New $200 Million FCC Proposal Could Help Schools Combat Cyber Attack Onslaught
Receive stories like these directly to your email inbox. Subscribe to Newsletter.
As the threat of ransomware and other cyber attacks becomes increasingly significant for schools across the country, Federal Communications Commission Chairwoman Jessica Rosenworcel has put forth a proposal to establish the first federal funding source to help districts combat these threats.
Rosenworcel announced a three-year pilot program earlier this month that could allocate up to $200 million to improve cybersecurity in schools and libraries. However, the full details of the proposal have not been released to the public, and education experts argue that much more funding would be necessary to make a meaningful impact. It could be several months, or even more than a year, before schools receive assistance, as education groups are urging for a more urgent federal response.
In a speech on July 12, Rosenworcel stated that as districts have become prime targets for cyberattacks, the proposed pilot program will provide valuable insights on how the FCC can utilize its resources effectively to address the cybersecurity challenges that schools and libraries face.
Education groups and school leaders have been calling on the federal government for several years to help schools strengthen their cyber defenses. The pilot program deviates from previous suggestions, which involved allowing districts to use federal E-Rate funding for cybersecurity. Last year, more than 1,100 school districts supported this idea in a joint letter. However, officials at the National Superintendents’ Association expressed concerns that using E-Rate funds would divert resources from the program’s primary goal of connecting schools and libraries to the internet. Noelle Ellerson Ng, the association’s associate executive director of advocacy and governance, explained that the group supports the pilot program because it is separate from E-Rate and provides districts with additional funds to protect their data.
Ellerson Ng stated, "All signs indicate that we will require a federal response, so hopefully, we can gain congressional support within the same three-year timeframe to start considering what a more sustainable solution might look like. That way, when this three-year pilot concludes and we have evaluated data, we can move forward."
According to a recent report by cybersecurity provider Sophos, K-12 education was the most targeted sector for ransomware attacks last year, with 8 out of 10 districts reporting incidents, marking a significant 43% increase from 2021. The average cost of recovery for victim districts, which paid ransoms in nearly half of the incidents, exceeded $1.5 million, without including financial demands from cyber gangs.
Notable ransomware incidents include an attack on the Los Angeles Unified School District, the nation’s second-largest school system, which occurred last year and led to the public exposure of highly sensitive psychological records of students. Another attack targeted Minneapolis Public Schools this spring, resulting in the public release of numerous sensitive district documents, such as files pertaining to campus rape cases, child abuse investigations, student mental health emergencies, and suspension reports.
Last month, New York City Public Schools, the largest district in the country, acknowledged that the information of approximately 45,000 students had been stolen in a massive cyber attack on the file-sharing software MOVEit. The MOVEit attack has caused data breaches in at least 375 companies and organizations, including universities across several states. The National Student Clearinghouse confirmed its involvement in the breach, a development that experts in school cybersecurity believe could impact many, if not most, students on a national scale.
"Cybersecurity has forcefully emerged as a significant concern" as districts nationwide become increasingly alarmed by these attacks, stated Rosenworcel. While the federal government has not previously provided funding to schools for cybersecurity, she believes that the pilot program represents an initial step forward.
Before the full details of the proposal are made public, the five-member FCC commission must vote on it, and it must undergo a formal public comment and rulemaking process. Education experts anticipate that it could take a year or more before the funds are available to districts.
"I have informed our superintendents that it is realistic to expect that it could take 10 months, in the best-case scenario, for them to be eligible to apply," shared Ellerson Ng.
According to cybersecurity expert Doug Levin, the communication commission has been slow in addressing the issue of school cybersecurity for many years. He believes that the proposed $200 million is merely a small portion of what school districts across the country would require to effectively counter this online threat. While the pilot program could provide valuable lessons and pave the way for greater federal investments, it is expected that only a limited number of districts will receive grants from it.
Levin emphasizes that the threat of cyber attacks faced by districts is so significant that even a much larger investment in digital safeguards is unlikely to completely solve the problem. He questions the effectiveness of implementing next-generation firewalls in every school district, stating that it may not significantly reduce the number of successful attacks. He also suggests that perhaps it would be wise to reconsider the collection of sensitive data in the first place.
Receive stories like these directly in your inbox by signing up for Newsletter.