The Critical Need for Newly Adopted Schools and Libraries Cybersecurity Pilot Program
The Critical Need for Newly Adopted Schools and Libraries Cybersecurity Pilot Program
by Darren Estridge
It’s a disturbing truism that, in terms of cybersecurity, our nation’s schools are target-rich and resource-poor. That’s why it’s so essential that the Federal Communications Commission (FCC) recently adopted final rules to establish a new three-year pilot program that will allow eligible schools and libraries to enhance their cybersecurity readiness with federal funds. The FCC’s Schools and Libraries Cybersecurity Pilot Program (Pilot Program) will go a long way to help equip schools and libraries with the latest cybersecurity tools to guard against cyber incursions.
As IT and networking technologies become more integrated into learning environments, an increasing number of cyberthreats are leaving students, families, and educators vulnerable to cyber attacks. With few cybersecurity professionals, limited resources, and an evolving understanding of how to address modern-day threats that target K-12 organizations, school districts and libraries across the United States are struggling to thwart these attacks. While the current E-Rate program helps schools and libraries obtain affordable broadband and allows the purchase of basic firewalls, these factors alone are no longer sufficient to counter sophisticated cyber threats and data privacy intrusions that disrupt connectivity and threaten digital assets. It is well known that attackers will go after those networks that are the least capable or that employ legacy security technologies with known vulnerabilities, leaving K-12 schools and libraries particularly vulnerable.
The Pilot Program will provide up to $200 million in Universal Service Fund support for eligible participants to more easily access modern and cost-effective cybersecurity and next generation firewall (NGFW) services and equipment that can help prevent attacks and data privacy intrusions. If implemented, such a program would help ensure smooth, legitimate network traffic while blocking external threats that could compromise a school’s or organization’s assets and obstruct the education process.
The approval of the Pilot Program is encouraging, and Palo Alto Networks commends the FCC for adopting many of our recommendations to ensure an effective pilot and help secure necessary resources for K-12 cyber resilience. The Pilot Program will:
Distribute funds to a diverse set of participants, including large, small, urban, rural, and tribal schools and libraries, as well as consortia.
Consider a “broad and objective set of evaluation factors” when selecting participants, rather than focusing on whether an applicant is facing a particular type of cybersecurity threat or its previous history with cybersecurity attacks.
Establish a comprehensive and manageable application process similar to the E-Rate program.
Require participants to submit annual reports to both demonstrate accountability and to enable the FCC to better evaluate the efficacy and success of the pilot in reducing modern cyber risks.
Perhaps the most welcome component of the Pilot Program is its Eligible Services List. Legacy security products force K-12 organizations to react to changes in the threat landscape manually and inefficiently, straining already limited resources and leaving vulnerabilities exposed. The education sector needs an advanced or Next Generation Firewall (NGFW) solution that includes software capabilities that are not currently covered by the E-Rate program, and Palo Alto Networks joined like-minded stakeholders in urging the FCC to make them available to K-12 organizations as part of this pilot.
In addition to advanced and NGFW, the program includes a wide array of cybersecurity services and equipment that will help to bolster school and library defenses against increasingly sophisticated cybersecurity threats. This non-exhaustive list includes services such as:
AI/ML threat detection and response,
Firewall as a Service (FWaaS),
IoT security,
Endpoint or Extended Detection and Response (EDR/XDR) to help secure end-user devices,
Secure Access Service Edge (SASE) and Zero Trust Architecture for identity protection and authentication, and
Data Loss Prevention (DLP) and Security Operations Center (SOC) for around the clock monitoring, detection, and response, among others.
By casting a wider net of eligible services and equipment under this program, K-12 organizations can benefit from improved data protection, access management, and complete attack surface visibility with granular control over the traffic allowed to access their network to identify and prevent new threats.
Schools and libraries must be equipped with cost-effective and modern cybersecurity solutions to keep up with a constantly shifting threat landscape. The establishment of this Pilot Program is a critical step in providing them with the flexibility they need to keep the educational environment operating efficiently and securely. Palo Alto Networks is proud to partner in this fight.
The author is Darren Estridge, VP of SLED at Palo Alto Networks