By NTCA CEO Shirley Bloomfield and Fiber Broadband Association President and CEO Gary Bolton
Cyberattacks are on the rise, and it is critical that broadband providers have plans in place to mitigate threats before they occur. It is not enough to just build a network; providers must take steps to promote the security of their networks and their customers’ information. This is not only a good business practice but is also a top priority at the federal level.
To ensure that potential Broadband Equity, Access, and Deployment (BEAD) fund recipients are taking measurable steps in this area, the National Telecommunications and Information Administration (NTIA) identified cybersecurity requirements for all BEAD fund recipients in the BEAD Notice of Funding Opportunity (“NOFO”). In particular, the NOFO requires BEAD applicants to attest to having either an operational cybersecurity and supply chain risk management plan or one that can be implemented before receiving any grant.
The plan must reflect the most recent version of the NIST Cybersecurity Framework and the NIST guidance for supply chain risk management. Companies that receive BEAD funding must submit their plan to the state before funds are allocated and must regularly reevaluate and update the plan.
In today’s Playbook 3.0 module, we summarize the NOFO’s cybersecurity and supply chain risk management baseline requirements and provide recommendations on how states and territories can work with prospective subgrantees to address these requirements. These include simple steps to provide potential subgrantees with educational materials related to the NIST Cybersecurity Framework as well as recommendations for how to develop a safe and secure process for collecting copies of subgrantee plans since they may likely contain confidential information. Finally, this module encourages states and territories to provide subgrantees flexibility in the organization of their plans as each company is different and faces its own unique challenges and needs.