Since 2016, more than 1,300 schools have been victims of cyberattacks, including student data breaches, ransomware attacks, email scams, and other incidents, according to a January 2023 report by the Cybersecurity and Infrastructure Security Agency.
A recent Sophos survey reveals that in 2022, 80 percent of schools were targeted for a cyberattack, up from 56 percent in 2021. Schools are now the leading target for cybergangs, according to The74. The education sector is particularly vulnerable compared to other industries. It reported one of the highest rates of ransom payment, with 47 percent of K-12 educational organizations paying the ransom requested. These organizations, on average, paid $2.18 million in recovery costs (when paying the ransom) vs. $1.37 million if they chose not to pay, Sophos reports.
To keep students, educators, and staff safe, school departments need help funding robust security systems that prevent these harmful and costly incidents from happening. Currently, the Federal Communications Commission’s E-rate program funds basic firewall services and separately priced basic firewalls and services as a Category Two service, subject to an applicant’s five-year Category Two budget.
School information technology leaders recognize and have voiced to the FCC the gap between what E-rate covers and the top technology challenges districts face through a public comment period earlier this year. In February 2023, Funds For Learning submitted our comment to the FCC, which included 80 comments from E-rate applicants, service providers and consultants, who all called for network security support to be included in E-rate program in response to our 2022 E-rate Trends Report survey. Here is some of the feedback we received and shared:
- “The E-rate program is vital to our organization and essential to student achievement. Expansion of the program to cover network security equipment would be greatly appreciated given the current global cybersecurity threats.” -Georgia School District (Urban)
- “Costs are increasing significantly for district technical and security needs. I have seen yearly increases in operational technical costs. Not being able to utilize E-rate funds for security products or phone systems and maintenance, both of which are mandatory for safety reasons, is becoming more problematic to find consistent general funding for. The ability to use E-rate for cybersecurity needs should be at the top of the list.” -California School District (Rural)
- “E-rate should extend their eligible products and services to network security software tools. Having more devices to manage on a small district budget is even more challenging without security management software for staff and students. Protecting students online is very important, and the software to do so should be eligible for funding from USAC.” -Michigan School District (Rural)
In recognition of school departments’ desire for increased security systems funding, Federal Communications Commission Chairwoman Jessica Rosenworcel announced a separate proposal to protect school networks in July. The proposed $200 million, three-year pilot program aims “to harden the cyber defenses and determine the most effective methods to protect our schools and libraries.” Speaking to The School Superintendents Association, Rosenworcel acknowledged “the rise in malicious ransomware attacks that harm our students” and said, “Now is the time to take action.”
If adopted, the proposal would open a Notice of Proposed Rulemaking and seek comments on the program’s structure. The FCC intends to fund the program separately from E-rate to ensure requests for cybersecurity funds don’t take away from funds allocated to improve Internet connectivity. Currently, the FCC has yet to schedule a vote on this proposal—leaving schools responsible for designing and paying for systems to safeguard against breaches and attacks—at least for now.
Funds For Learning recognizes that schools struggle to budget for and implement modern cybersecurity solutions. Each year, in our E-rate Trends Report, we ask superintendents, principals, business staff and school technology experts questions about the E-rate program and the types of projects they’re looking to invest in. The E-rate Trends Report gives stakeholders a broader picture of what applicants think about the E-rate program. We gather publicly available funding request data and conduct an annual applicant survey.
Most organizations responding to our survey have worked with the E-rate program for more than five years and provide critical insights into the technology issues they care about most. In this year’s Funds For Learning E-rate Trends Report, to be released on October 10, 2023, we added a new section focused on cybersecurity, including the answers we asked applicants about their cybersecurity budgets and the types of services they think should qualify for E-rate funding. We invite school and technology leaders to download a copy of the report here.