The FCC’s proposal, announced in November, would determine which firewall and data-protection measures are the most important for protecting learning institutions’ broadband networks. It would also cover the costs of cybersecurity measures for qualifying entities. The FCC’s Universal Service Fund (USF), if the measure is approved, would provide the money over a three-year period. While the pilot would be a separate expenditure from the USF’s E-rate program, which covers discounted Internet services for libraries and schools, it would expand the definitions of firewalls and other security measures funded by E-rate money in the future.
The coalition of agencies filed comments with the FCC on Jan. 29, according to a news release from the State Educational Technology Directors Association (SETDA).
“Schools and libraries face an urgent, complex cybersecurity crisis. Cyber criminals and other bad actors persistently target them for serious ransomware and other cyber attacks, seeking to acquire sensitive student and patron data and to steal public funds. Resulting network outages frequently disrupt learning and library services, imposing huge costs on individuals, institutions, and communities,” the agencies noted in the docket entry filed with the FCC.
The list of agencies noted in the document include the Consortium for School Networking (CoSN); State Educational Technology Directors Association (SETDA); American Library Association; Council of the Great City Schools; Schools Health and Libraries Broadband Coalition (SHLB); National School Boards Association (NSBA); All4Ed; Council of Chief State School Officers (CCSSO); National Association of State Boards of Education (NASBE); Link Oregon; Common Sense; and Pacific Northwest Gigapop.
According to the docket entry, those agencies support the idea of publicizing the data that would be obtained during the pilot for the purpose of informing decisions. But they also asked the FCC to protect the participants’ confidentiality and any sensitive data they would submit to the federal agency as part of the pilot process.
“We encourage the commission to adopt a layered data-management strategy that allows the wider analysis of non-sensitive data while safeguarding sensitive details,” the docket entry said. “Such a strategy could include removing all personally identifiable information from applicants’ cybersecurity posture data, aggregating data across applicants to publish general statistics and trends rather than applicant-specific information and storing sensitive data in encrypted formats in access-controlled databases.”
John Windhausen, executive director of SHLB, called this pilot “a decisive step toward fortifying the digital defenses of anchor institutions.” But he also suggested shortening the length of the proposed program from three years to 18 months to better address the urgency of this matter.
“The FCC can update the E-Rate program’s firewall definition now to include advanced features and provide an additional $200 million in supplemental Category 2 funding for E-Rate applicants to use in 2024 and 2025,” he said in a public statement.