Subscribe
Graphic of school and circuits

According to the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency, cyber attacks on K-12 schools are so prevalent that, on average, there is more than one per school day. (CISA)

(Tribune News Service) — In an important step toward federal funding for much-needed school cybersecurity tools and services, the application window for the three-year $200 million Schools and Libraries Cybersecurity Pilot Program is set to open this fall, although as of press time, the exact date had yet to be announced.

Approved by the Federal Communications Commission (FCC) in June, the program’s short-term goal is to fund cybersecurity measures for a select group of K-12 schools and libraries most in need. Long term, the aim is to gather data on the resources necessary to improve cybersecurity in schools and libraries throughout the United States.

Leaders of education organizations such as the nonprofit Schools, Health and Libraries Broadband Coalition (SHLB) said the hope is the FCC will use the pilot data to add appropriate cybersecurity funding to its E-rate program. E-rate currently helps schools and libraries pay for telecommunications and Internet services but does not fund cybersecurity measures beyond a basic firewall.

“These schools and libraries, they’re the most cyber-poor but information-rich public institutions,” SHLB Executive Director John Windhausen said. “They have all kinds of data about students, parents, teachers, and yet they don’t have the resources to invest in the most necessary cyber protections, so unfortunately it makes them easy targets for cyber criminals to go after.”

According to the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency, cyber attacks on K-12 schools are so prevalent that, on average, there is more than one per school day. The incidents range from data breaches and hacks to phishing, denial of service and ransomware attacks.

“For decades, the Federal Communications Commission has helped schools and libraries secure access to communications services through the E-rate program,” FCC Chair Jessica Rosenworcel said in a public statement. “We now know, though, that connecting these institutions can also introduce security challenges.”

In an effort to fund and explore solutions to these challenges, the pilot will help schools and libraries pay for cybersecurity measures under four eligible categories: advanced firewalls; endpoint protection; identity protection and authentication; and monitoring, detection and response.

The new program will use Universal Service Fund monies, which come from telecommunication fees, to support the purchase of approved cybersecurity measures without cutting into existing E-rate funds. The amount of financial support a school receives will depend on its FCC-determined discount rate, which can range from 20 to 90 percent and is based on the school’s poverty level, the FCC reports.

From the pool of pilot applicants, the FCC plans to select a diverse set of participants representative of schools that are large, small, urban and rural with an emphasis on low-income and tribal applicants. The $200 million in funding will be spread among the participants over the course of the three-year program according to their cybersecurity needs and discount rate.

Mindy Fiscus, board chair of the nonprofit State Educational Technology Directors Association (SETDA), said the pilot will probably not provide cybersecurity funding for a large number of schools. However, the potential to modernize the E-rate program using data from the program could benefit many institutions in the long run, she said.

“Will this pilot cover all of our needs? Highly likely it will not, but it will give us a very good idea of what kind of services we need, what the cost of those services will be and how we can scale that to meet the need,” Fiscus said. “I think that’s the hope and the promise of this pilot.”

As director of government affairs for the Learning Technology Center of Illinois and one of the state’s E-rate coordinators, Fiscus said Illinois alone takes in more than $100 million in E-rate funds each year. With only $200 million in cybersecurity funds available to all pilot participants throughout the three-year program, a strong showing in the application process is critical, she said.

“I’m just hoping that we cast a very wide net, so that we can really educate the FCC on the demand and on the differences and really allow them to pick and choose what will be the best pilot,” Fiscus said.

Brian Stephens, an E-rate guide with the consulting firm Funds For Learning, also emphasized the need for as many schools as possible to apply for the pilot program, no matter their socioeconomic status, in order to best inform the FCC.

“My hope is that they just get avalanched with applications,” Stephens said. “The more complete data set they have, the bigger picture they can get, the better decisions they can make for the E-rate program moving forward.”

Prerequisites for the application process include obtaining an FCC registration number and Billed Entity Number, creating a user profile in the E-Rate Productivity Center, and registering with the System for Award Management. These should already be met by current and former recipients of E-rate funding. However, E-rate participation is not a requirement for the pilot program.

To apply for the pilot, schools and libraries will use FCC Form 484 Part One, where they will be asked to report information such as their experience with cybersecurity matters, their proposed pilot project, the services and equipment to be purchased, and the associated costs.

If chosen for the program, participants will need to provide further details about their cybersecurity issues and experience on FCC Form 484 Part Two. They will then be instructed on the process of soliciting bids for the desired equipment and services.

After a competitive bidding process, participants will submit requests for their cybersecurity measures and receive a decision letter either approving or denying those requests. Upon delivery of approved equipment and services, requests for reimbursement can be submitted by participants and service providers.

The entire process, from application to bidding to reimbursement, aims to mimic the existing E-rate program, which many schools may already be familiar with, according to the FCC’s website.

“This pilot will provide us with the information necessary to analyze whether and how the commission should update our E-rate program to help schools and libraries help themselves against the ongoing cyber threat,” FCC Commissioner Geoffrey Starks said in a public statement.

The Consortium for School Networking (CoSN), a professional association for K-12 ed-tech leaders, along with other education organizations such as SHLB and SETDA, had pushed for a shorter pilot program and immediate E-rate funding for advanced firewalls. However, the opening of this fall’s application window is widely viewed as a welcome step in the right direction.

Reg Leichty, CoSN’s outside counsel and lobbyist, said the timing should allow schools to focus on the pilot application before turning their attention to next year’s E-rate forms. It also marks the start of long-awaited progress toward potential E-rate funding for schools’ urgent cybersecurity needs.

“We’re really pleased that the agency has decided to open the application window this fall. And it’s absolutely essential that the agency stick to that commitment to roll it out this fall, which I think they will,” Leichty said. “And then, of course, that starts the clock — that gets us to three years as fast as we can.”

This story originally appeared in the September/October 2024 issue of Government Technology magazine.

(c)2024 Government Technology

Visit Government Technology at www.govtech.com.

Distributed by Tribune Content Agency, LLC.

Sign Up for Daily Headlines

Sign up to receive a daily email of today's top military news stories from Stars and Stripes and top news outlets from around the world.

Sign Up Now