In June 2024, the Federal Communications Commission (FCC) approved the Schools and Libraries Cybersecurity Pilot Program which will provide up to $200 million over a three-year period to public schools and libraries for cybersecurity services and equipment. With the application window opening this fall, schools should start preparing now to ensure a stress-free application process.
Application Basics
Who can apply for the grant?
The program is open to all schools, libraries and consortia of schools and libraries that meet the FCC Universal Service Fund’s E-Rate program’s eligibility requirements.
How much funding can I get?
Depending on district size selected applicants can receive up to $13.60 per student for the duration of the program
When does the application window open?
Specific dates have not yet been announced, but the window for Part 1 of the grant process is expected to open in Fall 2024.
9/5/2024 Update: The application window for Part 1 of the grant process has been announced. It will open 9/17/24 and close 11/1/24.
How does it work?
The Schools and Libraries Cybersecurity Pilot Program will be divided into two parts.
- Part 1: All applicants will provide a general level of information about their cybersecurity posture, avoiding the oversharing of sensitive network data. Applicants will need to provide detailed information about how they plan to use funds for cybersecurity.
The FCC will review and select the pilot program participants from part one applicants and the commission will issue a public notice announcing the awardees.
- Part 2: If selected to move forward with the second part of the process, applicants will be required to provide more detailed information about their school’s cybersecurity practices and experiences, including prevention and mitigation tactics, training policies, recent threats, and more. If approved, pilot participants will then complete a competitive bidding process for their equipment and services before submitting reimbursement requests.
Start Planning Now
While the application window may not be open yet, interested schools should begin preparing now. In addition to signing up for updates from the FCC’s Universal Services Administrative Company, there are a number of things that schools can start doing today to ensure they are ready to submit for both parts of the application process.
1. Take care of registration requirements early
Schools are required to complete certain registration requirements, such as obtaining an FCC registration number and creating an E-Rate Productivity Center user profile if they have not already, before applying for the pilot program. They also must be in good financial standing with the FCC and the federal government. More details on these requirements can be found in the FCC’s Getting Ready Guide.
2. Understand your current cybersecurity environment
Due to the information the FCC requires to apply for the pilot and the information it hopes to attain, it is important for schools to understand their own cybersecurity environments and be able to explain how they are currently managing them. The required FCC Form 484 application, currently in draft form, requires schools to share a general description of their cybersecurity practices, including:
- Their experience with cybersecurity matters
- Whether they expect to implement cybersecurity recommended best practices
- Their current or expected use of free or low-cost federal resources
Additionally, applicants will also be required to provide information about the proposed pilot project, including:
- Goals and objectives to be achieved
- Services and equipment to be purchased
- Cybersecurity risks that will be prevented or addressed
With the complex and rapidly changing landscape of edtech cybersecurity, it can be challenging for schools to stay informed of the latest strategies and technologies. Schools should utilize resources, such as Lightspeed’s “How to Protect Your K-12 District from Cyberattacks” guide, to learn about the most up-to-date security best practices and strategies to help mitigate the risk of cyberattacks.
3. Create (or update) your cybersecurity plan
Schools that do not have a cybersecurity plan in place should create one now, while schools with a plan already place should confirm it is up to date. The application for this pilot, especially for part two, will be comprehensive. If selected to move forward with the second part of the process, applicants will be required to provide more detailed information, such as:
- How the school is currently managing and addressing cybersecurity risks through prevention and mitigation tactics
- A history of cyberthreats and attacks within the past 12 months
- Current cybersecurity training policies and procedures
- Cybersecurity challenges faced
Having a cybersecurity plan in place will make it easier for schools to successfully complete this part of the application. For schools just getting started, Lightspeed Systems offers two free cyber incident response plan templates—the Data Breach Response Runbook and Ransomware Response Runbook—to help prepare your organization before, during, and after a security incident. In addition, the Cybersecurity and Infrastructure Security Agency (CISA) offers an online toolkit with recommendations and resources to help K-12 organizations develop and maintain cybersecurity programs.
4. Evaluate cybersecurity needs
Schools should start mapping out goals and what services and equipment that they may want to purchase. Pilot participants will be eligible to seek reimbursement for a wide variety of services and equipment, including:
- Advanced/Next Generation Firewalls;
- Endpoint Protection;
- Identity Protection and Authentication;
- Monitoring, Detection, and Response.
As schools look to improve their district cybersecurity strategy, they should consider trusted and proven partners, such as Lightspeed Systems, to harden their risk posture. Lightspeed Cybersecurity & Compliance solution—including Lightspeed Filter and Lightspeed Digital Insights—provides enhanced security and visibility to protect network and tech resources. With solutions that fall into multiple pilot categories, Lightspeed solutions provide schools with a multi-layered approach to safeguarding their networks and data.
Additionally, the FCC’s Getting Ready Guide suggests that “applicants may wish to consult other federal resources available through the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency and the Department of Education to help evaluate their vulnerabilities and identify additional protections for their broadband networks and system data.”
5. Confirm tracking and reporting capabilities
The FCC hopes this pilot program will provide valuable data regarding tools that will best help K-12 schools and libraries address growing cybersecurity threats, as well as evaluate the effectiveness of using Universal Service funding to support these efforts. Therefore, before applying, schools should confirm whether they have the existing resources needed to track and report the impact purchased services and equipment have on their cybersecurity.
6. Engage outside support if needed
Finally, schools should assess their current abilities to complete both pre- and post-pilot requirements. EdTech Magazine encourages smaller schools and those with internal resource constraints to seek outside assistance from advocacy organizations, state E-rate coordinators, and/or E-rate consultants to bolster their applications.
Lightspeed is Here to Help with Your Application Journey
As cyberattacks on K-12 schools continue to increase, districts need to do more to protect their schools and data. Don’t miss out on your school’s opportunity to receive much-needed funds to implement cybersecurity best practices!
Lightspeed Systems technologies enhance school information security and data privacy strategies and all products are eligible under grant guidelines. Let us partner with you on your cybersecurity journey!
Lightspeed products provide added protection to improve your cybersecurity defense. To help you build your application for the FCC Cybersecurity Grant Pilot, the sample language regarding Lightspeed capabilities below aligns with the FCC equipment and services list detailed in the Pilot program.
* (As defined by FCC) Equipment and services that implement endpoint protection are eligible. Specifically, equipment, services, or a combination of equipment and services that implements safeguards to protect school- and library-owned end-user devices, including desktops, laptops, and mobile devices, against cyber threats and attacks are eligible.