August 14, 2023 AZBSN Digital Access task Force Recording
12:12AM Aug 16, 2023
LTC Leslie King
Okay, good morning. Good afternoon, everybody. I want to get started because we have a couple of great cybersecurity resource people today. And at least one of them has to leave pretty early. So I want to jump right into that pretty quickly. So a couple of quick people that we want to introduce some new people. Leslie will get to you in just a couple of minutes, because that's where they introduce you for your presentation. But let's see, who else do we have? That's new here today. Melissa? Want to introduce yourself?
Yes, good afternoon. I am Melissa Hall, and I am the brand new program coordinator for the NTIA grant with the University of Arizona under the with the center center of Digital Humanities under Dr. Brian Carter. So this was the first recommendation of meetings that I should absolutely join and folks that I should connect with. So I'm very happy to be here. And I'm looking to joining this taskforce. Nice.
Yeah, glad to have you Melissa, we look forward to partnering with you, as I was saying to you earlier. So I want to just go ahead and well, a couple of quick announcements. And then we need to jump into our guest today. So first of all, excuse me, just a reminder that our meeting schedule is going to change. As of next Thursday, we will be meeting at eight o'clock AM on Thursdays. And we'll give that a try and see how that works. So I will be sending out a calendar invite everybody, probably later this afternoon. I didn't want to do it before then because I didn't want to confuse people with today's meeting and next week's meetings. So you'll be getting a calendar invite, probably later today or first thing in the morning. So just remember that that we will have a new day in time. So yeah, that goes. Next thing quickly is that as you all know, we're working on a cybersecurity Task Force. JT Legrand, and John Haas have stepped up to take a lead in that I have been in touch with a number of organizations, including the State Library, state broadband office. There's speaking of broadband office, there's Karen, and Pima College, Department of Education, Homeland Security, and a couple of others that you're going to hear about today. And that's not all. And the intent is to just two quick things. The focus of that task force is not going to be on cybersecurity education and training people in workforce, we're going to be focused primarily on the kinds of folks that we've been talking about forever, who are new, who are just getting a computer, just getting an Internet just getting connected and need to deal with cybersecurity. So that's kind of primarily be the focus. It may be small businesses, it could be seniors could be a whole range of folks. But that's going to be the primary focus of this taskforce. So more details to come. But just wanted to provide that because it leads me to the discussion about about the meeting. Our presenters today or our guests I should say. So two people that I have been in touch with recently, thanks to introductions by some of our participants. First, Jerry Kelly, Are you online yet? Okay, not here yet. So, Leslie, can we go to you next? Sure. So I want to introduce Lieutenant Colonel Leslie King. And lastly, I want to make sure that I have that you are Senior Communications Officer, Arizona Army National Guard. Is that correct? I took it from your LinkedIn.
Yes, sir. In the National in the National Guard, we get to wear lots of hats. So that's one of them. Yes.
So I want to so Leslie has agreed to talk about what he's doing here in Arizona, and particularly the work that he's working in collaboration with the Arizona Department of Education. So with that, Leslie I'm going to turn it over to you. And I just want to say he knows I sent him a note about the proper protocol to introduce him. So calling him Leslie apparently is appropriate. So those of you who are gonna say that's not nice.
That's perfectly fine. Thank you. So thank you, Mr. Peters, appreciate the introduction.
Possibly, if I'm calling you, Leslie.
