Inside Cybersecurity

July 19, 2024

Daily News

FCC cyber grant pilot program for K-12 schools to collect metrics for informing future support mechanisms

By Jacob Livesay / June 7, 2024

The Federal Communications Commission is aiming to receive useful data on how to help K-12 schools and libraries adopt cybersecurity best practices under a grant program established in a 3-2 vote at a Thursday meeting.

The commission approved a report and order at the meeting to stand up the Schools and Libraries Cybersecurity Pilot Program. The new effort will provide up to $200 million in cyber grant funding over three years.

“We will use this effort, modeled after our earlier and successful Connected Care Pilot Program, to study and better understand what equipment, services, and tools will help protect school and library broadband networks from cyberthreats,” FCC Chairwoman Jessica Rosenworcel said at the meeting.

Rosenworcel said, “Over the course of the next three years, this initiative will make sure gains in enhanced cybersecurity do not come at the cost of undermining E-Rate’s success in promoting digital equity and basic connectivity.”

According to an FCC release, “From this program, the Commission aims to learn how to improve school and library defenses against sophisticated ransomware and cyberattacks that put students at risk and impede their learning. The pilot program will allow the Commission to gather the data needed to better understand whether and how universal service funds could be used to support the cybersecurity needs of schools and libraries and to share lessons learned with our federal partners to jointly combat this growing problem.”

The FCC says, “Modeled after the Connected Care Pilot Program, the pilot program will make $200 million in Universal Service Fund support available to participating schools and libraries to defray the costs of eligible cybersecurity services and equipment. These funds are separate from the Commission’s E-Rate program, to ensure gains in enhanced cybersecurity do not undermine E-Rate’s success in connecting schools and libraries and promoting digital equity.”

A draft version of the report and order was circulated ahead of the meeting.

The FCC sought comments in November on considerations for establishing the pilot program. The initiative is through the FCC’s Universal Service Fund and features mechanisms to provide cyber protections and collect data on how best to protect school and library networks from malicious cyber activity.

Rosenworcel said the FCC will be collecting “actionable data” on the adoption and efficiency of the qualifying range of cybersecurity controls at K-12 educational institutions, in order to discover “the most effective and coordinated way to address this growing problem.”

Industry stakeholders submitted comments in response to the November NPRM, urging the FCC to establish mechanisms for collecting data on the effectiveness of specific resources provided under the pilot.

The Alliance for Digital Innovation and the Funds for Learning praised the FCC’s vote on Thursday.

Dan Wolf, director of ADI’s state programs, said, “This pilot program will provide a valuable tool to K-12 schools and libraries that might otherwise lack the resources to improve their cybersecurity and protect the public’s data.”

Wolf said ADI is “extremely appreciative” of the program’s “flexibility for eligible entities to adopt new cyber technology based on their unique risk profile” under the approved plan.

Funds for Learning CEO John Harrington said, “Cybersecurity in education is not just about protecting data; it's about safeguarding our children's future and ensuring a safe, uninterrupted learning environment for all. We commend the FCC for acknowledging the urgency of these issues and taking initial steps to address the cybersecurity concerns of E-rate applicants.”

Harrington said his group is “dedicated to supporting the Commission's commitment to enhancing the efficacy of the E-rate program, ensuring that our nation's K-12 schools and public libraries have the robust protections needed against rising cyber threats."

Commissioner Geoffrey Starks said, “Our schools possess massive amounts of data about students, including their social security numbers, health records, disciplinary records, and other personally identifiable information. Accordingly, schools are target rich environments for cyberattacks, such as ransomware, and are low hanging fruit because they are often resource constrained and lack cyber expertise. Bad actors know this, and take advantage of it.”

Starks said, “The E-Rate program is one of the Commission’s most important and successful programs. But the connectivity we support must be secure. This Pilot will provide us with the information necessary to analyze whether and how the Commission should update our E-Rate program to help schools and libraries help themselves against the ongoing cyber threat.” -- Jacob Livesay (jlivesay@iwpnews.com)