Cybersecurity for Schools

FCC Chairwoman Jessica Rosenworcel recently asked the other FCC Commissioners to support a proposal to spend $200 million over three years to bolster school cybersecurity. Rosenworcel plans to issue a Notice for Proposed Rulemaking (NRPM) soon for her proposal. The NPRM will set off a round of public comments and then a ruling if a majority of the Commissioners agree with the final set of rule changes.

There seems to be some need for better school security systems. According to Emsisoft, a New Zealand-based anti-viral and anti-malware company, there were ransomware attacks on 44 U.S. universities and colleges and 45 on school districts in 2022. That was up slightly over 88 attacks in 2021. According to Emsisoft, school IT networks are a popular target since they have less security and staff with less training than corporations.

This announcement immediately raised the question for me of why the FCC is considering this. The U.S. Department of Education has a 2023 budget of $79.6 billion. I can’t help but wonder why school and university cybersecurity is not the responsibility of the USDE, state governments, or local school systems rather than the FCC.

Rosenworcel is proposing that this effort get funded from the Universal Service Fund, specifically the recently launched Learn Without Limits program that is part of the E-Rate program that subsidizes broadband connections for schools with a high percentage of low-income students. According to Rosenworcel’s press release, this could be done without undermining E-Rate’s primary mission of promoting digital equity for schools.

The E-Rate program is perhaps the most popular program at the FCC since it helps poor school districts afford gigabit broadband connections. I can see why the FCC wants to ride that wave of popularity. Rosenworcel has made other interesting proposals recently that would also come from the E-Rate program.

For example, Rosenworcel recommended that E-Rate be used to provide mobile hotspots on school buses. That seems to be an extension of bringing broadband to schools, to bring broadband to students who have long bus rides. She’s also recommended that E-Rate be used to provide Wi-Fi hotspots for students and library patrons. This also extends broadband to students but seems to be in competition with the funding from the Infrastructure Investment and Jobs Act, which is providing billions of dollars for digital equity that would also provide money for hotspots.

The main reason this raises an issue for me is that the Universal Service Fund is funded with an ever-increasing fee burden on voice lines and interstate broadband services. There has been widespread unhappiness with the FCC USF fees. There doesn’t seem to be any appetite at the FCC to let the size of the Universal Service Fund shrink when it makes sense. Instead, the FCC keeps finding new ways to spend the pot of money.

While cybersecurity for schools seems like an important function, cybersecurity is not broadband. If the FCC can sink money into cybersecurity in this manner, then what’s next – money for training for school system IT employees? I’m sure I’ll get some negative comments about my position, but I am not against somebody helping schools with cybersecurity issues. I just can’t see why this is the responsibility of the FCC.

One thought on “Cybersecurity for Schools

Leave a Reply