FCC’s E-Rate program needs to cover cybersecurity, senators told
Written by Benjamin Freed
E-Rate, the program of the Federal Communications Commission that offers discounts to school districts on network devices, should be revised to cover purchases of cybersecurity products, a leading cybersecurity expert told U.S. senators on Wednesday K-12.
During a hearing on cybersecurity in the education and health sectors, members of the Health, Education, Work and Pensions Committee asked what additional resources organizations in these industries need to better protect themselves from ransomware, fishing schemes, attacks. denial of service and other violations, especially because both education and health services have become more dependent on technology than ever before during the COVID-19 pandemic.
“We can’t say that just a day after making technology easy to use and access,” committee chair Sen. Patty Murray, D-Wash., Said in her opening remarks. “We have to make sure it’s safe and sound. Even when a hospital or a school does everything right, there are always new threats that they may not be prepared for.”
Murray noted attacks on his home state, including incidents affecting local health departments and a 2021 breach that swept the data of more than 1 million people who had applied for unemployment benefits. The panel’s top Republican, Bill Cassidy of Tennessee, said he was concerned about attacks on K-12 schools, “because it can take years to discover that a child’s identity has been stolen.”
Amy McLaughlin, director of the Consortium for School Networking’s cybersecurity program, which represents IT professionals in the K-12 industry, said one of the best steps the federal government could take is to update the FCC to allow schools buy through E-Rate discounts beyond the 20-year menu of Internet subscriptions and internal networking devices.
“The E-rate program does not fund cybersecurity or network defenses,” he said.
This has become a growing problem, McLaughlin said, as cyberattacks have an increasing cost to school districts, their students and their teachers.
“Impacts on K-12 school districts, teachers and students include lost instructional time, damage to schools’ reputation, high financial costs, rising costs of cybersecurity, financial difficulties and credit for students and teachers for loss of personal data and increased mental health impacts, including increased anxiety and depression, “he said, listing incidents that have affected county educators and students. of Fairfax, Virginia; Hartford, Connecticut; and Miami-Dade County, Florida.
He mentioned the E-Rate program after noting that protection technologies such as next-generation firewalls, endpoint detection software and multifactor authentication protocols can be prohibitive for schools that no longer have the resources. to hire cybersecurity professionals, let alone the tools needed to create a proper defense.
“It’s like financing a race car without seat belts and airbags,” McLaughlin told StateScoop after the hearing.
Meanwhile, attacks continue to come: Josh Corman of I Am the Cavalry, a voluntary cybersecurity organization that worked with the Cybersecurity and Infrastructure Agency to protect the health sector in 2020, said there have been attacks. a “ransomware revolution” that has given malicious actors a good run. business model for freezing organizations’ networks and data.
“Why rob banks?” he said, quoting early twentieth-century gangster John Dillinger. “It simply came to our notice then. The non-availability of what is important to you can be monetized. When they reward you with a financial payment, you keep doing it. “
The ransomware, he continued, has reached a point where it has become “almost unstoppable”, saying that years of successful attacks “financed its R&D”. Schools in particular are “aimed at the rich, the cyber-poor,” he said.
But in the absence of an electronic tariff review, McLaughlin and other witnesses said the federal government can do more to promote the services offered by CISA and other agencies, including providing more support to analysis and exchange centers. information operated by various sectors. Denise Anderson, president and CEO of Health ISAC, said she often sends products from CISA and the Department of Health and Human Services to its members. He also said that during his previous experience leading ISAC Financial Services, Treasury Department support led to a “tsunami” of bank membership.
“If we can educate, that would be a great thing,” she told Sen. Maggie Hassan, DN.H.
Schools also face a major hurdle. McLaughlin told senators that 65% of CoSN member districts have less than 2,500 students, with the same staff size.
“Having someone who knows there is a resource becomes a challenge,” he said.