The Federal Communications Commission (FCC) wants to take a closer look at data vulnerabilities in K-12 schools and public libraries given the ever-increasing cyber threats against their broadband networks.
The FCC has proposed a $200 million pilot program to gather data on the cybersecurity and firewalls services of schools and libraries to find which might be most important, and to help cover the costs of such services for qualifying school districts, according to a news release last week. If approved, the FCC’s Universal Service Fund (USF) would provide the money over a three-year period. This would be a separate expenditure from USF’s E-rate program, which covers discounted Internet service for schools and libraries.
New cybersecurity measures would be the latest of several modernization projects supported by FCC Chairwoman Jessica Rosenworcel, including the “Learn Without Limits” initiative to ensure all students have access to high-speed Internet, which was recently broadened to include discounted Internet service to libraries in tribal communities and Wi-Fi access on school buses across the country.
“This pilot program is an important pathway for hardening our defenses against sophisticated cyber attacks on schools and ransomware attacks that harm our students and get in the way of their learning,” she said in a public statement. “Protecting our students is a critically important task and one that touches on the mission of several federal agencies. Ultimately, we want to learn from this effort, identify how to get the balance right, and provide our federal, state and local government partners with actionable data about the most effective and coordinated way to address this growing problem.”
The FCC is not the only federal agency ready to help districts protect themselves from cyber criminals. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released guidance for improved K-12 data protection measures earlier this year, including a document of tips and resources for technology acquisition that noted the “dizzying number of vendors and technology products” that can be overwhelming to districts. But it also helped to simplify the acquisition process by suggesting minimum standards that all vendors should meet: provide automatic security updates, have role-based access controls that minimize the number of employees with elevated privileges, comply with National Institute of Standards and Technology (NIST)’s standards for secure software development, and enable multifactor authentication as a default setting with no additional charge.
According to the Nov. 13 FCC Notice of Approved Rulemaking, which outlines this proposal, CISA, the U.S. Government Accountability Office and the federal Department of Education provided input in the creation of this cybersecurity pilot program.
“Predictions are that K-12 schools and libraries will continue to be prime targets for malicious actors, primarily because they are data-rich environments that tend to lag behind in terms of their available resources and cybersecurity program maturity,” the FCC notice said.
The notice also said the FCC will obtain public comment on the proposed pilot program before decisions are made to fund it.