The federal agency that oversees the largest technology program for schools put a question to educators late last year: Should the E-rate program, which primarily helps schools and libraries connect to the internet, start allowing districts to use the money for more advanced internet security firewalls?
The answer from 11 education organizations to the Federal Communications Commission? An emphatic yes.
The list includes the Consortium for School Networking (CoSN), which represents ed-tech leaders; the Council of Chief State School Officers; the Council of the Great City Schools, which represents the leaders of large urban districts; and the State Education Technology Directors Association.
“This needed program update serves a vital educational purpose, and will help to ensure continuous, uninterrupted broadband connectivity,” the organizations wrote in response to the FCC’s December query to the K-12 field. Comments on the proposal were due to the agency by Feb. 13.
The E-rate program has been around since the mid-1990s and is funded through fees on certain telecommunications services.
Currently, the program has a spending cap of $4.4 billion, but it has been allocating far less than that. Last year, E-rate doled out about $2.4 billion, and the year before that, it gave out a little less than $2.1 billion. The lower demand for the funds is due, in part, to changes made to the program in 2014 and declining broadband costs.
But during that time, schools’ cybersecurity needs increased significantly as cyberattacks became more frequent and sophisticated, said Keith Krueger, CoSN’s executive director. He noted that just last month, schools in Des Moines, Iowa, shut down for two days because of a cyberattack.
These incidents have a “real impact on students and teachers in a whole variety of ways,” Krueger said, including lost instructional time, potential identity theft, and a damaged reputation to the school system.
The K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks, estimates that there have been more than 1,330 publicly disclosed cyberattacks against schools since 2016, when the organization first began tracking them. Hackers have targeted districts of all sizes, including Los Angeles Unified, the nation’s second largest.
Funds for Learning, a consulting company that helps school districts identify how to use E-rate funds to pay for their technology needs, also supports using the program to cover the cost of advanced firewalls.
The organization shared comments from school district officials it surveyed on the issue with the FCC: “Cybersecurity is huge. Support for this is definitely needed,” wrote one official from a rural Wisconsin district. “Network security is mission critical to all K-12 schools,” said another from a rural Vermont district.
‘A holistic strategy” for preventing cyberattacks
But having the FCC take on such a big role related to cybersecurity is not a no-brainer, since other federal agencies, particularly the U.S. Department of Education and the Cybersecurity Infrastructure Security Agency (CISA) also have responsibility for helping schools secure their networks, said Doug Levin, the national director of the K12 Security Information Exchange and a prominent expert on cybersecurity and schools.
In fact, CISA has advised schools to implement other fixes than advanced firewalls, such as training staff members on cybersecurity measures, putting in place multi-factor authentication, and patching exposed servers, Levin said. They have not recommended advanced firewalls, which can require ongoing maintenance and monitoring, he added.
“CISA in their first ever report on K-12 lays out the components of a holistic strategy for mitigating K-12 cyber risk,” said Levin in an email. “This is a big deal.”
Krueger agrees that dealing with the problem will require action by states, local districts, and other federal agencies, not just the FCC. But for the agency “not to even be in the game, when it’s the biggest funder of technology, is crazy,” Krueger said.
Though Levin is not convinced it’s the right move to give the FCC influence over cybersecurity, he thought the comments on the agency’s proposal underscored the need for some sort of federal funding to prevent and mitigate school cyberattacks.
In the face of current threats, “schools need more robust, targeted federal assistance,” Levin said.