FCC Reconsidering Adding Firewalls, Cybersecurity Services to E-Rate; Seeks Stakeholder Input

• By Kristal Kuykendall
• 12/15/22

The Federal Communications Commission’s Wireline Competition Bureau announced Wednesday that it is considering expanding the E-Rate eligible services list to include “advanced or next-generation firewalls and services, as well as other network security services,” and is seeking public comment from stakeholders now through Feb. 13, 2023, with reply comments accepted through March 30, 2023.

Comments can be submitted online at FCC.gov/ecfs and should refer to WC Docket No. 13-184. Instructions for filing paper documents via mail or courier are included in the FCC public notice document.

The FCC request for public comment poses scores of specific questions and includes four stakeholder proposals that cover the breadth and content of multiple related requests filed with the FCC over the last decade:

• A 2020 petition filed by Cisco Systems asking that Commission raise applicants’ Category Two budgets by 10% and allow Category Two funding to be used for advanced network security services
• A 2021 petition filed by a coalition led by the Consortium for School Networking requesting that the definition of “firewall” be modified to include all firewall and related features (e.g., next generation firewall protection, endpoint protection, and advanced security) and to update the definition of broadband to include cybersecurity — which the petition documents project would cost the E-Rate program about $2.389 billion annually to fund for all K–12 schools
• A 2022 proposal by Funds For Learning calling for a three-year E-Rate cybersecurity pilot program to fund advanced firewalls and services as a Category Two service, with a funding cap of at least $60 million to $120 million each year, with funding priority given to applicants with the highest discount rates
• A letter from 20 national educational groups led by the School Superintendents Association asking the FCC to “take a measured approach in deciding whether to expand the eligibility of advanced firewalls and services, as well as other cybersecurity services” and urging the FCC to collaborate with other federal agencies to “determine the products and services that are available and effective in responding to and preventing cyberattacks … schools should not be driving the response to cyberattacks, nor should E-Rate, the only federal funding stream supporting connectivity in schools, be repurposed/redirected for this important effort.”

The commission’s public notice lists several example requests from K–12 cybersecurity providers to illustrate the type of “advanced network security services” it is considering adding to the E-Rate ELS: “For example, Fortinet requests E-Rate support for advanced or next-generation firewalls and services that include the following capabilities: intrusion prevention/intrusion detection (IPS/IDS); VPN; distributed denial-of-service (DDoS) protection; and network access control (NAC).37 FFL suggests advanced firewall features should include “intrusion detection/prevention, malware detection/filtering, application control/visibility, antispam services, URL/DNS filtering, and endpoint-related protections.”

The request for public comment document — which can be viewed and downloaded in full at the FCC website — poses scores of specific questions for K–12 stakeholders to consider and provide feedback on; most of the questions posed fall under the following topics:

• How should the FCC officially define “advanced or next-generation firewalls and services”?
• What types of specific equipment and services E-Rate should support, including whether covered services should include Firewall-as-a-Service?
• Which category should firewall services and components be considered, if E-Rate support is approved?
• What standards or measures should be used to determine whether any advanced or next-gen firewall services approved for E-Rate coverage are cost-effective?
• What legal issues or concerns do stakeholders have related to the FCC’s authority to extend E-Rate eligibility to advanced or next-generation firewalls and services?

Learn more at the FCC website.