FCC’s E-Rate program must cover cybersecurity, senators said

Written by Benjamin Freed

E-Rate, the Federal Communications Commission’s program that gives school districts discounts on network devices, is to be overhauled to cover purchases of cybersecurity products, a leading cybersecurity expert from the United States told senators on Wednesday. kindergarten to 12th grade.

During a hearing on cybersecurity in the education and health sectors, members of the Committee on Health, Education, Work and Pensions asked what additional resources organizations in these sectors needed to better protect against ransomware, phishing programs, denial of service attacks and other breaches, especially as education and healthcare services have become more dependent on technology than ever during the pandemic of COVID-19.

“We can’t just call it a day after making technology easy to use and access,” committee chair, Sen. Patty Murray, D-Wash., said in her opening remarks. “We have to make sure it’s safe and secure. Even when a hospital or school is doing everything right, there are always new threats they cannot be prepared for.

Murray noted attacks in his home state, including incidents that affected local health departments and a 2021 breach that swept through data on more than a million people who had applied for unemployment benefits. The panel’s lead Republican, Bill Cassidy of Tennessee, expressed concern about attacks targeting K-12 schools, “because it can take years to discover that a child’s identity has been stolen.”

Amy McLaughlin, cybersecurity program director for the Consortium for School Networking, which represents IT professionals in the K-12 sector, said one of the best things the federal government could do is for the FCC to update what it allows schools to buy using E- Discounted rates beyond the 20-year-old menu of Internet subscriptions and internal networking devices.

“The E-rate program does not fund cybersecurity or network defenses,” she said.

It’s become a growing problem, McLaughlin said, as cyberattacks take a bigger toll on school districts, their students and teachers.

“Impacts on school districts, teachers, and K-12 students include lost instruction time, reputational damage to schools, high financial costs, increased costs of cyber -insurance, financial and credit hardship for students and teachers due to loss of personal data and increased mental health impacts, including increased anxiety and depression she said, listing incidents that affected educators and students in Fairfax County, Virginia; Hartford, Connecticut; and Miami-Dade County, Florida.

“We can’t just call it a day after making technology easy to use and access.”

Senator Patty Murray, D-Wash.

She mentioned the E-Rate program after noting that protection technologies such as next-generation firewalls, endpoint detection software and multi-factor authentication protocols can be prohibitively expensive for schools that already lack the resources to hire cybersecurity professionals, let alone the tools to put up an adequate defense.

“It’s like funding a race car with no seatbelts or airbags,” McLaughlin told StateScoop after the hearing.

Meanwhile, the attacks continue: Josh Corman of I Am the Cavalry, a voluntary cybersecurity organization that worked with the Cybersecurity and Infrastructure Security Agency to protect the healthcare sector in 2020, said there had been a ransomware “revolution” that has given malicious actors a business model job in freezing organizations’ networks and data.

“Why are you robbing the banks? he says, quoting early 20th-century mobster John Dillinger. “Because that’s where the money is. The unavailability of what is important to you can be monetized. When you are rewarded with a financial payment, you continue to do so.

Ransomware, he continued, has reached a point where it has become “almost unstoppable”, claiming that years of successful attacks “funded their R&D”. Schools in particular are “target rich, cyber poor”, he said.

But barring an overhaul of the E-Rate, McLaughlin and the other witnesses said the federal government could do more to promote the services offered by CISA and other agencies, including providing greater support to sharing and analysis of information operated by various sectors. Denise Anderson, president and CEO of Health ISAC, said she frequently pushes products from CISA and the Department of Health and Human Services to her members. She also said that in her previous experience leading the financial services ISAC, Treasury Department support resulted in a “tsunami” of banks joining.

“If we can educate, that would be a good thing,” she replied to Sen. Maggie Hassan, DN.H.

Schools also face a major hurdle. McLaughlin told senators that 65% of CoSN member districts have fewer than 2,500 students, with enrollments to match.

“Having someone who knows there’s a resource becomes a challenge,” she says.

Ryan H. Bowman