Cybersecurity in education: FCC pilot program and Jamf

Educational technology is a mainstay for learning in many K-12 schools. This tech ranges in purpose and user. A few of many more examples are:

• Teachers guiding students through a lesson with software like Apple Classroom
• Students playing collaborative educational games on their iPads
• IT admins keeping track of and securing student devices with Mobile Device Management (MDM) software
• School administrators keeping track of student information

Educational technology (edtech) use is increasing. In their recent publication The EdTech Top 40: A Look at K-12 EdTech Engagement During the 2023-24 School Year, Instructure reports that school districts accessed an average of 2,739 edtech tools in the most recent school year. This number is up 8% compared to the 2022-2023 school year, following a years-long trend of increased tool adoption.

This number is also more than 3 times greater than in the 2018-2019 school year, potentially illustrating how technology use in education has evolved through the years. With this relatively new evolution comes new opportunities for cyber threat actors.

Schools keep track of heaps of personal and financial data about students, parents, teachers and other staff. And not all schools have the funding or know-how to keep this data secure. This makes them a ripe target for attackers.

Indeed, schools are feeling the heat. According to ThreatDown, “2023 was the worst ransomware year on record” for education, with a 92% increase in attacks against K-12 schools compared to the year before. K-12 schools have historically been the top target for ransomware, and recovery can take weeks and thousands of dollars. That’s why cybersecurity in schools is paramount.

To address this growing danger to schools, the U.S. Federal Communications Commission (FCC) recently approved a $200 million, three-year pilot program to support secure internet use in K-12 institutions and libraries. Based on this pilot, the FCC aims to:

“…gather key data on the types of cybersecurity services and equipment that K-12 schools and libraries need to protect their broadband networks and securely connect students, school staff, and library patrons to advanced communications that are integral to education.”

— Schools and Libraries Cybersecurity Pilot Program Report and Order

In this blog, we’ll look into what this means for eligible schools.

Who can participate in this pilot program?

The FCC intends for a variety of school sizes to apply for the program, with a focus on schools with the greatest need. Both elementary and secondary schools can qualify, defined as:

Non-profit institutional day or residential schools, including public charter schools, that provide elementary or secondary education as determined under State law, except that the term does not include any education beyond grade 12

— Adapted from 20 U.S.C. 7801

Additionally, schools can not operate as for-profit businesses or have endowments exceeding $50,000,000.

What services and equipment are covered?

The pilot decided to allocate $13.60 in funds per student, aiming to support “the majority of the total costs related to any one of the three types of security measures” they identified in their cost estimate. Schools and school districts will be eligible to receive $15,000 as a minimum over the three-year pilot duration. The FCC notes note that while this may not be sufficient by itself for all of a school’s cybersecurity needs, it allows for more schools to receive funding to implement a solution within one major technological category.

This money covers a wide variety of services and equipment, a sampling of which is given here:

• Advanced/next-generation firewalls
  • Advanced threat detection and prevention
  • Artificial intelligence/machine learning threat detection and response
  • Integrated intrusion prevention systems
  • Malware detection
  • Network segmentation
  • Patch management systems
  • Virtual private networks
• Endpoint protection
  • Anti-malware, -ransomware, -spam and -virus
  • Endpoint detection and response
  • Privileged access management
  • Web application hacking
• Identity protection and authentication
  • Content blocking and filtering/url filtering
  • DNS/DNS-layer security, blocking and filtering
  • Email and web security
  • Intrusion detection systems
  • Multifactor authentication
  • Privileged identity management
  • Single sign-on
  • Zero-trust architecture
• Monitoring, detection and response
  • Compliance assessment
  • Data loss prevention
  • Network traffic analysis
  • Threat hunting
  • Vulnerability management

See the FCC’s longer, but not exhaustive list.

How can my school apply for this program?

The FCC recommends schools to prepare before the filing window opens:

• Review the Pilot Program Order
• Sign up for updates and information about the program
• Obtain registration numbers and create accounts, if applicable:
  • FCC Registration Number
  • Billed Entity Number
  • E-rate Productivity Center account
  • System for Award Management account

Read the FCC’s list for more information or check out the draft FCC Form 484.

Jamf supports schools

Did you know that Jamf can support your school’s cybersecurity posture?

Jamf School helps IT admins keep track of student devices and make sure they’re up to date and secure.

Jamf Safe Internet for best-in-class network threat prevention for schools, blocking access to malicious websites and phishing attacks — without violating student privacy or stifling their curiosity.

Jamf Protect provides endpoint protection powered by machine learning against sophisticated attacks.

Learn more about how Jamf help's K-12 schools stay secure.