School districts could apply for new grants to protect against the mounting threat of cyberattacks under a proposal unveiled July 12 by Jessica Rosenworcel, the chair of the Federal Communications Commission.
The proposed pilot program would provide up to $200 million in competitive grants over three years to help schools and libraries guard against cyberthreats, which have become increasingly sophisticated in recent years.
“To an outsider, cybersecurity might not be an obvious priority for schools and libraries,” said Rosenworcel in a speech to school district leaders attending a legislative advocacy conference of AASA, the School Superintendents Association, here. “But to those of you working firsthand with education technology, cybersecurity is a major area of concern. That’s because schools are increasingly a prime target for cyberattacks.”
The K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks, estimates that there have been more than 1,330 publicly disclosed attacks since 2016, when the organization first began tracking these incidents. Hackers have targeted districts of all sizes, including Los Angeles Unified, the nation’s second largest.
In fact, cybersecurity has ranked as the No. 1 priority among K-12 technology leaders for five years in a row, according to a report released in March by the Consortium for School Networking.
The FCC’s proposed cybersecurity pilot program—which must be approved by the five-member commission—would be financed separately from the E-rate. That program, which was created in the mid-1990s to improve school and library connectivity, is also administered by the FCC.
The possibility of new cybersecurity grant money is welcome news for some school district officials who support new federal resources for cybersecurity, but did not want to lose resources from the main source of federal funding for school and library connectivity, the E-rate program.
If the pilot program is approved by the full commission, the FCC would study the impact of it to determine next steps, Rosenworcel said. “Ultimately, we want to learn from this effort, identify how to get the balance right, and provide our federal, state, and local government partners with information about the most cost-effective way to address this growing problem,” she said.
Under the proposal, the FCC would collaborate with other agencies that have expertise on cybersecurity or K-12 schools, including the Cybersecurity and Infrastructure Security Agency and the Department of Education, Rosenworcel added.
‘Connectivity that isn’t safe and secure is not very useful’
The cybersecurity grant program follows years of advocacy for additional federal resources for cybersecurity by the CoSN, AASA, the Council of the Great City Schools, the State Educational Technology Directors Association, National School Boards Association, and other education groups.
David Schuler, AASA’s executive director, praised the move as a “common-sense proposal; in an age where cybersecurity threats are only growing in scope, frequency and cost, it is irresponsible and reckless to not proactively address the critical needs schools and libraries face in navigating cybersecurity programs, threats, and responses,” he said in a statement.
Keith Krueger, the executive director of CoSN, urged the FCC to act quickly.
“We’re excited that they’ve taken the first step,” said Krueger, whose organization represents school district chief technology officers and other ed-tech leaders in schools. “Our advice is to move as expeditiously as possible. This is a four-alarm fire for most school districts that are trying to protect data and provide safe connectivity.”
Doug Levin, the national director of the K12 Security Information Exchange, commended the FCC for taking action in what he sees as a critical area. But, in the same breath, he said he doesn’t expect that $200 million, spread across three years, would be sufficient to address districts’ escalating security needs.
That amount “is absolutely miniscule versus the scope of the challenges facing school systems,” Levin said. School districts will likely need to sign up for services that will require annual subscription fees to secure their networks, he said, or purchase technology that will have a relatively short shelf-life.
School cybersecurity is “a complicated problem and it’s certainly not something that can be solved with just the purchase of an advanced firewall or services for a limited amount of time,” Levin explained.
Krueger agreed that the pilot, if approved, would likely need further investment. The proposal “won’t be able to solve every aspect of cybersecurity” in schools, but it’s a start, he emphasized.
E-rate has helped connect most schools and libraries to high-speed internet, Krueger added, but “connectivity that isn’t safe and secure is not very useful.”
The cybersecurity proposal is just one piece of Rosenworcel’s broader push to provide the technology services that she thinks schools need.
For example, in a speech last month at the American Library Association’s annual conference, Rosenworcel called on her fellow commissioners to support allowing E-rate funding to cover Wi-Fi connectivity on school buses.
That could be a particular boon in rural districts, where students might commute an hour each way to school. The connectivity could allow them to complete homework or do other enrichment work while riding on buses.
“We know like never before that high-speed internet access is essential for everyone to have a fair shot at success,” Rosenworcel said in the June 26 speech, according to prepared remarks. “And we know that when we are all connected we can expand access to information and opportunity for all.”
Unlike the proposed cybersecurity grant program, the Wi-Fi hotspots and buses program would be financed through the E-rate program.
Currently, the E-rate program has a spending cap of $4.4 billion, but it has been allocating far less than that. Last year, E-rate doled out about $2.5 billion, and the year before that, it gave out a little less than $2.1 billion. The lower demand for the funds is due, in part, to changes made to the program in 2014 as well as declining data costs.
