School districts and libraries can soon seek new federal grants to protect against the mounting threat of cyberattacks under a pilot program approved June 6 by the Federal Communications Commission.
The cybersecurity program, which FCC Commissioner Jessica Rosenworcel pitched last year, will provide up to $200 million in competitive grants over three years to help schools and libraries purchase advanced firewalls, anti-virus protection technology, and other cybersecurity equipment.
School districts will be eligible for a minimum of $15,000 and a maximum of $1.5 million, according to the . Advocates hope the grants will become available as early as this summer or fall.
Cyberattacks, which can cost districts millions of dollars and days or weeks of missed learning time, are becoming an increasingly severe problem for school districts.
Eighty percent of K-12 schools have been targeted by ransomware in the past year, according to a survey of IT professionals conducted last year by Sophos, a cybersecurity firm. That鈥檚 a higher percentage than any other industry surveyed, including health care and financial services.
What鈥檚 more, school district tech leaders around the country recently named cybersecurity as their top priority for the seventh year in a row, in a conducted by the Consortium for School Networking, or CoSN.
鈥淭he expense of addressing these attacks may mean millions for districts that never had this kind of a thing as a line item on their annual budget,鈥 said Rosenworcel in a statement. 鈥淭he vulnerabilities in the networks we have in our nation鈥檚 schools and libraries are real鈥攁nd growing.鈥
The pilot will help the FCC decide whether and how to direct further resources to cybersecurity equipment for schools and libraries on a permanent basis, Rosenworcel added.
鈥淲e want to learn from this effort, identify how to get the balance right, and provide our local, state, and federal government partners with actionable data about the most effective and coordinated way to address this growing problem,鈥 Rosenworcel said in a statement.
All three Democrats on the panel supported the creation of the program, while both Republicans opposed it.
FCC pilot program is a 鈥榩ositive first step鈥
The cybersecurity grant program follows years of advocacy for additional federal resources for cybersecurity by the CoSN, AASA, the Council of the Great City 69传媒, the State Educational Technology Directors Association, National School Boards Association, and other education groups.
鈥淭his is a positive first step by the FCC,鈥 said Keith Krueger, CoSN鈥檚 executive director in an email. 鈥淲e know that demand is likely to well exceed this modest investment. This is a pilot, and we definitely hope that the FCC will learn from the pilot and then quickly create an ongoing investment that matches the extreme risk that school districts face around cybersecurity. Addressing cybersecurity is the number one priority of ed tech leaders.鈥
Advocates for district leaders also cheered the investment as a strong starting point.
鈥淲e are excited to see formal federal policy that will support school districts in addressing the critical need of cybersecurity for their internet access,鈥 said Noelle Ellerson Ng, the associate executive director for AASA, the School Superintendents鈥 Association. 鈥淲e look forward to seeing the benefits of this initial investment and examining the data it generates to help us craft a longer, bigger federal program that can focus on what schools need to secure their networks and what the best practices are.鈥
The FCC conceded that a $200 million pilot program isn鈥檛 large enough to meet K-12 schools鈥 cybersecurity needs.
鈥淥nly a subset of K-12 schools and libraries will likely be selected and receive support to defray their cybersecurity-related costs,鈥 the FCC wrote in the draft document explaining the program. And the agency acknowledged that even school districts that get the grants likely won鈥檛 be able to pay for all their cybersecurity needs with the money.
The FCC鈥檚 proposed cybersecurity pilot program will be financed separately from the E-rate. That program, which was created in the mid-1990s to improve school and library connectivity, is also administered by the FCC and is paid for primarily through the universal service fund, which is financed through fees on telecommunications services.
鈥楩undamentally a misdiagnosis of the root problem鈥
Doug Levin, the national director of the K12 Security Information Exchange, a nonprofit that supports stronger K-12 cybersecurity, said that while there鈥檚 no denying the scope of schools鈥 challenges, the new program may not do much to alleviate them.
鈥淭his is primarily a technology solution,鈥 said Levin, designed as if the difficulty of paying for 鈥渃ommercial cybersecurity solutions are the problem that schools have. 鈥 I think that鈥檚 fundamentally a misdiagnosis of the root problem.鈥
The reason schools fall victim to cyberattacks isn鈥檛 necessarily because they don鈥檛 have the right protective technology in place, Levin explained.
鈥淚t鈥檚 leadership. It鈥檚 training. It鈥檚 capacity,鈥 Levin said. 鈥淒istricts in general are understaffed with respect to technology, but especially with respect to cybersecurity.鈥
Ellerson Ng agreed that there is more to the problem than just a lack of cybersecurity technology. But she added that money for upgraded equipment has clear benefits.
鈥淭here are myriad factors that complicate the work of implementing successful cybersecurity mitigations,鈥 Ellerson Ng said, including professional development and school district policy.
But she added, 鈥淲e have to be real about the cost associated鈥 with preventing attacks, which are getting increasingly sophisticated 鈥渁t the exact time that school districts are staring down鈥 the end of federal pandemic relief, on top of diminished state and local revenue.