FCC approves pilot to boost cybersecurity in schools
Hill Street Studios via Getty Images
Connecting state and local government leaders
Amid a rapid increase in ransomware attacks on k-12 schools, the commission is allocating $200 million over three years to strengthen cyber protections.
Parents of students in Center Line, Michigan, an inner ring suburb of Detroit, got a text late Monday night last week canceling school the next day. School officials had been forced to shut down the district’s entire computer system to stop a ransomware attack. Since schools run through technology, whether it’s food service, cameras, phones or educational software, there were few other options.
The closure ultimately lasted only one day. But parents and students have been asked to be patient as the district works “through other tech challenges” likely to surface as the breach is investigated.
Ransomware attacks like the one on Center Line Public Schools are becoming all too familiar. School districts depend more than ever on technology, and as a result, their systems and the personal data they store are increasingly targets of hackers. In 2022, according to an analysis by the cybersecurity firm Emsisoft, 45 districts reported breaches. In 2023, that number more than doubled, to 108.
These attacks are pricey, too. Estimates suggest the breaches cost academic institutions upwards of $9 billion in 2022 alone.
It is a financial hardship and trend that the Federal Communications Commission is hoping to flip with a $200 million pilot program it approved Thursday to provide grants to public schools and libraries to boost their cybersecurity.
“Our schools possess massive amounts of data about students, including their social security numbers, health records, disciplinary records, and other personally identifiable information,” FCC Commissioner Geoffrey Starks said during the meeting. “Accordingly, schools we have found are target-rich environments for cyberattacks such as ransomware and are low-hanging fruit because they often lack cyber expertise.”
“We do not have all the answers,” FCC Chairwoman Jessica Rosenworcel said in a statement. “But we can use our authority at the commission to start asking the right questions.”
The three-year Schools and Libraries Cybersecurity Pilot Program will gather data “about which cybersecurity and advanced firewall services will have the greatest impact in helping K-12 schools and libraries protect their broadband networks and data.” The pilot will also help defray the costs of such services for eligible K-12 schools and libraries in rural and low-income communities.
According to details in a notice posted in the Federal Register in January, K-12 schools and libraries interested in the pilot have to apply and detail their proposed cybersecurity and firewall projects, and how they would use the funds. Applicants would also be required to detail any unauthorized access to their systems within the previous year, how it would use funding from the pilot program to improve its ability to address cyber concerns and track its progress.
Observers welcomed the FCC’s decision to adopt the program.
"This is a landmark moment for schools and libraries across the nation,” said John Harrington, CEO of Funds For Learning, in a statement following the vote. “The cybersecurity threats facing our educational institutions are significant. This pilot program represents a crucial step in providing the resources necessary to safeguard sensitive information and maintain secure, reliable access to digital learning tools.”
Funds For Learning, a firm specializing in helping schools get E-Rate funding, released an analysis last month of how much grant money participating schools and libraries could receive under the pilot. The amount varied, depending on size, from $10,000 to $800,000.
Before the vote, Dan Schiappa, chief product and services officer at Arctic Wolf, the cybersecurity company, said in a statement that the pilot program “would be one of the only national tools that the federal government has in its arsenal to empower schools to boost their security technology. [...] Purchasing the necessary tools, hiring the necessary staff and training teachers and administrators to protect themselves against savvy threat actors is expensive, and not always feasible on shoestring education budgets.”
Rosenworcel also cited costs in her statement of support for the program. “The expense of addressing these attacks may mean millions for districts that never had this kind of a thing as a line item on their annual budget,” she said.
Arguing that the consequences for students can be enormous, Rosenworcel referenced a Government Accountability Office report from 2022 that found that learning loss from cyberattacks can range from three days to three weeks. It can also take up to nine months to recover that learning.
The FCC pilot will be established under the agency’s Universal Service Fund program, which helps subsidize telecommunications services with a view to promoting universal access.
The program would be separate from the FCC’s E-Rate program, which makes telecommunications and information services more affordable for schools and libraries. FCC officials said that distinction would “ensure gains in enhanced cybersecurity don’t come at a cost of undermining E-Rate’s success in connecting schools and libraries, and promoting digital equity.”
The FCC said that the pilot program would be similar to one that it ran to promote and support connected care services. The agency provided up to $100 million over three years to cover broadband expenses, network equipment and IT services to support telehealth, remote patient monitoring and other connected care services for low-income and veteran patients.
“This situation is complex,” Rosenworcel said. “But the vulnerabilities in the networks we have in our nation’s schools and libraries are real—and growing. So today we are doing something about it.”
NEXT STORY: Proposed federal AI roadmap would fund local election offices