Please ensure Javascript is enabled for purposes of website accessibility
John Harrington, CEMP
by John Harrington
April 1, 2026

What Comes Next: Translating K–12 Cybersecurity Demand Into Permanent E-rate Policy

The data is now clear. The pilot has run. The demand has been measured.

The question facing policymakers is straightforward:
Will cybersecurity become a permanent part of E-rate — or remain a temporary experiment?

Funds For Learning’s 2026 cybersecurity analysis draws on survey data, applicant feedback, pilot program filings, and historical funding records. Together, these sources point to a consistent conclusion:

The need is established. The gap is significant. The next step is policy design.

Where the Policy Stands

The FCC’s Schools and Libraries Cybersecurity Pilot Program was authorized as a three-year, $200 million initiative.

  • Phase 1 drew $3.7 billion in demand
  • Phase 2 — representing 614 applicants — provides $174.4 million in detailed request data

That Phase 2 dataset offers the first clear view into how schools are prioritizing cybersecurity investments.

What it shows is important:
Schools are not simply requesting hardware.
They are prioritizing ongoing security services — monitoring, detection, identity protection, and endpoint security.

The current E-rate framework was not designed for that model.

The Core Policy Question

The pilot was designed to test three things:

  1. The scale of demand
  2. The types of services schools need
  3. How a program might be structured

The data has now answered all three.

The remaining question is whether the FCC will act on that evidence — and how quickly.

Six Policy Recommendations Grounded in the Data

  1. Make the Program Permanent — and Scale It

Phase 1 demand establishes a baseline.
A permanent program must be sized accordingly.

Annual funding must move meaningfully beyond the current ~$41 million firewall baseline.

  1. Eliminate the “Basic Firewall” Distinction

Modern firewalls are inherently next-generation systems.

Funding only hardware — while excluding the software and services that make it effective — creates incomplete solutions.

Eligibility should reflect how these systems are actually deployed.

  1. Align Eligibility with Real-World Demand

The pilot identified four primary service categories:

  • Monitoring and detection
  • Identity protection
  • Advanced firewalls
  • Endpoint protection

These are not theoretical categories — they reflect observed spending patterns from real applicants.

A permanent program should be built on this structure.

  1. Preserve the Equity Model

The current E-rate discount system is working.

  • Nearly all pilot participants are high-discount applicants
  • The highest-need schools are the most active participants

Any permanent program must maintain — and potentially strengthen — this focus.

  1. Adapt the Program for Managed Services

The dominance of monitoring and detection services in pilot demand highlights a structural shift.

Schools are moving toward managed security services, not just equipment.

This requires:

  • Different invoicing models
  • Different compliance frameworks
  • Greater flexibility for ongoing services

Applying hardware-era rules to service-based solutions creates friction — particularly for smaller districts.

  1. Improve Transparency Around Demand

Phase 1 revealed total demand, but not detailed breakdowns.

Releasing additional data would:

  • Improve policy design
  • Strengthen stakeholder engagement
  • Increase program credibility

What District Leaders Can Do Now

Policy outcomes are shaped by participation.

There are three practical steps districts can take today:

  1. Document Specific Needs

Quantify:

  • Cyber incidents
  • Insurance requirements
  • Security tool costs

Specific examples carry more weight than general statements.

  1. Engage in Rulemaking

When the FCC opens formal comment periods, district voices matter.

Clear, real-world examples from applicants are among the most influential inputs in the process.

  1. Maximize Current Eligibility

While policy evolves:

  • Leverage existing Category 2 funding
  • Understand current firewall eligibility boundaries
  • Align purchasing decisions accordingly

The Decision Ahead

The schools that participated in the pilot understood something fundamental:

Connectivity without protection is incomplete.

The E-rate program has always been built on a simple premise — that access to digital infrastructure is essential for learning, and that the highest-need schools should receive the greatest support.

Cybersecurity is not separate from that mission.
It is what makes that infrastructure usable and safe.

The data now makes one point clear:

The question is no longer whether the need exists.
The data has settled that.

The question is whether the program will be designed to meet it — at the scale schools have already demonstrated.

Analysis
question icon

We’re here to help!

Our mission is to provide high-quality consulting and support services for the needs of E-rate program participants. We consult with applicants to help them understand, effectively utilize, and maintain compliance with E-rate rules and regulations. We help prepare and submit paperwork, and interact with program administrators on our clients’ behalf.

Request a Consultation