- The FCC is calling attention to the urgent need for more tools–including funding–to combat K-12 cybersecurity risks
- A new proposal would allocate up to $200 million over three years to harden cyber defenses and determine the most effective methods to protect schools and libraries
- See related article: Are ransomware attacks the new snow days?
Federal Communications Commission Chairwoman Jessica Rosenworcel is asking her fellow Commissioners to support a proposal that would take further steps to enhance cybersecurity protections to protect school networks.
In a speech before the School Superintendents Association and the Association of School Business officers, Rosenworcel said she would be sharing with her colleagues a plan to create a pilot program to invest in cybersecurity services for eligible K-12 schools and libraries.
“With the growing number of sophisticated cyberattacks on schools and especially the rise in malicious ransomware attacks that harm our students, now is the time to take action,” said FCC Chairwoman Jessica Rosenworcel. “We’re proposing a significant investment of up to $200 million over three years to harden the cyber defenses and determine the most effective methods to protect our schools and libraries. Our pilot program will work in tandem with federal agency partners that have deep expertise in this area.”
While addressing the pressing need for K-12 cybersecurity defenses is essential, some industry experts caution that more is needed to support these measures.
“While the proposal is a promising start, it lacks the necessary groundwork for enduring impact,” said Doug Thompson, chief education architect at Tanium. Thompson identified three key limitations that may undermine its success without proper support:
1. Sustainability post-pilot: The initiative is set as a 3-year pilot, raising concerns about its sustainability. Schools taking advantage of the funding to either establish or enhance their programs might find themselves in a predicament once the financial support ends, Thompson said. When considering advanced technologies, which often necessitate annual subscriptions or SaaS, schools might be unable to maintain these services without external funding. This lack of long-term financial commitment can deter schools from investing in temporary solutions. The recent history of COVID funds serves as a cautionary tale. Many schools, uncertain of sustained funding, only spent the COVID relief money on expenses they knew they could cover over time, avoiding long-term commitments. The absence of an enforcement mechanism in the proposal further diminishes its attractiveness to potential participants.
2. Staffing and bandwidth: Schools often struggle with insufficient IT staff, and this proposal does not address this issue. Implementing advanced cybersecurity measures requires specialized skills that are hard to find and retain, especially given schools’ budget limitations. Without addressing this, the proposal may inadvertently strain already overburdened school IT departments, he noted.
3. Outdated E-Rate program: “I’ve long argued that the E-rate program needs an overhaul. The current focus on telecommunications infrastructure does not prioritize cybersecurity. It’s an outdated approach, like building roads without considering safety measures,” Thompson added.
A more holistic approach, which Thompson refers to as “whole of state,” is a potential solution. “This strategy would consider all state-owned devices and leverage state resources more effectively, avoiding the silo effect. This model mimics strategies used by global enterprises,” he said. “Unfortunately, technical solutions are only one piece of the puzzle. The real challenge lies in changing the policies, procedures, and cultures to support this new paradigm–a change that will require time, dedication, and courage.”
The proposal is another step in Rosenworcel’s recently launched Learn Without Limits initiative to modernize the E-rate program, which was established in 1996 to provide funds to libraries and schools for basic internet connections. Learn Without Limits was kicked off at a June 26 speech Rosenworcel gave at the American Library Association’s annual conference, where she called on her fellow Commissioners to support new efforts to allow E-rate funding to support Wi-Fi support on school buses. The goal is to provide connectivity to students living in rural areas who spend long hours on school buses to get back and forth from school.
Rosenworcel’s second phase of Learn Without Limits calls on her fellow commissioners to support a proposal allowing E-rate funding to support provision of Wi-Fi hotspots so that libraries, school libraries, and schools can check them out to patrons or students in need in the same way they check out libraries and other learning materials to patrons.
The third phase of Learn Without Limits is a Notice of Proposed Rulemaking, that seeks comment on structuring a pilot program to support cybersecurity and advanced firewall-related services for eligible K-12 schools and libraries. The Commission has been closely looking at this issue for years, and in December 2022 put out a notice seeking public comment whether to add advanced firewalls or other network security services as E-rate eligible services.
This most recent proposal would establish the pilot program within the Universal Service Fund, but separate from the E-rate program, to ensure gains in enhanced cybersecurity don’t come at a cost of undermining E-rate’s success in promoting digital equity.
The Notice of Proposed Rulemaking will require a full vote of the Commission, and the text of proposal will be released upon their adoption.
This press release originally appeared online.
- Teacher burnout persists, but solutions are emerging - September 22, 2023
- “Ambitious growth” is needed to accelerate learning recovery - September 15, 2023
- 5 reasons to use a one-stop-shop communications platform - September 14, 2023