLTC to access expert guidance without expensive consulting fees

    3. Prioritize fundamentals over advanced tools—strong password management, multi-factor authentication, and regular patching prevent the majority of breaches

    4. Build internal capacity through staff training and policy development rather than relying entirely on external support

    5. Join peer networks with similar organizations to share best practices and lessons learned

    6. Budget cybersecurity sustainably by allocating modest resources consistently rather than waiting for a breach to force emergency spending


    ## The Broader Picture


    CLTC's work addresses a critical market failure: the commercial cybersecurity industry focuses on large, profitable customers, leaving public institutions and nonprofits under-protected. Academic institutions, with their research capabilities and mission-driven focus, are uniquely positioned to fill this gap.


    As cyberattacks continue to evolve and increase in sophistication, the availability of expert support for under-resourced organizations becomes increasingly critical to protecting everything from student records to voting infrastructure to vulnerable populations served by nonprofits.


    Organizations in schools, local government, or the nonprofit sector that have delayed cybersecurity improvements due to budget or expertise constraints should explore CLTC's resources—they represent a rare opportunity to access expert guidance designed specifically for organizations like theirs.