For those looking to try to capture a piece of the NTIA’s Broadband Equity, Access, and Deployment (BEAD) Program federal grant money, there are a few important standards and requirements all telco’s must meet in order to apply. How do you meet these BEAD cybersecurity standards and what are they? Read more to find out.
Estimated read time: 3 minutes
What is the BEAD Program and how is it tied to cybersecurity?
The BEAD (Broadband Equity, Access, and Deployment) Program, funded by the Bipartisan Infrastructure Law, is a federal grant program that aims to get all Americans online by funding partnerships between states or territories, communities, and stakeholders to build infrastructure in unserved and underserved communities and to increase the adoption of high-speed internet.1
The ultimate goal of the Internet For All initiative, which includes this program and others, is to achieve digital equity through improved access and intentional, inclusive planning that leads to effective, impactful outcomes. The initiative believes that all Americans should have access to reliable and affordable high-speed internet.2
At the time of this article, the Notice of Funding Opportunity (NOFO) has been announced and eligible entities will soon be able to coordinate through their local governments to begin applying for the funds when they are made available to their local state. Until the funds are officially available, it is important to take the time to understand the requirements and ensure they are all met before applying. One of those significant requirements is providing proof that the organization meets the Cybersecurity and Supply Chain Risk Management (C-SCRM) requirements. While checking off “cybersecurity” on the list seems easy enough, it is a bit more encompassing that it might sound.
Why is cybersecurity one of the requirements?
Aside from the obvious protection for your infrastructure and network, why is cybersecurity included in the Notice of Funding Opportunity (NOFO) requirements? Historically, security requirements such as these have not been required in other grant programs related to the Internet for All initiative. However, that is not the case with the BEAD funding, and telco’s should be prepared to meet the BEAD cybersecurity requirements.
The Short-List of the Necessary Requirements Telcos Must Meet:
- Must follow a certified Cybersecurity Standard. (i.e. NIST, PCI, ISO, HIPPA, etc.)
- Must have policies in place that govern the security effort based on the standard chosen.
- Be able to provide documentation of compliance to each control requirement within the standard.
- Have security plans in place and be able to provide those upon request. (i.e. Cybersecurity Plan, Disaster Recovery Plan, Business Continuity Plan, Incident Response Plan and Supply Chain Risk Management Plan)
- Complete internal and third-party assessments in order to find gaps in adherence to the standard and gauge growth. Assessments include and are not limited to Annual Security Training, Phishing, External Penetration Testing, Internal Vulnerability Assessments, etc.
- Entity must have Cybersecurity and Supply Chain Risk Management (C-SCRM) plans in place and be able to attest that these plans meet baseline requirements.
(Note: This is not intended to be an all-inclusive list. Please see https://www.internetforall.gov/program/broadband-equity-access-and-deployment-bead-program for more information.)3
It’s not just about the BEAD cybersecurity checklist …
While making sure your telco meets each of the requirements for the NTIA’s BEAD funding is essential, implementing them isn’t just about marking the items off the list for this purpose. It’s about the security and protection that is important for your telco for the long term.
A comprehensive view of cybersecurity is what makes your organization a step above the rest. It is essential from our perspective to ensure you are protected today, tomorrow and for years to come. Therefore, it is all about baseline review, implementing changes and then continuous review and improvement as industry recommendations change and new risks threaten your industry.
At Hamilton, our ultimate goal is to help mitigate and eliminate the variety of risks your telco is exposed to every day. Our team analyzes both network and data operations as well as facilities and physical assets. We design a solution that strengthens your overall security set-up while meeting the C-SCRM requirements to apply for federal broadband grant funds. As a true comprehensive approach to cybersecurity, this service provides a pathway to mitigating human error and protecting what matters most, so you can focus on the core operations of your telco.
Hamilton Cybersecurity Program Advantages
Internal Vulnerability Assessments
Network Penetration Testing
Public Information Profiling
Physical Security Assessments
We know you have questions and we’ve got the answers. Hamilton holds our own telco to high standards implementing the NIST standard of guidelines, which is known to have one of the most rigorous protocol standards of program adherences available. Our in-house industry expert, Robert Leonard, has over 20 years experience in the industry focusing on security. His background in IT, cybersecurity, LAN admin, network management and backup/recovery implementation management experience coupled with his CompTIA Security+ certification makes him the go-to expert for implementing our Telco Cybersecurity Program.