Corrected: The Federal Communications Commission created the E-rate program.
The federal E-rate program has the potential to be a well of funding for cybersecurity that K-12 schools and libraries are eager to tap to protect themselves from increasingly sophisticated cybercriminals.
Traditionally a source of funding for internet connectivity, schools and libraries should be able to use E-rate funds for cybersecurity upgrades, according to an annual report on recipients’ attitudes toward the program. Ninety-five percent of those surveyed as part of the report said they either agree or strongly agree they should be able to do so—reflecting the reality that schools are frequently the targets of cyberattacks.
For cybercriminals, school districts are often like unlocked treasure chests—full of valuable student data for ransoming or selling on the dark web. Districts don’t typically have the resources to protect that data against increasingly sophisticated cyberattacks.
There were at least 1,619 publicly disclosed cyberattacks on school districts or individual schools between 2016 and 2022, according to an annually updated database maintained by the K12 Security Information Exchange, a nonprofit dedicated to helping schools prevent such attacks.
That’s likely a significant undercount as school districts and individual schools are not required in most states to publicly disclose whether they have been the victim of an attack. These cyberattacks include data breaches and hacks, ransomware attacks, phishing attacks, and denial of service attacks.
The annual “E-rate Trends” report from Funds for Learning, a consulting firm specializing in helping school districts identify how to use the funds, draws its findings from a June survey of schools and libraries across the country as well as publicly available data on the E-rate funding requests. While it asked E-rate recipients questions related to other benefits and challenges of the program, cybersecurity emerged as a prominent theme.
“The results of the 2023 applicant survey make clear the immediate and substantial need for cybersecurity in today’s educational institutions, with E-rate applicants advocating for proactive approaches toward safeguarding our students and library patrons,” said Funds for Learning CEO John Harrington, in the forward to the report.
The E-rate program has a current spending cap of $4.4 billion, but it has been distributing much less than that on an annual basis. It dished out $2.5 billion last year and $2.1 billion the previous year.
Many schools want more advanced firewalls, but experts are split on the efficacy
Nearly a quarter of schools and libraries in the survey indicated that their most recent major investment in cybersecurity upgrades had taken place three or more years ago. A little less than half—47 percent—said they had made a major investment in cybersecurity products or services in the past year. Slightly less than half also indicated that they have a line item in their budget for cybersecurity.
The U.S. Federal Communications Commission, which created the E-rate program, is exploring the possibility of making the funding eligible for more advanced internet security firewalls, something that the vast majority of schools and libraries surveyed said they would like to see happen.
Several education organizations, such as the Consortium for School Networking, the Council of Great City Schools, and Funds for Learning have also been pushing to make more advanced internet security firewalls eligible for E-rate funding. The FCC took public comments on the issue early this year, and the agency’s chair, Jessica Rosenworcel, announced a separate proposed pilot program this summer that would provide up to $200 million in competitive grants to schools and libraries to fortify their cyber defenses.