FCC proposes 3-year cybersecurity pilot

The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.

K-12 Dive | By Roger Riddell | November 16, 2023

Dive Brief:

• The Federal Communications Commission this week proposed a three-year pilot program to study how the agency’s Universal Service Fund can help schools and libraries fight cybersecurity threats.
• The pilot program, which would cost up to $200 million and is separate from the agency’s E-Rate program, was approved by the full commission and builds upon Chairwoman Jessica Rosenworcel’s Learn Without Limits initiative to ensure access to high-speed broadband connectivity in schools and libraries.
• The FCC will seek public comment on the proposal upon its publication in the Federal Register, which is expected soon. Once that 30-day period ends, the agency will review the comments, develop program requirements, and vote on whether to proceed with creating the Schools and Libraries Cybersecurity Pilot Program.

Dive Insight:

Rosenworcel has made closing the digital divide a top-of-mind priority for much of her tenure at the FCC, and the added focus on school and library cybersecurity is an extension of that commitment.

The chairwoman initially proposed investing up to $200 million over three years to boost school and library cybersecurity during a July speech at the Legislative Advocacy Conference in Washington, D.C., co-hosted by the Association of School Business Officials International and AASA, The School Superintendents Association.

There were no significant changes between that initial proposal by Rosenworcel and the pilot program announced in the notice of proposed rulemaking released this week, according to an FCC spokesperson.

The proposal follows demands from lawmakers, E-Rate applicants and school connectivity advocates that the FCC reevaluate its ability to address cybersecurity threats against schools. An October 2022 survey of 2,085 E-Rate applicants from consulting firm Funds For Learning, for instance, found that 98% of respondents wanted network security included in expenses eligible for E-Rate coverage.

In its notice of proposed rulemaking, the FCC wrote that it is “clear that the E-Rate program alone cannot fully address the K-12 schools’ and libraries’ cyber concerns and protect their broadband networks and data from cyber threats and attacks.” As a result, it is focusing on exploring how the broader Universal Service Fund, under which the E-Rate program is administered, can help address these concerns.

Though the cybersecurity proposal is a “crucial step forward,” its timeline “does not match the urgent need for cyber-security protections,” said John Windhausen, executive director of the Schools, Health & Libraries Broadband Coalition, in a Tuesday statement.

Citing the dozens of schools and libraries that have fallen victim to cyberattacks in the past two years, Windhausen called for the FCC “to shorten the pilot to a one-year trial to provide schools and libraries with the resources they need as quickly as possible.”

The education sector has become a particularly popular target for ransomware attacks, in which malware is used to encrypt and deny access to data and files in exchange for a ransom. Worldwide, ransomware attacks against K-12 and higher education have breached 6.7 million personal records and are estimated to have cost over $53 billion in downtime between 2018 and mid-September 2023, according to data from Comparitech, a cybersecurity and online privacy product review firm.