On June 11, the Federal Communications Commission ("FCC") issued a Report and Order creating the Schools and Libraries Cybersecurity Pilot Program ("Pilot Program") to provide funding for K-12 schools, libraries, and consortia (collectively, "eligible recipients"[1]) to enhance their cybersecurity defenses in today's era of increased remote and digital learning. Service providers will have the opportunity to submit bids to provide cybersecurity equipment and services to Pilot Program participants looking to enhance their broadband networks to defend against cybersecurity threats and attacks. The Pilot Program will run for three years and funding for eligible participants will come from the Universal Service Fund ("USF") (separate from the E-Rate Program).[2] Funding will be capped at $200 million.

Program Overview

Eligible recipients may request and receive discounts and financial support through the Pilot Program to purchase from service providers through a competitive bidding process qualifying cybersecurity services and equipment to support their network connectivity. Eligible purchases can include telecommunications services, Internet access, and internal connections, as well as increased cybersecurity for their broadband networks and data protection. The Universal Service Administration Company ("USAC") will administer the Pilot Program, oversee the application process for selecting eligible recipients, and manage requests for funding, reimbursement, and discounts. The Pilot Program has a per-student and per-library budget, subject to a minimum funding floor and an overall funding cap. The FCC aims to provide funding across a diverse cross-section of eligible participants with a focus on those with the greatest need, not heavily concentrated in any particular state or region, with an emphasis on funding proposed Pilot projects that include low-income and Tribal applicants. Pilot Program participants must also provide initial, annual, and final reports, which will be used to track and measure the effectiveness of the Pilot Program.

Funding Parameters

Eligible recipients selected for the Pilot Program may receive, at a minimum, $15,000 in support, on a pre-discounted basis, to purchase eligible cybersecurity services and equipment. Participating schools, school districts, and consortia, may receive up to a maximum of $1.5 million and participating libraries up to $175,000.

Recipients will be able to request reimbursement of expenses incurred during the Pilot Program term but will be required to pay their non-discounted share of the costs of the eligible services and equipment. Importantly, the Report and Order outlines certain ineligible costs, including equipment, services, or other related costs that are eligible for other funding (e.g., through the E-Rate program) and/or reimbursement (e.g., through any other USF or federal, state, or local program) in the year for which Pilot Program reimbursement is sought.

Eligible Providers, Services, and Equipment

The FCC adopted a Pilot Eligible Services List (P-ESL), which specifies a wide range of eligible cybersecurity services and equipment. The FCC described its approach as "flexible" in that it deems services and/or equipment eligible if they "constitute a protection designed to improve or enhance the cybersecurity of a K-12 school, library or consortia," and participants are not "lock[ed] . . . into specific technology products." Even so, the Report and Order outlines four general categories of eligible technology as effective in combatting cyber threats, namely: (i) advanced/next-generation firewalls; (ii) endpoint protection; (iii) identity protection and authentication; and (iv) monitoring, detection, and response. Moreover, the Report and Order specifies that eligibility is limited to: (i) equipment that is network-based (thereby excluding purchases of user devices such as tablets, smartphones, and laptops); and (ii) services that are network-based and/or locally installed on end-user devices.

The FCC encourages participation in the Pilot Program by a broad range of service providers including, for example, telecommunications and Internet service providers. The FCC also encourages participation by new companies as the Pilot Program does not require service providers to have preexisting service provider identification numbers (SPIN) before submitting cybersecurity bids, nor do service providers need to have previous E-Rate experience before participating in the Pilot Program.

Pilot Program Application Process and Administration

The FCC expects to initiate the Pilot Program application process by opening the application window this Fall. Eligible recipients must apply by submitting two parts (the second only after being selected following the first) of a new FCC Form 484 application and accompanying certifications. Among other things, the applicants must provide cybersecurity information about itself and its proposed Pilot Program project and a clear strategy for addressing the cybersecurity needs of its K-12 school(s) and/or library(ies).

As administrator, USAC will be responsible for reviewing applications, recommending funding commitments, issuing funding commitment decision letters, reviewing invoices, and recommending payment of funds. Notably, USAC has no authority to make policy and must seek FCC guidance where rules are unclear.

Competitive Bidding, Requests for Services, Invoicing and Reimbursement Processes, and Discounts

All participants in the Pilot Program must conduct a fair and open competitive bidding process[3] for all services and equipment eligible for support. To initiate the competitive bidding process, applicants post FCC Form 470 on USAC's website, listing services and/or equipment requested and sufficient information to enable bidders to reasonably determine the needs of the applicant, signed by an authorized representative under penalty of perjury. Participants must select the most cost-effective bid, including weighing cost-effective service offerings and pre-discount prices submitted by bidders.

Applicants will submit a Pilot FCC Form 471 to request eligible services and equipment (and discounts thereon) for the upcoming funding year, including detailed descriptions of the services and equipment requested, the costs of and service dates for the services and equipment, the selected service provider(s), and certifications regarding compliance with program rules. Both participants and service providers may submit requests for reimbursement using the Pilot FCC Forms 472 and 474, respectively, along with supporting documentation (invoices, etc.). Requests for reimbursement must be submitted to USAC within ninety (90) days after the last date to receive service, and participants or service providers may request a one-time extension of the invoicing filing deadline if the request is timely filed. Reimbursement requests will be handled on an expedited basis.

Discounts for participants in the Pilot Program are set as a percentage ranging from 20 percent to 90 percent of the pre-discount price for all eligible services provided by eligible providers. The discounts available shall be determined by indicators of poverty and urban/rurality designation. This means, for example, that participants with the greatest need will be eligible for support for 90 percent of their costs and will be required to contribute only 10 percent of the cost of eligible cybersecurity services and equipment purchased with Pilot Program funds.

DWT's communications and privacy and security groups are tracking developments of this program and readers should feel free to reach out to us with any questions.

 


[1] Schools (including school districts), libraries, and consortia that may apply for the Pilot Program funding are defined in § 54.2002 of the final rules in Appendix A to the Report and Order.

[2] The FCC created the E-Rate program 1997 in response to the Telecommunications Act of 1996. It currently funds basic firewall service as part of the vendor's Internet service as a category one service and separately-priced basic firewalls as a category two service. However, E-Rate does not currently fund advanced firewalls or other cybersecurity services and equipment that are increasingly in demand by school and library networks to protect against cyber threats and attacks.
[3] Notably the FCC declined to permit applicants with existing contracts for cybersecurity solutions to request Pilot Program funding to cover the cost of those contracts and be exempt from any competitive bidding requirements.