School districts and libraries can soon seek new federal grants to protect against the mounting threat of cyberattacks under a pilot program approved June 6 by the Federal Communications Commission.
The cybersecurity program, which FCC Commissioner Jessica Rosenworcel pitched last year, will provide up to $200 million in competitive grants over three years to help schools and libraries purchase advanced firewalls, anti-virus protection technology, and other cybersecurity equipment.
School districts will be eligible for a minimum of $15,000 and a maximum of $1.5 million, according to the agency’s draft description of the program. Advocates hope the grants will become available as early as this summer or fall.
Cyberattacks, which can cost districts millions of dollars and days or weeks of missed learning time, are becoming an increasingly severe problem for school districts.
Eighty percent of K-12 schools have been targeted by ransomware in the past year, according to a survey of IT professionals conducted last year by Sophos, a cybersecurity firm. That’s a higher percentage than any other industry surveyed, including health care and financial services.
What’s more, school district tech leaders around the country recently named cybersecurity as their top priority for the seventh year in a row, in a survey of 980 K-12 tech officials, conducted by the Consortium for School Networking, or CoSN.
“The expense of addressing these attacks may mean millions for districts that never had this kind of a thing as a line item on their annual budget,” said Rosenworcel in a statement. “The vulnerabilities in the networks we have in our nation’s schools and libraries are real—and growing.”
The pilot will help the FCC decide whether and how to direct further resources to cybersecurity equipment for schools and libraries on a permanent basis, Rosenworcel added.
“We want to learn from this effort, identify how to get the balance right, and provide our local, state, and federal government partners with actionable data about the most effective and coordinated way to address this growing problem,” Rosenworcel said in a statement.
All three Democrats on the panel supported the creation of the program, while both Republicans opposed it.
FCC pilot program is a ‘positive first step’
The cybersecurity grant program follows years of advocacy for additional federal resources for cybersecurity by the CoSN, AASA, the Council of the Great City Schools, the State Educational Technology Directors Association, National School Boards Association, and other education groups.
“This is a positive first step by the FCC,” said Keith Krueger, CoSN’s executive director in an email. “We know that demand is likely to well exceed this modest investment. This is a pilot, and we definitely hope that the FCC will learn from the pilot and then quickly create an ongoing investment that matches the extreme risk that school districts face around cybersecurity. Addressing cybersecurity is the number one priority of ed tech leaders.”
Advocates for district leaders also cheered the investment as a strong starting point.
“We are excited to see formal federal policy that will support school districts in addressing the critical need of cybersecurity for their internet access,” said Noelle Ellerson Ng, the associate executive director for AASA, the School Superintendents’ Association. “We look forward to seeing the benefits of this initial investment and examining the data it generates to help us craft a longer, bigger federal program that can focus on what schools need to secure their networks and what the best practices are.”
The FCC conceded that a $200 million pilot program isn’t large enough to meet K-12 schools’ cybersecurity needs.
“Only a subset of K-12 schools and libraries will likely be selected and receive support to defray their cybersecurity-related costs,” the FCC wrote in the draft document explaining the program. And the agency acknowledged that even school districts that get the grants likely won’t be able to pay for all their cybersecurity needs with the money.
The FCC’s proposed cybersecurity pilot program will be financed separately from the E-rate. That program, which was created in the mid-1990s to improve school and library connectivity, is also administered by the FCC and is paid for primarily through the universal service fund, which is financed through fees on telecommunications services.
‘Fundamentally a misdiagnosis of the root problem’
Doug Levin, the national director of the K12 Security Information Exchange, a nonprofit that supports stronger K-12 cybersecurity, said that while there’s no denying the scope of schools’ challenges, the new program may not do much to alleviate them.
“This is primarily a technology solution,” said Levin, designed as if the difficulty of paying for “commercial cybersecurity solutions are the problem that schools have. … I think that’s fundamentally a misdiagnosis of the root problem.”
The reason schools fall victim to cyberattacks isn’t necessarily because they don’t have the right protective technology in place, Levin explained.
“It’s leadership. It’s training. It’s capacity,” Levin said. “Districts in general are understaffed with respect to technology, but especially with respect to cybersecurity.”
Ellerson Ng agreed that there is more to the problem than just a lack of cybersecurity technology. But she added that money for upgraded equipment has clear benefits.
“There are myriad factors that complicate the work of implementing successful cybersecurity mitigations,” Ellerson Ng said, including professional development and school district policy.
But she added, “We have to be real about the cost associated” with preventing attacks, which are getting increasingly sophisticated “at the exact time that school districts are staring down” the end of federal pandemic relief, on top of diminished state and local revenue.