It's a habit. So anyway, I appreciate the opportunity to come on board here and talk a little bit about what the Arizona National Guard is doing for the state of Arizona. I do wear multiple hats within the Arizona National Guard, I am the senior senior communications officer to the joint task force. So that's the group that in state emergency or natural and manmade emergency, where you reach out to the state emergency operations center, for instance, like flyer fires or floods, where we have to activate National Guard soldiers to come assist. I manage communications for that we are actively involved in COVID. We've done operations with the border mission, that sort of thing. But I think the reason that I was invited here today was to talk about the other hat that I wear, and that is the Arizona National Guard has a cyber Joint Task Force. The National Guard Bureau a few years ago authorized all 54 states and territories to stand up a defensive cyber operations element. Most of the states have something on the part time or on the empty side of the house, very few of them have anything that is operating full time. Your Arizona is one of those few states, thanks to people like director Tim Romer, who was the former director of Department of Homeland Security, and the tag, general McGuire, we were able to stand up a full time team. We have two missions within the state of Arizona. One is incident response. The other one is vulnerability assessment. And in May, we were able to enter into an agreement with the Arizona Department of Education to conduct vulnerability assessments on all 678 public and charter school districts in the state of Arizona. This is an opt in basis, it's not a requirement by the Department of Homeland or the Department of Education. But any public or charter school that is covered under the Arizona Department of Education is covered under this MOU. And all that's required is just reach out to myself or my team. And we can go ahead and there's an opt in letter that a school district would need to sign. And then we do a statement of work to identify the technical left and right limits of what we're to look at within the school district. And then we'll go ahead and do that assessment looking for vulnerabilities. This MOU applies to all echelons of state government. So state, county city are all part of that. But the MOU currently that that I'm referring to is specific to all the school districts if it was anybody outside of that any other echelon of government, we would have to go through the legal part of signing a memorandum of agreement or memorandum of understanding to be able to do that. The second piece that we do is a incident response. That's for those days when you wake up in the morning, and you log into your computer and it says congratulations, you're the proud owner of ransomware, that's probably going to be a really bad day for a lot of people. And so our team of MDA soldiers are we can soldiers, a lot of them are sock managers, security operations center managers during the week. And they can come in, and we can assist with identifying point of entry and next steps, as well. So that is a slightly different procedure. But for the current issue with the Department of Education, that's simply reaching out to the school district reaching out to the Department of Education and saying, hey, I want to know more about the cyber Joint Task Force vulnerability assessment, and we'll be more than happy to assist you on that. Does anybody have any questions for me on either of those initiatives?
So Mala, I don't know if you're gonna ask this about whether it sounds like that libraries would also be covered?
That's a great question. I think so. Mostly the the guideline I go by, is anything that ends in.gov is probably covered under some aspect of what we do. So any library that was be attached to a school district would be covered. Any standalone library like a city library or something That would probably come under the city IT or CIO, I'd have to double check with my legal department of how they wanted to draft that.
Well, it's a pretty exciting, and you're working also with Ryan over at Homeland Security are you not?
Yes, sir. In fact, that's one of the things that Ryan and I are working together on is, my team will come in and identify vulnerabilities and the most common vulnerabilities or unpatched networks or unpatched operating systems or tools. And then Ryan through his Grants Program provides licenses to four or five cybersecurity tool defensive cybersecurity tools Tanium CrowdStrike Cloudflare callus, I think there's one more. But those tools pretty much give you a pretty clear or pretty robust cyber defensive cyber security posture if you were to install those tools. And depending on the agency, again, he's kind of under the same mandate that I m is that as long as it's ending in a.gov, or any of the school districts K 12 school districts, we the only thing we can't do is work with private industry. Because we're the National Guard, we're not here to take away from private industry. So. But yes, I do work very closely with Ryan. And that another point to that, sir, is, even though I work closely with Ryan, and we discuss a lot of things about the cybersecurity within the state of Arizona, I do not report to him. All of our findings are between myself and the customer. We do not report anything to the governor's office, the Arizona department of administration, or even Arizona Department of Education, they just helped us get this umbrella in place. But we do not report our findings to them. Any findings are kept between the customer and our team. And at the end of the scan, we go ahead and delete all of our artifacts and findings. And we send it all to the customer and then we delete all of our records. That way, anybody that tries to ask a question of hey, did you scan a library, I can honestly say, I don't know if I did or I didn't. Because I've deleted all of that documentation, you'd have to go talk to the library. The only thing we do keep his metadata general, anonymous metadata. So, for instance, I know that I've scanned so many cities, and that I've identified this many endpoints. And that log for J is a very common cybersecurity threat that we deal with at those. And so when I pass that information on to Ryan, I can tell him Hey, Ryan, I, I scan for cities, I had 1000 endpoints, and we had 700 incidents of log for Jay, you might want to do something about that. And then he doesn't know what cities we've scanned. But he then he can work through Jr. Sloan at the Arizona department of administration, and try to get that message out to the cities that hey, if you've got lock for J, you need to be removing it.
