FCC Launches Cybersecurity Pilot for K-12: What You Need to Know
How to create a cybersecurity plan and be eligible for the upcoming FCC K-12 cybersecurity pilot
Aug 30, 2024
The Federal Communications Commission (FCC) has launched a new Cybersecurity Pilot Program to provide crucial funding for K-12 schools and libraries, aiming to enhance their cybersecurity defenses. This initiative addresses the increasing cyber threats faced by educational institutions and ensures they have the resources to protect their digital infrastructure.
Applications for the pilot open on September 17 and close on November 1st, 2024. If your school is selected as a pilot participant, then the process to claim eligible cybersecurity items will follow the same process as the E-Rate application. If you are comfortable with E-Rate, then you'll be comfortable with this.
But first, let's talk about how you can be selected as a participant to the pilot. Priority will be given to low-income entities, once again like E-Rate, through a calculation of students who qualify for a free or reduced-price lunch under the National School Lunch Program. However, a bigger factor to determine your eligibility will be schools that demonstrate both the need for cybersecurity as well as the capacity to deliver on a cybersecurity strategy. The singular and most important activity that you should be doing right now is developing a cybersecurity plan.
How to Create a Cybersecurity Plan
At DES, we model our cybersecurity recommendations after the NIST Cybersecurity Framework. This is a set of guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risks. The framework consists of five core functions:
Identify: Understand your organization's capabilities to manage cybersecurity risk.
Protect: Implement a cybersecurity posture that safeguards your people, systems and assets.
Detect: Have solutions in place to monitor and expose cybersecurity events.
Respond: Have a plan to investigate and contain an attack.
Recover: Repair and restore capabilities after a cybersecurity incident.
Within each of these domains, DES helps you choose cybersecurity products and solutions that give you the right defenses for your unique needs. You can learn more about our cybersecurity toolbox here.
Eligible Cybersecurity Products & Solutions
The FCC Cybersecurity Pilot allows you to develop your own toolbox from a truly wide-ranging list of solutions. You can see the full list here. Once again, our DES approach for a school environment is to choose solutions that correspond to the NIST framework. Here are some recommendations (of course each district is unique, and we are always happy to talk with you individually).
Identify
Cybersecurity Assessment & Diagnostic: Our first step is to analyze your current state. We provide a complimentary cybersecurity scan which will identify your current areas of vulnerabilities.
Advanced Attack Surface Management and Asset Management Solutions: Do you have a systematic listing of all your connected assets? Can you quickly see each asset’s security status and user authorizations? These asset management tools help identify and manage all assets connected to your network, reducing the risk of unauthorized access or unpatched vulnerabilities.
Protect
Advanced/Next-Generation Firewalls: These are enhanced firewalls that offer advanced threat detection and prevention, including features like deep packet inspection and intrusion detection. In a K-12 environment, a next-gen firewall would block malware and phishing attempts, protecting students' access to safe online learning resources.
Identity Protection and Authentication: Tools that secure user identities and control access to networks, often using multi-factor authentication (MFA) so that only authorized teachers and staff can access restricted materials such as sensitive student records.
Training: Ultimately, your cybersecurity strategy is as good as the operators managing the systems. When DES designs and deploys systems, we only walk out of the job once your operators know how to use the systems.
Detect
Endpoint Protection:Endpoint protection protects individual devices, such as laptops and tablets, from cyber threats like malware. Schools are chock-full of endpoints -- think of student laptops, mobile phones and IP hardware – and this solution could, for example, block a ransomware attack attempting to infiltrate a student's laptop during remote learning.
Managed Detection & Response (MDR): This service provides continuous monitoring and response to cyber threats. It combines technology and human expertise to rapidly identify and neutralize threats before they can cause significant damage.
Security Operations Center (SOC) for Around the Clock (24/7/365) Monitoring, Detection, and Response:A SOC is a centralized unit that deals with security issues on an organizational and technical level. It ensures that potential security incidents are correctly identified, analyzed, defended, investigated, and reported.
Respond & Recover
If your school does fall victim to a cyberattack, we are there for you. We can jump into action and activate your backup and recovery systems and Disaster Recovery Plan, which may even include temporary measures.
However, before all else, your first call must be to your local CISA advisor who can guide you. CISA is the Federal agency dedicated to Cybersecurity and Infrastructure Security. Their website offers a wide variety of resources for K12 and Educational Institutions, including a Security Planning Workbook that can help organize your Disaster Recovery process.
How Much Will be Awarded?
The Schools and Libraries Cybersecurity Pilot Program will provide up to $200 million to selected participants over a three-year term to purchase a wide variety of cybersecurity services and equipment.
Funding will start at a minimum of $15,000 to at most $1.5 million. Like the E-Rate program, Pilot participants will be required to pay the non-discounted share of the costs of the eligible services and equipment they purchase with Pilot Program funds. The percentage of the eligible costs that a Pilot participant will be required to pay will be based on the participant's Category 1 discount rate. Funding amounts will be determined using a formula that estimates a non-discounted cost of $13.60 per student.
Where to Learn More
For more detailed information, visit the FCC Cybersecurity Pilot Program page and the Eligible Services List.