The FCC voted 3-2 to adopt a three-year, $200 million Schools and Libraries Cybersecurity Pilot Program on Thursday. Agency officials say the program will allow the Commission to obtain actionable data about which cybersecurity services and equipment would best help K-12 schools and libraries to address growing cyber threats and attacks against their broadband networks.
Schools contain “massive” amounts of information about students, including their social security numbers, health records, disciplinary records, and other personally identifiable information, according to Commissioner Geoffrey Starks. That’s why schools are “rich targets” for cyberattacks. Starks characterized school data as “low hanging fruit because they are often resource constrained and lack cyber expertise.” He said: ”Bad actors know this and take advantage of it.”
Starks cited Verizon’s 2024 Data Breach Investigations Report, which shows the education services sector experienced 1,780 attacks in 2023, up 258 percent from last year. Though “the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Education have developed free resources to help schools protect their networks, our schools and libraries need additional help,” said Starks.
GOP Commissioners Brendan Carr and Nathan Simington dissented from the Democratic majority, citing concerns over the agency using E-rate program funds for the effort. Carr said that while he supported the Chairwoman’s policy “that we need to make sure that connections going into schools and libraries” are secure, “at the end of the day, I will look at the legal authority.” Carr explained he’s had concerns that the Commission “has gone a little beyond the text of the E-rate statute in some cases. I want to be particularly sure that we were on exceptionally firm legal footing here. I was not able to get there.”
Simington added: “Cybersecurity is a highly laudable use of E-rate funds, but I am concerned the authority we cite in the item does not support the move we make today so I will have to dissent.”
Commissioner Anna Gomez sees the issue as one of digital equity. “According to CISA, under-resourced school districts are the most vulnerable to cyber-attacks. In the same way we need to be intentional about ensuring our physical school buildings are saved, we must also be intentional to ensure the digital is safe and secure as well.” She said the problem will “require an all-hands-on-deck approach that includes state, local and federal government partners working together to protect our education system.”
Chairwoman Jessica Rosenworcel described the urgency of the situation: “Last year, school districts as large as Los Angeles Unified in California and as small as St. Landry Parish in Louisiana were the target of cyberattacks. According to the Government Accountability Office, the loss of learning that follows these network disruptions can range from three days to three weeks. The recovery time for the school district can take as long as nine months. On top of that, the expense of addressing these attacks may mean millions for districts that never had this kind of a thing as a line item on their annual budget.”
While describing the problem as “complex,” Rosenworcel added: “The vulnerabilities in the networks we have in our nation’s schools and libraries are real—and growing. So today we are doing something about it.”
Modeled after the Connected Care Pilot Program, the pilot program will make $200 million in Universal Service Fund support available to participating schools and libraries to defray the costs of eligible cybersecurity services and equipment. These funds are separate from the Commission’s E-Rate program, to ensure gains in enhanced cybersecurity do not undermine what the agency characterizes as E-Rate’s success in connecting schools and libraries and promoting digital equity.
By Leslie Stimson, Inside Towers Washington Bureau Chief
Reader Interactions