How schools can make the most of the FCC's new cybersecurity program

Key points:

K-12 school districts are becoming an increasingly popular target for ransomware operations and other cyber threat actors. Ransomware attacks are only targeted 108 US school districts in 2023–more than double the 45 attacked in 2022. Just as the 2024 school year was about to begin, a ransomware attack close some schools in the United States and Great Britain, including 34 schools serving 17,000 students in the Seattle area.

And while the number of attacks overall has decreased somewhat over the past year, the costs of those attacks are increasing. So far in 2024, recovery costs for K-12 schools are with an average of 3.76 million dollarsmore than double costs from 2023.

The vast amount of personal information that school districts hold on students and parents makes them a prime target for cybercriminals seeking to exploit or sell the data on black markets. The fact that many schools rely on older, underfunded IT infrastructure and have not invested much in cybersecurity controls or defenses also makes them easier to breach, and smaller, less resourced IT departments do as well. They mean they are slower to respond to threats.

Fortunately, much-needed funding and resources to improve schools' cybersecurity infrastructure are coming. The Federal Communications Commission (FCC) recently announced which is making up to $200 million in rebates available to help schools, school districts and libraries purchase equipment and services to improve their cybersecurity postures.

He Cybersecurity pilot program in schools and librariesAimed at helping institutions improve protection against ransomware and other attacks, it is accepting applications from schools, libraries or consortia until November 1. However, before applying for the pilot program, institutions should make an effort to understand their current security postures and vulnerabilities. and how the categories of services and products available can help to fully ensure that the requested services address the most important infrastructure vulnerabilities and challenges they face.

Let's first review the covered services and equipment, which involve four basic cybersecurity categories.

The four pillars of cybersecurity addressed by the pilot program

Advanced/next-generation firewalls. This network security software processes network traffic and applies rules to block potentially dangerous traffic. While most schools likely have a firewall, internally managed firewalls are time-consuming and laborious to manage.

Terminal protection. Endpoint protection and response (EDR) tools monitor endpoints such as laptops, smartphones, and other devices for signs of attack or anomalous behavior. This is also a solution that some schools may already have. For example, schools that use a vendor like Microsoft might have a license that includes some amount of endpoint protection, but it probably isn't robust. It is recommended that schools analyze what they have in place for their technology stack to determine the extent of their current EDR capabilities.

Identity protection and authentication. As credential breaches have become the primary means of access for attackers, the first line of defense has shifted from the end devices to the user. This means that individual users, particularly those with privileged access, will be the most likely target of cybercriminals. Identity and access management (IAM) tools control which users can access resources. As schools adopt more digital platforms for learning, administration and communication, these tools help manage and control who has access to various resources, ensuring that only authorized people can access sensitive data such as student records, data health and financial details. As with EDR tools, current IAM tools provided to schools may not be robust enough.

Monitoring, detection and response. This category includes equipment, services, or a combination of both that monitor and/or detect threats to a network and take response actions to remediate or address those threats. This includes managed service providers, who combine technology with human expertise to identify attackers and limit the impact of threats as they move through a school's network. Under current budget constraints, this is the capability that schools and libraries are least likely to have, as it requires a dedicated team to ensure there are no malicious actors on the network.

Beyond Funding: Essential Next Steps to Maximize FCC Pilot Program

School districts must first understand the risks and where they stand in relation to them to fully reduce their vulnerability to cyberattacks. Once they understand what services they have and the scope of those services, they will be able to identify any gaps in security capabilities and make a plan to speak with the appropriate providers of those tools.

To make the most of the program and the funding that the FCC will provide, schools must choose their solutions carefully. Schools can ensure that cybersecurity vendors meet their needs by following a few key steps:

Test suppliers. It is important to identify the right suppliers for what you need. Ask vendors to demonstrate how they have responded to attacks, as well as their proven experience working with schools or educational institutions. These providers will better understand the specific challenges schools face, such as limited budgets, varied user groups (students, staff, parents), and the need for a safe but accessible online learning environment.

Consult client references. Ask for referrals from other K-12 districts that have used the provider's services. This provides insight into the vendor's ability to deliver on its promises, handle sensitive data, and provide ongoing support. A positive customer reference can be an important indicator of whether the provider and its solution will be suitable to meet your own needs.

Check out important features and support. A major obstacle to achieving adequate security within school districts lies at the top of the pyramid. When evaluating vendors in any category, a key area they can support is their ability to offer hands-on exercises that can engage and educate administrators and other teachers who may not understand or appreciate security. These exercises simulate real-world cyberattacks to help schools prepare for potential incidents, allowing them to practice their incident response in a low-risk environment and ultimately improving their overall cybersecurity posture. They also serve as an educational tool, raising awareness of common attack vectors such as ransomware or phishing so that all staff can be better prepared to recognize and respond to cyber incidents. Finally, they can help uncover vulnerabilities in communication, decision-making, and technical defenses, allowing leaders to understand firsthand cybersecurity shortcomings and the devastating impact they can have.

When considering monitoring, detection and response (MDR) solutions, there are some capabilities that are essential for strong cybersecurity. The first is user and entity behavior analysis (UEBA), which uses machine learning to help identify signs of insider threats, external attacks, and risky behavior on a network, including endpoints. It allows schools to identify whether behavior meets the standard baseline or is beginning to deviate. For example, someone accessing an Oregon school network from the Bahamas might look suspicious, but if it's a teacher on vacation there, it might be fine.

MDR tools should also be autonomous. A solution must be able to capture information and respond automatically. If you identify stolen credentials being used on the dark web, for example, make sure you can initiate password resets and disable those credentials. There are several touchpoints that can indicate a ransomware attack or data breach, such as file modifications, adding registry keys, or adding autorun tasks to the registry. A solution should be able to detect that activity and stop it before it causes too much damage. In other words, these solutions should block and address the movements of criminals.

Safeguarding education through smart cyber investments

Schools focus primarily on educating students, and as educational institutions, their mindset has traditionally leaned toward sharing information, rather than protecting it. Cybersecurity has not always been a priority. But the trend of cyberattacks, which can close schools and prevent them from teaching, is changing that.

Schools need to strengthen their cybersecurity postures, and programs like the FCC pilot can help. By clearly assessing their current security posture and taking steps to close any gaps in their defenses using the right services and equipment, they can return to their primary goal of educating their students without worrying about suffering from disruptive cyberattacks.