So Leslie, I talked to Ryan the other day, and actually, I'm waiting for some information from him. So How stable is your funding for this project? I know he's may or may not continue to have funding. What about you?
I'm sorry, you're coming in weak and broken? Don't want to answer that? No. So my budget comes from the Department of Emergency and military affairs. I have a line item in there through that budget. So my budget is as protected as the Arizona Department of Emergency Military Affairs Budget. If their budget were to be slashed, there is a remote possibility that mine could be part of that, or at least a percentage of it. One of the things that that we're seeing as the threat as the cyber security threat increases by threat actors, especially after the invasion by Russia in Ukraine, we've seen a lot of activity. And not all of it coming from Russia. There's there's lots of actors that they'd like to play in this space. But because of this increased threat, we're actually seeing more and more states following in our footsteps and trying to get through legislation to have the National Guard provide this kind of a service of a vulnerability assessment at no cost to state agencies in order to better secure the state's network. I don't anticipate short answers. I don't anticipate any. Any negative effects on my budget at this time, sir.
Okay. Thank you. Any other questions for Lieutenant Colonel? going once going twice? So lastly, if you I don't know if you saw the chat, and you will make sure you get the information. But Mala you want to introduce yourself real quickly, you are interested in connecting with him?
Yes, of course. Leslie, it was very interesting listening to what you were saying. And I certainly want to talk to you more about this. I work at the State Library, and work with all of the public libraries on a program called IRIB. Where they receive funding or reimbursement for what they spend on the internet, as well as their internal connections. And ERate. Wallet supports the internet costs, there are some ineligible items. And one of those is any cybersecurity, you know, prevention mechanism. They don't fund it. You know, so when when a library applies for E Rate reimbursement, the amount that they get back is based on their NSLP data that the school discount school lunch program. And the discount is based on the school, the number of children that are on school lunch, so for school has 90% of their children on school lunch program, they get back 90%. So their skin in the game is 10%. But also, there are certain items that are ineligible, one of those that they have to spend on is keeping themselves safe, you know, keeping libraries safe and keeping their school safe. And that does not get reimbursed at all. So they have to spend it out of pocket to pay for it in order that they keep safe and secure. So this is something that a lot of libraries and schools are really interested in trying to to push to get reimbursement but until they get a reimbursement for it, they need to find ways to keep themselves safe.
Absolutely. So I just put our team's email address in the chat. And please feel free to reach out to us that way. And I can send you the information. And I'll reach out to our legal. And I mean, obviously you end in.gov So I'm fairly, I'm 99% certain I can assist. But one of the things that there's no cost or reimbursement for what we do on the vulnerability side of the house. If there is an incident, then there is a reimbursement cost involved. But on the vulnerability assessment, we can easily come in and at no cost to you go ahead and scan your network and then come what what we normally do is the process. Try to be succinct the process is we get a signed MOU memorandum of understanding from the customer, once that is countersigned by the National Guard by the tag. Gentleman back, then we go to the next step, which is a statement of work. Statement of Work. The MOU gives us our legal left and right limits. The Statement of Work gives us our technical left and right limits. And so then you identify to us. What networks do you want us to scan? What are the IP? What are the IP ranges you want us to look at. And then if there's any restrictions on you know, don't look at it during this time of day only look at it during this time of day. We can accommodate that will happen once we receive that statement of work. We'll have an in brief with the customer where we'll sit down and we'll discuss the credentialing requirements for my team as well as any questions or concerns that we might have about the statement of work. And we'll also go over the policies and procedures that our team follows will discuss the timeline and finalize the timeline. Once we confirm the timeline, and we validate the credentials, then my team will start scanning. Let's say we start on a Monday. So we'll start scanning on Monday. We usually take one week to do the scans and in the scans we do use NMAP which is a tool that identifies all of the endpoints on your network. And then after that, we run a scan called necess which identifies eyes all of the vulnerabilities inside that network. And then we take those vulnerabilities and to what we call a sandbox environment in a secure environment. So it's not on your operating