Last Monday was the deadline for filing comments on E-rate cybersecurity eligibility in response to the FCC’s request (DA 22-1315). Most striking is the universal concurrence that cybersecurity is a major issue for schools and libraries; that, at a minimum, advanced firewalls should be fully E-rate eligible; that E-rate funds are already available to support cybersecurity eligibility; and that eligibility should be initiated as early as possible (conceivably for FY 2023). Links to many of the important and interesting comments filed by applicants, suppliers, and educational organizations are provided below.
American Library Association (“ALA”)
California School Boards Association
Cisco Systems, Inc.
Connecticut Commission for Educational Technology
Consortium for School Networking (“CoSN”) et al.
Council of the Great City Schools
CrowdStrike
Crown Castle Fiber LLC.
Cybersecurity Coalition and the Information Technology Industry Council
E-Rate Provider Services, LLC.
Illinois Office of Broadband
Los Angeles Unified School District
Michigan Educational Technology Leaders
Microsoft Corporation
NCTA – The Internet & Television Association
New York State E-Rate Applicants
Virginia Department of Education K-12 IT Advisory
Wisconsin Department of Public Instruction
Zscaler, Inc.
Many filers pointed to the unique and numerous cyber risks faced by the educational community. Most specifically, we were struck by the following chart in Microsoft’s comments showing education as the industry most affected by cyber-attacks and the statistic that “over 80% of devices in the education sphere have experienced malware encounters in the last 30 days.”

Numerous comments noted that funding was already available under both the annual E-rate funding cap and the remaining Category 2 budgets for FY 2023-2025 to support additional cybersecurity eligibility. The availability of E-rate funding was detailed in the New York State E-Rate Applicants’ filing discussed in our newsletter of February 6th. Recognizing that the use of additional E-rate funding for cybersecurity might lead to a modest increase in the Universal Service Fund contribution rate, we were encouraged that all the carrier filings supported expanded product and service cyber-eligibility.
The two major issues discussed in most responses concern: (a) exactly which cybersecurity products and services should become eligible; and (b), when should that eligibility take effect. The near unanimous answers to these questions were:
- Advanced firewalls, at a minimum, should be fully eligible under Category 2. Longer-term, other cybersecurity products and services should become eligible under both Category 1 and Category 2.
- Cybersecurity eligibility need not wait for the initiation of a new Category 2 budget cycle in FY 2026 and could be initiated even for FY 2023, if not FY 2024.
We note that while Congress and other federal agencies have and are providing information and other resources to address cybersecurity threats in education, only the FCC, through its E-rate program, has a sustained source of funding to provision and protect broadband connectivity for schools and libraries. The FCC has the power and the resources to act; they need only the will.