By Sam Rawdon, Grants Development Associate (K-12 Education)
For several years, schools and libraries have been the target of cyber threats that compromise their networks and data. The Cyber Infrastructure Security Agency (CISA) labels these organizations as “target-rich, cyber poor,” and do not always have the necessary resources to implement proper online defenses. Attacks ranging from stealing personal information to causing humiliation and distress online to individuals and organizations have unfortunately become more commonplace and have been on the rise. In fact, according to Forbes Magazine, there was a 72% increase in data breaches in 2023.
The main purpose of the program is to collect the necessary information to better understand how Universal Service Funds (USF) can be leveraged to provide cyber safeguards for schools and libraries. The program is being regulated by the Universal Service Administration Company (USAC), which also administers the very popular E-Rate program that supplies funding for broadband and connectivity efforts. Running concurrently and similarly with E-Rate, the three-year pilot program provides up to $200 million in support to eligible schools, libraries, and a consortium of schools and libraries to cover the costs of a wide variety of cybersecurity services and equipment. These include advanced and next-generation firewalls, endpoint protection, identity protection and authentication, and monitoring, detection, and response (MDR) solutions.
The application process is in two stages: the first step, which ran from September 17 to November 1, 2024, required applicants to evaluate their cybersecurity needs by:
- Establishing participation goals and objectives.
- Identifying risks or threats the pilot program can assist with mitigating.
- Determining their cybersecurity expertise and experience.
- Naming a designated cybersecurity officer or senior staff member.
- Indexing which services and equipment to invest in.
If selected, participants in step two are required to elaborate further on the details they provided in step one of their applications, specifically centered around their cybersecurity experiences. This includes describing the status of their current cybersecurity posture, or a measure of their comprehensive cybersecurity strength and ability to defend themselves against cyber threats. It also includes what prevention and mitigation actions are being taken to manage and address cyber risks, as well as giving a history of any cyber threats and attacks faced within one year of the application date. Any current cybersecurity training efforts or rules and additional cybersecurity challenges (for example, lack of funding or insufficient organizational knowledge) are also required to be elaborated on.
So, what can participants expect after all is said and done? A Public Notice announcing accepted schools, libraries, and consortiums will provide the next steps. This notice includes information about the bid solicitation process and procurement procedures for the requested cybersecurity solutions and services. Following the competitive bidding process, participants can submit their requests and, if approved, will receive a Funding Commitment Decision Letter (FCDL). Then, participants, as well as vendors, can begin the requests for reimbursement process.
To help under-resourced schools and libraries stave off the growing threat of cyber-attacks, the FCC’s Schools and Libraries Cybersecurity Pilot Program will be a vital resource for these agencies to utilize to better prepare themselves in the event of a cybercriminal or hacker attempting to compromise their data and networks. These agencies who are familiar with the E-Rate program will find the process relatively straightforward, however, should be well-prepared to address critical areas such as their current cybersecurity posture, current action steps taken to manage these types of threats, provide information on historical cyber threats or attacks faced within the past year, and elaborate on procedures and training currently implemented at their organizations. Participants can also anticipate a competitive bidding and procurement process that is like E-Rate. This pilot program is a highly important first step in providing much-needed protections to schools and libraries most vulnerable.For more information about the program, visit the program website at https://www.fcc.gov/cybersecurity-pilot-program.
[1] From “Cybersecurity Facts: Facts and Figures You Should Know” by Mariah St. John (Forbes Magazine, Aug. 28, 2024); https://www.forbes.com/advisor/education/it-and-tech/cybersecurity-statistics/