Cybersecurity Funding

What K-12 IT Leaders Need to Know About the Proposed Expansion of E-Rate Eligible Services

Since December, the Federal Communications Commission’s Wireline Competition Bureau has sought public comments on several proposals to expand the E-Rate eligible services list to include “advanced or next-generation firewalls and services, as well as other network security services,” 

The initial comment period closed on Feb. 13, and reply comments close on March 30.

Yet it will likely be at least a year before any new cybersecurity equipment or services may be added to the E-rate eligible services list — and considerably longer if the FCC decides to significantly expand the types of network equipment and services that would qualify for the hefty 85% discount available through E-rate funding to school districts and libraries, said Brian Stephens, director of stakeholder engagement at Funds For Learning, a consulting firm that helps schools and libraries navigate the complex E-rate application process.

FFL is one of four groups whose E-rate expansion proposals were included in the FCC’s call for public comments; the others were filed by Cisco Systems, the Consortium for School Networking, and a group of educational organizations led by the School Superintendents Association.

Some of the proposals called on the FCC to throw open the gates for school districts struggling to keep their networks secure with limited budgets and in the face of an ever-growing cyberattack “industry.” Others called for a more measured approach with limited expansion of E-rate funds for advanced cybersecurity equipment and services.

K–12 procurement officers and IT leaders will want to begin preparing to apply for the expanded funds if and when the FCC decides to expand the E-rate eligible services list — particularly if the agency’s expansion plan of choice means that the amount of E-rate funds to cover modern cybersecurity services is limited, at least for the first few years.

THE Journal recently asked Stephens — who specializes in helping schools and libraries navigate the complex E-rate funding process — for his predictions and “best professional guess” on what the FCC is most likely to do and how E-rate recipients can be best prepared to take advantage of any potential expansion of eligible cybersecurity services. 

THE Journal: Does Funds For Learning see E-rate expansion as likely? 

STEPHENS: That is a “crystal ball” question, for sure! Nothing is guaranteed, but we feel like the chances of seeing a change are higher than they have ever been. The FCC’s request for public comment is an encouraging sign that they are seriously contemplating the E-rate program’s role in supporting reliable and secure Internet access for K-12 schools and public libraries.

THE Journal: If it does happen, what does that timeline look like? 

STEPHENS: Much of the timeline depends on the extent of the changes the commission decides to implement. On the faster end of the scale, the FCC could choose to make a relatively minor change and begin funding “next-generation” firewalls. That change could easily go into effect for funding year 2024 with a minor change to the program’s Eligible Services List. However, if the decision is made to implement more substantial changes — adding other types of network security services beyond the firewall — the process could take a bit longer, as a Notice of Proposed Rulemaking may be necessary (among other procedural requirements at the FCC).

THE Journal: Is there any feel — among people in the E-rate industry, or among Funds For Learning staff — for what the likeliest changes might be?

STEPHENS: You might get as many answers to this one as the number of people you ask! In the initial comments submitted in response to the FCC’s Public Notice, there was near unanimous agreement that the E-rate program should fund additional network security products and services. Further, there seems to be a consensus that the starting point (or “bare minimum” if you want to think about it in those terms) would be the inclusion of next-generation firewall functionality. But comments suggesting the inclusion of additional cybersecurity services beyond next-gen firewalls weren’t quite as uniform, with some calling for more security functionality but still within the realm of the network and others favoring going even further with solutions like endpoint protection and data/information security services.

THE Journal: If E-rate is expanded following this comment period, how soon might schools be able to apply for or access the funds for more modern firewall services or equipment, for example?

STEPHENS: If the FCC implements a change in eligible services for cybersecurity, under the most likely scenario, the earliest schools and libraries would be able to take advantage would be in Funding Year 2024. (This would mean competitive bidding for these services in late calendar year 2023 and early 2024 and purchases starting in either April or July 2024.) Typically, changes like this one are implemented on a “going forward” basis – it is not common for the FCC to expand eligibility rules retroactively (mainly because prior years’ application windows are already closed, so it is impossible to submit more funding applications.)

THE Journal: How can school districts’ IT and procurement staff be prepared for what could be a flurry of new E-rate funding requests?

STEPHENS: My first recommendation would be for district leaders to make sure they have a way to stay informed of any potential changes — the faster they can get up to speed on the specifics, the more time they will have to make a plan and take action before the next application cycle. Next, I would suggest that tech leaders review the age and status of their hardware and software licensing for network security, and whatever contracts or purchasing vehicles for network security they may have in place for those solutions. Because some cybersecurity services have never been eligible for E-rate funding, there is a good chance that those services have never been through E-rate’s required competitive bidding process. When contemplating upcoming cybersecurity investments, schools may consider conducting an E-rate competitive bid prospectively so that they are prepared in the event of a rule change.

THE Journal: If the change that is approved is the proposed three-year “trial” with a limit on the expanded firewall eligibility, are schools going to be in a race to apply first before the new/expanded funding runs out?

STEPHENS: That is a possibility, but there are also several ways that a pilot or trial program could be implemented, providing each applicant with a fair share of funding. The current Category Two budget system is designed on this principle. Each applicant is subject to a funding cap determined by total student enrollment. The E-rate program has enough funding to ensure that all applications can be approved, even if every applicant requests its entire budget amount.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].