network, or in your operating environment, we'll take it to a secure network. And we will run an off the shelf attack against that vulnerability. And the results of that attack the response of that, that attack, it becomes the artifacts for our findings. The second week, we go ahead and draft the the technical report. And then we usually scheduled the outbreak for either that Friday, or or maybe sometime in the following week. So the whole scan start to finish, depending on the number of endpoints usually takes about two weeks. Obviously, we're dealing, we had a customer recently that had 13,000 endpoints, and broken into 12, different networks, subdomains. So that took us a couple of weeks to work our way through that one. We also can scan web applications, those are a little more time consuming. Usually we do two to three for per customer doesn't take any time at all, we do have some customers that have requested us to scan 30 or 40 web applications, that's does take a little bit longer. But by and large, we try to be done in about two weeks, we will have an outreach, the outreach is referred to as your executive stakeholder outreach. And in that outreach, we will discuss our finding, at a very high level, not getting down into the weeds, but at a very high level, and then make our recommendations. And then we will send you a copy of that technical report so that you will have the full technical report of all of our findings, all of our recommendations in hand that you can take to your leadership, or whatever the next step would be. The nice thing about the executive level out brief is that this is an opportunity for myself, my team to add the cake for your team. So if there are tools, if we come through and we identify that, you know, you've got a huge patch management problem, our recommendation is that you get with Ryan Murray, and you install Tanium, which is a patch management software. And that's something that we can then advocate to your leadership, maybe you've got an old Windows Server, that or an old server that's running, you know, server 2003. And you've had a challenge with executive leadership saying, I bought you a server 20 years ago, what are you complaining about? Well, in cybersecurity, we know that a server that's more than about five years old is not going to maintain any of its, you know, it's not not going to be compatible with what today's services are. And you're gonna have a lot of vulnerabilities, so then I can advocate on your behalf that, you know, we know you have a server, we know it's kind of an old server, and that it does not is not compatible to them, current operating systems, and this creates a huge vulnerability inside your environment. So I can help advocate in that respect. And then we turn that that documentation over to you and are able to, to answer questions afterwards, the only thing we can't do is help you with any kind of remediation or actually fixing, you know, we can't be on your keyboard. Given the nature of the way we're designed and our charter, we can't actually fix the problems. I know that sounds kind of weird. But we can identify and give you recommendations on on a way forward. Does that help?
That's absolutely terrible what you can and can't do. You know, although we would love to have enough funding to be able to fix the problem for the future and not let our vulnerabilities be vulnerabilities. We want them to be fixed.
Well, one of the one of the great things there, Ryan Murray's done with Department of Homeland is going after these licenses for state agencies. Usually these like these licenses can get kind of pricey. And that's usually an inhibitor to an agency for developing a more mature defensive cyber posture is the cost of the licenses, especially if you've got 1000 endpoints. You you want to install CrowdStrike on every one of those endpoints. You're even at $100 a license, you're talking really expensive. So with Ryan Marie's team, they've gone out and they've negotiated with CrowdStrike and titanium to get the licenses at a reduced cost for the state because they're dealing in bulk. And then you just contact the state and say, Hey, I need 500 CrowdStrike licenses, and then they will send you those licenses you can install them into your network. And that will help you with that installation. And the Arizona state security operations center under Adam Pena will also assist in monitoring because you can't just install it and leave it alone. So they will assist in monitoring ring as any activities in the logs going on with CrowdStrike. So that if it's something does start to manifest itself, they can let you know. And that reduces your expense not only in the license, but also in the personnel to maintain visibility on those logs. And then you can take the idea the intent doesn't always work this way, of course, we are dealing with government agencies. But the intent is that the money that you save on the licenses, you can then turn around and apply that money to purchase the hardware that maybe you couldn't afford before. So that 2003 server you if you don't have to buy $10,000 in or $50,000 and CrowdStrike licenses, maybe you can take that $50,000 and turn around and apply it to purchasing an updated server of some type. Does that make sense?
