Overcoming proposal headaches to secure FCC pilot funding

Cybersecurity has become a critical concern for K-12 schools, and the Federal Communications Commission (FCC) is stepping up to address this issue with its new Schools and Libraries Cybersecurity Pilot Program.  

This initiative is set to provide $200 million over three years to help schools and libraries enhance their cybersecurity infrastructure. But how can schools tap into this funding, and what challenges might they face along the way?

In this blog post we provide background on this new program, what’s required to apply for funding, and how to overcome the challenges commonly associated with applying for these types of K-12 school pilot programs.

Background: FCC Pilot Program

The FCC's Schools and Libraries Cybersecurity Pilot Program is designed to evaluate the effectiveness of using Universal Service funding to support cybersecurity services and equipment for protecting school and library broadband networks and data. 

Why it matters

According to the May 2023 CoSN State of EdTech Leadership report, cybersecurity remains respondents’ top priority for the fifth year in a row. However, 66 percent of school districts do not have a full-time cybersecurity position. 

This gap leaves them vulnerable to cyberattacks, which can disrupt learning, compromise sensitive data, and drain limited resources. The pilot program offers a much-needed financial boost to help schools safeguard their digital environments and protect sensitive data.

How it works

This pilot program aims to provide valuable insights that could lead to permanent cybersecurity funding solutions in the future. It will distribute up to $200 million over three years to selected participants.

Schools and libraries can use these funds to purchase a wide range of cybersecurity services and equipment, including advanced firewalls, endpoint protection, identity protection, authentication, and monitoring and response systems such as the UncommonX MDR Solution for Education.

How to request FCC funding

Eligible applicants include schools, libraries, and consortia of schools and libraries that meet the E-Rate program's eligibility requirements. Notably, an applicant does not need to be a current or former E-Rate program participant to be eligible.

Application requirements

The application process is expected to open this fall, and provide $200 million over three years to eligible schools and libraries. The application process is divided into two parts:

1. Part One: Applicants provide general information about their cybersecurity experience and plans, including their use of free or low-cost federal resources, and a description of the goals and objectives of their proposed project.
2. Part Two: For selected applicants, more detailed information is required, such as their current cybersecurity posture, history of cyber threats, current cybersecurity training policies and specific challenges faced.

How funds can be used

Schools and libraries can use these funds to purchase a wide range of cybersecurity services and equipment, including but not limited to:

• Advanced/Next-Generation Firewalls
• Endpoint Protection
• Identity Protection and Authentication
• Monitoring, Detection and Response (MDR)

Challenges facing applicants

Navigating any grant program can be a daunting task for K-12 IT teams. The application timelines demand a swift gathering of detailed information and documentation, a challenge for teams already operating at full capacity. Most schools typically face the following challenges:

Time and resources

Many schools lack the in-house expertise and resources to assess their cybersecurity needs accurately and prepare a compelling application. Preparing a comprehensive application within the set timelines can be challenging, especially for IT teams that are already stretched thin.

Proof of need

Applicants must clearly demonstrate their need for cybersecurity improvements and how they plan to use the funds effectively. This requires a thorough understanding of their current cybersecurity posture and the specific risks they face.

In-house expertise

Many schools lack the in-house expertise necessary to thoroughly assess their cybersecurity needs and prepare a compelling application. This can hinder their ability to provide a detailed analysis of their current cybersecurity posture.

How we can help schools with applications

A crucial step in preparing for the FCC application is understanding and documenting your school's current cybersecurity posture. These assessments are crucial for understanding the current state of your school's cybersecurity program and its needs, to inform your proposal.

At UncommonX, we leverage the structured approach of the NIST Cybersecurity Framework to conduct these assessments, providing a clear framework for managing and mitigating cyber risks. In fact, the founder of UncommonX was a contributing author to the original framework.

Through this detailed assessment, UncommonX delivers a prioritized set of recommendations that focus on practical, but impactful improvements, helping schools to create effective pilot proposals. This may include:

Conducting security audits

A comprehensive security audit provides an objective assessment of your school's cybersecurity strengths and weaknesses.

Documenting plans for various scenarios

Best practices like the PICERL process are used to prepare for different types of security incidents.

Reviewing communication protocols

So that all staff, parents, and students know how to report suspicious activities, and are aware of potential phishing threats.

Detailing system updates and backups

A strict schedule for system updates, backups and security patches is created to protect against vulnerabilities.