News of the Week

E-Rate for FY 2023:

USAC issued Wave 16 for FY 2023 on Thursday, August 10th, for $78.3 million.  Total funding is now $1.88 billion.  At this point, USAC has already funded 90.5% of the originally submitted applications representing 64.0% of the dollars requested.

ECF for 2021-2023:

Wave 31 for Window 3 was issued on Wednesday, August 9th, for $46.4 million.  Total commitments for all three ECF windows are now $6.86 billion.  USAC has funded 90.3% of the ECF applications representing 67.7% of the requested funding.

White House Cybersecurity Conference:

The biggest news on the K-12 cybersecurity front last week was a White House conference on Monday hosted by First Lady Dr. Jill Biden.  Although there was some initial confusion on the webcasting of the meeting, a video of the session is now available online.  To us, the highlights of the meeting were:

• Introductory remarks on the importance of cybersecurity in schools by Miguel Cardona, Secretary of Education, and Alejandro Mayorkas, Secretary of Homeland Security.
• A review by Alberto Carvalho, Superintendent of Los Angeles Unified School District, of actions taken before, during, and after LAUSD’s major ransomware attack. *
• Remarks by Paul Abate, Deputy Director of the FBI, on the extensive coordination provided by the FBI and other governmental agencies beginning the day after the LAUSD attack.  Mr. Abate also stressed the services that can be provided to other schools throughout its regional and local offices facing similar attacks.
• An introduction by Jen Easterly, Director of the new Cybersecurity & Infrastructure Security Agency (“CISA”) to the resources available through that agency (see CISA Resources).
• Most disappointing, but perhaps not surprisingly, were the brief remarks by Ramesh Nagarajan, Chief Legal Advisor to FCC Chairwoman Jessica Rosenworcel, about a possible $200 million, three-year, cybersecurity pilot project for schools and libraries, not yet formally adopted by the full Commission (see our newsletter of July 17th).

Microsoft’s FCC Outreach on Cybersecurity:

A Microsoft ex parte filing, following a meeting with the FCC on July 31st, makes a strong case for allowing the use of E-rate funds for advanced or next-generation firewalls and other network security services.  Microsoft’s filing noted “the importance of education institutions securing their networks using current techniques such as taking a Zero Trust approach; identified seven practices that could improve cybersecurity protection for schools, as well as eligibility for cybersecurity insurance; and explained the benefits of using third-party security operations centers for managed cybersecurity services.”  The “seven practices” recommended were:

1. Multifactor authentication
2. Email security
3. Data backups
4. Privileged access management
5. Endpoint detection and response (“EDR”)
6. Vulnerability management
7. 24/7 centralized log monitoring

Stressing the unique vulnerability of educational entities to cyberattacks, Microsoft included the following bar chart in its ex parte filing:

Note: For additional cybersecurity resources, we recommend the Cybersecurity Concerns in K12 Education website of the State Education technology Directors Association (“SETDA”).

FCC “U.S. Cyber Trust Mark” Proposal:

Following up on FCC Chairwoman Rosenworcel’s proposal made a few weeks ago to initiate a voluntary cybersecurity labeling program to help consumers, including schools and libraries, to identify trustworthy products ** (see our newsletter of July 24th), the FCC released a Notice of Proposed Rulemaking (FCC 23-65) to solicit public comment on the effort.  Comments are being sought on the:

• Establishment of the labeling system
• Devices or products to be covered
• Development of cybersecurity criteria and standards
• Administration, management, and oversight of the program
• FCC’s legal authority

As proposed, we view the development of printed labels, even with QR codes, to be only marginally beneficial to schools and libraries who have the resources to research and purchase internet devices in bulk.  Although the labels would provide a useful purchasing guide for individual consumers, we had hoped to see a proposal to explore an electronic labeling system incorporated into devices themselves.  This could permit schools and libraries to recognize “trusted” devices upon connection to their systems.  Footnote 74, however, indicates the FCC’s intention to have its labeling proposals “operate distinct and separate from the provisions for the electronic labeling of radiofrequency devices contained in our equipment authorization rules (47 CFR § 2.935).”

Comments on the NPRM are due 30 days after its publication in the Federal Register.  Reply comments will be due 15 days thereafter.

Upcoming Dates:

Comment Period Set for E-Rate NPRM

The FCC’s Report and Order (“R&O”) and Further Notice of Proposed Rulemaking (“FNPRM”) (FCC 23-56) was published in the Federal Register last week.  This means that the new E-rate rules, primarily for Tribal libraries, will become effective within the month.  It also sets the comment period — see dates above — for the FNPRM portion to address an even broader range of program simplifications that would benefit all E-rate applicants.