So it's a technique. It's not a perfect technique, but it's, it's what we've got to work with right now.
Right? Yeah, I'll be in touch with Ryan Murray as well. So I can find out what licenses we can get.
That's very exciting the relationship and the partnership that you and Ryan have with the Arizona Department of Education, and really beginning to try to help them to get locked down.
Yeah, I don't know if anybody saw it in the news, it was on the Slack channel, the ice axe Slack channel last week or the week before, the Colorado Department of Higher Education, identified a ransomware attack in June of this year. And during the course of their investigation, they discovered that they'd had a data breach in their network. This data breach, as far as they can tell, goes back 16 years. So imagine all of the data that somebody has been peeling away for the last 16 years through the Department of Education. And I had the privilege earlier last week to go to one of the school districts here in the state. And present to them what it is that we do, sometimes I'm asked to present to the school boards, what we do. And one of the things I reiterate and I was interviewed by channel three as well, I said the same thing. How many people that have an eight 910 year old child have run a credit check on their child to make sure that none of their PII has been stolen. So that's not high on your list of things to do in any given day. But imagine if there was a data breach that involved your child's records, think about what is in a child's records. If I'm a threat actor, I've got everything I need to open an account, buy a house, buy a car, put myself through college, just with the information that I glean out of a student's records. So now I can take that information and you, your student, probably are not going to realize they've been compromised, until they turn 18 and apply for Pfizer or one of the college loans or a car or something like that, then they find out that their identity was stolen, you know, 1012 years ago. So we're really excited about this opportunity to get into the school districts and at least show them, hey, this is where you can do better. And then working with Ryan to to end the Department of Education, to give them the tools. We've already identified a huge vulnerability throughout the state that we're working right now with Ryan to try and come up with a solution for these schools. So yeah, that's really exciting and a lot of fun, very glad to be part of it.
It is very exciting, what you're doing, and Ryan are doing and so forth. So Karen, you still have a few minutes, are you going to have to drop off?
I have a few minutes and I am going to have to drop pretty soon.
Okay, well, we'll get to in just a second. Okay, any other questions for Leslie? So Leslie has agreed to participate on our team and getting our cybersecurity initiative going. And so we greatly appreciate that Ryan will be participating. And lastly, do you participate with FEMA college and their cyber warfare range?
Not at this time. That's one of the things that we're kind of on the hunt for is a Cyber Range. Our team participates in annual our MDA team participates in an annual cyber exercise called Cyber Don out in Sacramento. And we've participated the last two years that I know of
last two years, we've taken top honors at the cyber Dawn identified last year, we identified 93% of the attacks. And we also helped other states stand up their cyber team because they, a lot of them don't know how to do it. And so we've been very beneficial in assisting at that level as well. Great.
Well, definitely. Actually, I just spoke with their, with the dean over at Pima College, I sit on there, it Advisory Committee, and they do have a cyber warfare range down here in Tucson, at Pima Community College. And I'm sure I'd be glad to make an intro. And I'm sure they would love to have a conversation with you. And kind of be participating also on the team that we're putting together. So. So again, I think we've got some great people who are going to be engaged with us. So Leslie, thank you for joining us today. You're wanting to call if you've got time. But we do need to jump to Karen so we don't lose her before. She has to.
Thank you appreciate it.
Yeah. Oh, thank you. And let's say I'd love to have a chat with you as well. I'm a consultant with the Arizona commerce authority, that is the eligible entity for the billion dollar VT funding that's coming to the state. So we are developing our five year plan, and then eventually the initial proposal. And you know, there's certainly going to be a cybersecurity piece to both the infrastructure part of the plan as well as the digital equity, you know, part. So, I'd love to pick your brain. And it's
a very small brain don't don't.
