As cyberattacks on schools grow increasingly disruptive and complex, the Federal Communications Commission wants to hear what educators think about allowing schools to use federal E-rate funds to
The request for comment on that proposal鈥攐ften the first step in revising the rules for federal programs鈥攚as posted Dec. 14, and comments are due Feb. 13.
The FCC is likely to get an earful from the K-12 community over the next two months, including some voices clamoring in favor of the proposal, and others who caution it may divert resources from the E-rate鈥檚 primary focus of connecting schools and libraries to the internet, without doing much to improve cybersecurity.
On the one hand, the FCC鈥檚 move follows more than a year of pleading from district superintendents, tech leaders, and even members of Congress, for additional resources for K-12 cybersecurity.
For instance, less than two months ago, more than 1,100 school districts submitted a joint letter asking the FCC to revise the E-rate鈥檚 more than a decade old definition of 鈥渇irewall鈥 so that districts could use the money to upgrade their cybersecurity resources to meet current needs.
鈥淪chool districts and libraries nationwide are fighting increasingly sophisticated cyberattacks and their aftermath with funding meant to be used for meeting the instructional ... needs of our students,鈥 the districts wrote.
And just last week, Rep. Doris Matsui, D-Calif., wrote to FCC Chair Jessica Rosenworcel asking her to explore allowing districts to tap federal E-rate funds for cybersecurity.
Fans of the idea of using E-rate funds, in part, for cybersecurity include the Consortium for School Networking or CoSN, the Council of the Great City 69传媒, the State Educational Technology Directors Association, and the National School Boards Association.
鈥淭hreats to education data and networks have continued to grow,鈥 said Keith Krueger, CoSN鈥檚 executive director, in an email. 鈥淲e hope the agency will work swiftly following the comment period, given the severe cybersecurity risk to our students, educators, and school systems.鈥
But not everyone is thrilled about the prospect of tapping the E-rate for cybersecurity.
AASA, the School Superintendents Association, understands the need for more resources to protect schools, but isn鈥檛 sure that the E-rate is the best way to provide them, said Noelle Ellerson Ng, the organization鈥檚 associate director for advocacy and governance.
She worries that expanding the E-rate to include advanced internet firewalls could divert from its primary mission of connecting students and educators to the internet. Her organization plans to submit that perspective to the FCC.
鈥淭his is honestly a great step forward for developing a record of what does and doesn鈥檛 work, and what is and is not well received in the field by practitioners to help solve and address the very real issue of cyber before making any significant changes to the E-rate program,鈥 Ellerson Ng said.
The E-rate program has been around since the mid-1990s and is financed by fees on certain telecommunications services.
Currently, the program has a spending cap of $4.4 billion, but it has been allocating far less than that. Last year, E-rate doled out about $2.5 billion, and the year before that, it gave out a little less than $2.1 billion. The lower demand for the funds is due, in part, to changes made to the program in 2014.
The K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks,, when the organization first began tracking these incidents. Hackers have targeted districts of all sizes, including Los Angeles Unified, the nation鈥檚 second largest.
鈥淚 think there鈥檚 no question that schools need support around cybersecurity,鈥 said Doug Levin, the national director of the K12 Security Information Exchange.
But Levin said it鈥檚 not clear the E-rate is the best way to provide those resources, given that the U.S. Department of Education and the Cybersecurity Infrastructure Security Agency (CISA) also have responsibility for helping schools secure their networks.
CISA, for instance, has advised schools to train their staff on cybersecurity, put in place multi-factor authentication, and patch exposed servers, Levin said. They have not recommended advanced firewalls, he said.
鈥淲e don鈥檛 have full-time IT staff in every school district, much less have cybersecurity expertise in school districts,鈥 Levin said. 鈥淭hese are advanced tools that require configuration, ongoing monitoring, and maintenance.鈥
What鈥檚 more, if money and technology were all it took to solve cybersecurity woes, then big, well-resourced companies would be safe from cyberattacks, Levin said. But they are not.
Cybersecurity 鈥渋s an issue that plagues organizations with much greater money and much greater technology, technological expertise, and capacity than schools have,鈥 Levin said.
