FCC Adopts $200M Cybersecurity Pilot Program

June 12, 2024

Attached: Cybersecurity Pilot Summary – June 2024

~ Application process begins this fall ~
~ Sign up for USAC CPP updates ~

On June 6, the FCC approved a new, 3-year Cybersecurity Pilot Program (CPP) that will provide up to $200 million to selected schools and libraries to purchase a wide variety of cybersecurity services and equipment.  Although the Pilot is not part of the E-rate program, it will generally use the E-rate framework and EPC portal.

Who Is Eligible to Apply to Participate in the Pilot Program?

Schools, libraries and consortia of schools and libraries that are eligible for E-rate may apply to participate in the Pilot Program.  A Pilot applicant need not be a current or former E-Rate program applicant in order to be eligible to apply for the Pilot, and new consortia can be created to apply for funding.

How Will Pilot Program Participants Be Selected?

To facilitate the inclusion of a diverse set of Pilot projects and to target Pilot funds to the populations most in need of cybersecurity support, the FCC will select a combination of large and small and urban and rural schools, libraries, and consortia, with an emphasis on Pilot projects that include low-income and Tribal applicants.  In other words, funding for CPP is not guaranteed like it was for E-rate and the Emergency Connectivity Fund (ECF) – you must apply and be selected.  If the total funding requested from all applications exceeds the $200 million budget, priority will be given to highest discount applicants.

What Services and Equipment are Eligible for Reimbursement?

A wide variety of cybersecurity services and equipment qualify for Pilot funding, subject to an overall cap. Eligible services and equipment generally fall into four categories:

  • Advanced/Next Generation Firewalls;
  • Endpoint Protection;
  • Identity Protection and Authentication; and
  • Monitoring, Detection, and Response.

A detailed list of eligible equipment and services is available at: https://www.fcc.gov/cybersecurity-pilot/cybersecurity-pilot-eligible-services-list.  Note:  Basic firewalls are not CPP eligible because they are eligible for E-rate; however, advanced firewall features are eligible for CPP.

How Much Funding is Available to Selected Participants?

First, it’s important to note that the funding amounts listed below are pre-discount amounts.  Selected participants will be required to pay their non-discount share of the costs of the eligible services and equipment, using the E-rate Category 1 discount matrix.  Second, the $200 million available is the total amount available, not an annual amount.

The following are the funding amounts for each applicant type:

Schools:  Each school is eligible to receive up to $13.60 per student, annually, on a pre-discount basis.  There is a pre-discount minimum annual floor of $15,000/year, and a pre-discount maximum $1.5 million/year.  (Note that the minimum amount applies when the school or district have 1,100 or less students).

Libraries:  Each library is eligible to receive a pre-discount budget of $15,000 annually up to 11 libraries/sites.  For library systems with more than 11 libraries/sites, the budget will be up to $175,000 pre-discount annually.

Consortia:  Consortia comprised of eligible schools and libraries will be eligible to receive funding based on student count, using the annual pre-discount $13.60 per-student multiplier and $1.5 million annual pre-discount funding caps, and the number of library sites, using the pre-discount $15,000 annual per-library budget up to 11 libraries/sites and $175,000 annual pre-discount funding cap.  Consortia comprised of both eligible schools and libraries will be subject to the pre-discount $1.5 million annual budget maximum applicable to schools.

Note:  Each of these amounts is per year, so multiple the amounts times 3.  Pilot participants may request reimbursement for expenses as they are incurred even if it means that the amount of funding disbursed in a given year of the program exceeds their annual budget (for example, you can purchase a 3-year MFA license and receive reimbursement for the full amount in year 1).   Also, these amounts will not impact the E-rate Category 2 budgets because CPP is an entirely different program.

Will Equipment and Services be Required to be Competitively Bid? 

Yes.  Competitive bidding will be required using a new CPP Form 470 and rules will mirror the existing E-Rate competitive bidding process and rules (waiting 28 days before conducting bid evaluation and signing a vendor contract).  A CPP Form 470 will be developed that will closely mirror the E-rate Form 470.   Participants will be permitted to require in the CPP Form 470 that the services or equipment are interoperable with and/or compatible with existing equipment and services and also may list a preferred manufacturer as long as it is followed by “or equivalent”.

What is the Process for Applying to Participate in the Pilot Program?

There will only be one application cycle (not one each year) and it will be conducted in two parts.  First, this fall, applicants will submit a Form 484(a), on which they will provide general information about the schools and libraries seeking support, their experience with cybersecurity matters; whether they expect to implement cybersecurity recommended best practices; and their current or expected use of free or low-cost federal resources.  Applicants will also be required to provide information about the proposed Pilot project, including a description of the goals and objectives to be achieved; the services and equipment to be purchased (and associated costs); and the cybersecurity risks the proposed Pilot project will prevent or address.  See paragraph 63 of the Order for detailed information on what information will be collected on Form 484(a).

Next, FCC and USAC officials will review applications and select participants.  Participants will be announced in an FCC Public Notice.

If selected to participate in the Pilot Program, participants then will be required to submit Form 484(b), on which they will provide more detailed information about their cybersecurity experiences, such as their current cybersecurity posture, including how the school or library is currently managing and addressing cybersecurity risks through prevention and mitigation tactics; history of cyber threats and attacks (within a year of the date of the application); current cybersecurity training policies and procedures; and cybersecurity challenges faced.  Forms 484(b) will be hidden from public view due to the sensitive information on the form.  See paragraph 74 of the Order for detailed information on what information will be collected on Form 484(b).

Note:  The FCC Order doesn’t refer to (a) and (b) in those terms, but I think this is the nomenclature that the applicant community will begin to use to describe these two application parts.

FCC-order

 

What Can Participants Expect after Bidding? 

After participants complete a competitive bidding process and sign vendor contracts, they will submit requests for services and CPP funding in the ECF Portal using a form that will be similar to the Form 471.  USAC will review the applications and, upon approval, will receive a Funding Commitment Decision Letter (FCDL) approving or denying their funding requests.  Once an FCDL is issued and the delivery of services has started, participants and service providers may submit requests for reimbursement from the Pilot Program using forms similar to the Form 472 BEAR and Form 474 SPI.

How Can I Stay Informed About the Cybersecurity Pilot Program?

  1. Be sure to sign up for USAC’s new CPP e-mail list at:  https://survey.alchemer.com/s3/7881841/E-Rate-Cyber-Pilot-Program-Email-List.
  2. Visit USAC and FCC CPP Resource pages:  https://www.usac.org/e-rate/cyber-security-pilot-program/ and https://www.fcc.gov/cybersecurity-pilot-program.
  3. I will schedule a CPP webinar for PA schools and libraries in the coming weeks!  I also will be adding a new Cybersecurity Pilot tab to the www.e-ratepa.org website in the next few days where I will post all relevant CPP information.

What Should I be Doing Now to Prepare for the CPP Application Window?

While no date has been given on when the application process will open this fall, you can start preparing now for part one of the application process by gathering the outlined in paragraph 63 of the CPP Order.  Also, decide whether you will be applying alone or as part of a consortium (established or new).

I encourage you to read the FCC’s Cybersecurity Pilot Program Order.  If you have any questions, I’ll try to answer them and for those I can’t answer, I’ll begin compiling a list of questions to submit to USAC/FCC.

 

Julie Tritt Schell

Pennsylvania E-rate Coordinator
717-730-7133 – o
jtschell@comcast.net
www.e-ratepa.org

Site graciously hosted by the Capital Area IU 15 | Site designed and maintained by Silver Penny Studio