I promise I'll leave some behind. I will. Thank you. Okay. So yeah, Steve, are you just looking for just a weekly update? Okay. So as far as the beat program goes, as I mentioned, we are in the final review of the five year plan, which is the first step of the planning process for the bead allocation. That is due next week. So like I said, we're just going through all the reviews and edits, then we're going to shift focus to what we call the initial plan. And the initial plan has two volumes. One is the challenge process, which we call volume one, and the other is volume two, which is the balance of that initial plan. So we're really going to start to do some education and outreach to nonprofits and local governments on what that challenge process is going to look like and how we can solicit feedback from everyone, you know, to make this successful. I think as I reported before, the challenge process itself won't occur until, you know, the first part of 2024. But there's just a lot of activity that needs to happen, you know, to get there. The digital equity plan. Lillian is not on the call today. But that's her program area she's has taken over for Cindy Hogan. That plan is the draft is due sometime the end of September, that will be open for public comment. And we expect that to open up probably mid October. So everyone is encouraged to read that digital equity plan and provide the public comments, you know, to that plan. We'll finalize, you know the draft and submit that to NTIA for approval. By the end of December. After that plan was approved, there will be the digital equity capacity grant that will be made available sometime in the spring of next year, which will be allocated out through a grant program from a CA. So that's B digital equity. The capital projects Fund, which we refer to as our A B D G grants, the Arizona broadband Development Grant was about $100 million that was given to ACA through the governor's ARPA funds for broadband projects, almost all of the contracts are executed now. So you should start seeing some activity in your communities very soon. There's still you know, some engineering and permitting that will take place before they actually, you know, break ground but those projects are moving forward now. So that is very good news. Let's see. I think that's about all I have to report. I know there is the state middle mile project that ACA is partnering with Aidan that is still under review that RFP So there's no decisions on that at this point.
Oh, yes, I think so. And I'm happy to answer any questions.
Any questions for Karen? Questions, comments? Thoughts? going once going twice. So Karen, I don't know if you saw my text. And this is not trying to pressure you. reminder that when you get when you get a chance, if you can send me a list of all the people in broadband office now, their contact information, titles and all that stuff, so I can share it, because you got all kinds of new people and new things going on, and all that sort of stuff. And so it'd be helpful for people to know who's who and who's doing what, to who?
Well, I was hoping that I was going to be able to send you a link to the ACA website. So because I'm working with the broadband team, so we can update the website, the broadband portion of the website, and then we can put those names and email contact, you know, info. Yeah. So there's going to be a refresh of the website, because there's so much information that is going to be made available for public comments and reviews. So it's one of those projects that's underway right now.
Okay. Thank you. Okay. Thanks for being here today, Karen. Always good to see you, too. Thanks, Steve. Yeah. Any other questions or comments for Karen, before we move on?
Hey, Karen. Yes, it's Elena. I just Hi. I just put this slide in Slack. Is this, or I mean, in the chat? Is this what you're referring to the volume? One and two? Yeah. Yes. Okay.
Yeah, this, that is the initial proposal that is due by the end of September, excuse me, December. But it's broken down into two parts volume. One is that actual challenge process that ACA has to get that approved by NTIA and then they submit the Volume Two, after Volume One is approved, we can actually conduct the challenge process. We don't have to have volume to approve before we conduct the challenge process. But volume one does have to be approved.
And Volume One includes like determining the community anchor institutions. And because I just read an article in fierce, I don't know, that came up. Did you? I don't know if you saw it. I, I did. And so you'll find out.
We have to make a list of all the community anchor institutions, including tribal lands. And so I failed to mention this all this also includes all of our tribal lands. So we're going to work very closely with the ACA tribal liaison to for that outreach. But we do have to identify all those community anchor institutions and the decision on the priorities and the funding won't happen until volume two.
Thanks. Okay. Anything else for Karen? If not, we're ready to move on. Alexis, have we ever introduced you?
I think so no, I kind of stumbled upon this group and have not been able to make your meetings until now. So I'm happy to just blink quickly. So
yeah. So I'm a Public Affairs consultant. And I represent a couple of public and private entities really interested in this work. I was super excited to hear about Lesley because I do represent Arizona Western College over in Yuma, who actually is embarking on some of this similar work of Pima Community College and I know you obey has a fantastic cyber warfare range. So they're kind of just getting their toes wet and developing knots. And building that out as a result of new improved Yuma Proving Ground over there. So I think that that was really timely because they're just now having kind of discussions about what that will look like. And they did receive a substantial state appropriation, this last legislative session portion of that being for this purpose. So they're really timely there are other clients in this space is border net cybersecurity solutions. They've been partnering a lot to Leslie's point the school districts and recently developing partnerships with Arizona Western College as well as had a great conversation with central Arizona College in Arizona State University as well. More in the workforce development space. So those are my two kind of main clients. I'm just sort of listening and learning and seeing how we can plug in. So yeah, I'm sorry, I'm not on camera. I'm not camera ready today, but next time I will be. That makes me appreciate
bad hair day are you?
But this is really fantastic. Thank you for having me.
Well, I definitely have folks that Arizona Western College and others that you're working with if they're interested in participating with us, and we should talk some more about what they're doing and how they fit in with the all the other stuff that we're doing with cybersecurity. So
I beat you to it. I'm already halfway through an email saying you guys got to start participating in this, this is great. And I've only been here I was nine minutes late. So I definitely see the value. And we'll try to bring them into the mix.
Okay, and you're more than welcome to provide me their contact information. And I will add them to our to our list.
Perfect. Thank you. Nice to meet you.
As Molly gone. Oh, there she is. So, Mala, do you have any updates today?
No, except I don't know if anyone had a look at Senator Lohan's web page or his Universal Service Fund working group. If not, please take a look at it because 25th August is the deadline for responding. And they are inviting comments on how Congress and the commission should evaluate the effectiveness of the existing USF program. And to see whether there are any other entities that they should include, and just for your information, the next quarter, and the USF contributions from each of the vendors that to the USF fund is has gone up to 34.1%. So this is a lot for them to contribute to, to that base. And a study was done by Shelby, where they propose that the base be increased to all broadband service providers as well as service providers, for the cell phone service providers, etc. And if they didn't do all of that, the study shows that it will reduce to 4% contribution. And this is really vital because otherwise, our EDID program will not be sustainable. If they have to each of the service providers has to contribute something like 30% of their income towards this of their revenue to this pot of money that is being used to distribute the schools and libraries later that they are not going to be able to survive, and to do it. So let's let's try and put, you know, put our thoughts together behind this and see if we can respond there. The other questions they have asked is, you know, has the commission and adequately evaluated the effectiveness of each of the programs. You know, many of us won't know that answer, you know, except those of us who are working with those specific programs, like the high cost program, the low income program, the right program, the rural health care support, how has the commission been supportive of these programs? What reforms are necessary to address inefficiencies waste, fraud and abuse? should Congress eliminate the eligible telecommunications carriers right now? It's only those carriers that can provide services, should they eliminate the eligible telecommunication carriers, rules, things like that, you know, some things that are more specific than others? What What kind of funding model do we propose some things like that, so please, please look at that, and see if you can work towards giving some kind of your organization can work towards giving some some comments on it. It's a working group. And your comments will be taken, you know, not just as individual comments, but roll together to create some kind of rule or formula that will be presented to FCC and make hopefully some rules and guidelines coming out of that.
So should we try to draft something for this taskforce to submit?
Um, I would love to The task force to look at, I'll put the link to the shall be guidelines. And if if there are comments, we'd like that we support that, because that is very much in the in depth and detail, a lot of work and thought has gone into that. So if we just support that, we don't have to do the work again. You know, we can just look at it and see if we agree or if we want to enhance anything with examples.
Mala does SHLB have, by the way, can you tell people what SHLB is real quickly?
Yes, the Shelby is schools, health libraries, broadband. It's a coalition of all these groups. And you know, anyone with interest in those groups can pay a membership, it is a membership driven organization. So pay a membership and belong to shall be and participate in all of their set their weekly calls, we have calls every week on different aspects of it. And there's a there's a legislative group that looks at what legislatures doing the policy group, the raid group, the the pole attachment group, for heaven's sakes, there are different groups on on different topics, and they they meet at least once a week. And there are webinars, there's going to be a national conference, and connects on October 10th, to 12 in Washington, DC. So that's what Shelby does. That's an advocacy interest group.
So Mala, I don't know if I missed it. Did you comment on the FCC, cybersecurity proposal?
FCC has done? I mean, I did some time ago, but it didn't. No, no, I didn't. FCC chairman has proposed again, it's only a proposal yet hasn't been approved a pilot project to for schools, libraries for any any anchor institution to put up a proposal for a grant. I think it's $50 million grant. I'm not sure the exact amount now I forget. But they should put up a proposal for the grant. And it's going to be a pilot project. And they are creating the rules and regulations for the grant. And if approved, this grant will run for a year, and then they will evaluate it another year and then come up with suggestions and proposals the following year. So it's going to be a three year project. We need something sooner. While this is a good start. I'm afraid it's a little too little too late. We need to do something sooner. But it is a good good way to test out any any innovative ideas that we may have. Or get funding for any pilot projects that we may be interested in proposing in that state.
So Mala, I talked to Ryan, about. And he's supposed to send me some some information for the tech Council Report, which Mark, you'll get a chance to comment in just a minute. But one of the things that I asked him was, is that funding? Is that is that funding going to continue? Or we need to at least recommend that the funding continues for the work that he's doing with the school districts and in the libraries. If there's if you have any additional thoughts, I know you did a little work on cybersecurity. But do you have any additional thoughts specifically about the recommendations we need to make either to Ryan or generally about cybersecurity for libraries? That would be a good thing for us to do.
I will certainly talk to him
because we need to do that, like yesterday. Our finance market was last Thursday.
Last year. So the the program that pilot program is about is 200 million over three years.
So I think so I think my I guess my point is that what you're commented on that while we're waiting for the feds to decide what they are not going to do that we do have some good things already in the works here. And what we want to do When that's part of the reason for us to have our taskforce is that we want to talk about what are the things that we can do now? What funding do we need now, to be able to address the cybersecurity needs, at least for the libraries and schools? And of course, then the extension of that is all the other folks were connected to broadband and digital inclusion resources.
Okay, anything quite any questions or comments from Mala? If not, Mark, I know you've got something you want to say. Marquis there,
yeah. unmuting. So here last Monday, we workshopped the tech Council's annual policy work related to broadband and have gotten feedback from a number of people Steve is collecting some which he alluded to that I'll have. By tomorrow, I need to be wrapping up mid to late week and have final review drafts out to the few critical people and most of middle to Steve disaster before the end of the week, so it's kind of a talk year I tick tock is it's it's less significant than the start of the pandemic. For example, it's incremental, but there's a lot going on. Between Sandip and I, we had over a dozen new or evolving areas that needed note and Steve, and Henry and Mylyn are responding with more so Mala. Not sure if your response yours and Holly and Aaron's comes through Steve or comes directly to me. But I would say tomorrow is really the deadline on getting me stuff.
Mark, sorry to interrupt. We actually just had like a two hour meeting with Holly and Megan and myself and Mala went over. So you should be receiving something from Holly directly soon.
Excellent. Excellent. And exchange weather this morning. Excellent. Appreciate that.
Mark, you should be getting something from Drew and I tomorrow.
From sorry, from Oh, Ilana. Okay, great. Love it. Thank you.
Okay, any other questions or content? Other comments? So JT, I know you're a little late. I'm sorry, I didn't get a chance. I was going to introduce you. And he's already dropped off. But I wanted to introduce you to the lieutenant colonel who did our presentation today. So because he's going to be joining our team. And that's very exciting. Okay, anything else? Any other comments, thoughts? Anything, people want to share any announcements? going once going twice? Eric, I don't know if you want to say anything about what's happening with you guys.
We don't have much just went over to Bisbee this past Friday to get some enrollments for ACP for the county and then yeah, I mean, that was a mostly what we did last week.
Okay. All right. Well, I think we're, I think we're done for today. I'm going to stop recording. I don't know if people want to stay on and chat anymore. We're kind of