BEAD – Are we there yet?

The?Broadband Equity Access and Deployment program?(BEAD) provides regional ISPs (RSPs) a once-in-a-generation opportunity to finally offer quality broadband service to the many unserved and underserved communities that are so physically or financially challenging to reach. While the application and approval process to receive funding has been arduous and has consumed more time than hoped, cleanly identifying locations in need has been necessary. RSPs will soon find their patience rewarded – now in mid-2024, states are finalizing their applications to the?National Telecommunications and Information Administration?(NTIA). In 2025, RSPs can expect to know which locations they have been awarded and how much funding they can receive, with timelines varying by state. The actual buildout should start in 2025.

BEAD also provides an excellent opportunity to upgrade critical elements in the core network, which is many years overdue. As RSPs extend and improve “last mile” access, critical core network infrastructure will also need to be augmented to support the added subscribers and traffic. BEAD funding can be used toward this needed network equipment, including cybersecurity. The BEAD?Notice of Funding Opportunity?(NOFO) requires sub-grantees to submit cybersecurity and supply-chain risk management plans and to comply with the?NIST cybersecurity framework.

This blog will summarize the BEAD program and progress, the most common core network security challenges facing growing RSPs, what steps RSPs can take now, and how A10 Networks’ security solutions can help.

What is BEAD?

The Broadband Equity, Access, and Deployment (BEAD) program is a $42.45 billion grant and part of the $1.2 trillion?Infrastructure Investment and Jobs Act?signed into law on November 15, 2021. BEAD focuses on extending broadband access to unserved and underserved locations so that high-speed internet access is available to all communities throughout the U.S., territories, and tribal nations. The program is administered by the National Telecommunications and Information Administration (NTIA). It includes a rigorous, multi-step application and?approval process?for “eligible entities” (states, tribal nations, territories) to follow before federal funding is released. These eligible entities are responsible for managing the process and the actual deployments in their respective geographic areas, with NTIA oversight and approval.

BEAD Application Process and Timeline

On June 30, 2023, NTIA announced the allocations of BEAD funding to the eligible entities. NTIA also provided an initial map that estimated unserved and underserved locations. Still, it is up to each state to confirm or “challenge” those locations and develop a refined list that meets the criteria for BEAD funding. The development and execution of each state’s challenge process, followed by NTIA approval of the challenge results, have taken considerable time. There are multiple stages in this process:

• Initial Proposal Submission and NTIA Approval:?As of December 27, 2023, all eligible entities have submitted initial proposals and are in various states of gaining approval of their submissions from the NTIA. (The NTIA dashboard is?here.)
• Challenge Process:?States must refine the list of unserved/underserved locations and community anchor institutions that qualify for BEAD funding and then submit the results to NTIA for approval.
• Sub-grantee Selection:?When the initial proposal is approved, and the challenge process is complete and approved by NTIA, each eligible entity can begin its selection process, start accepting applications from ISPs, and then identify which providers will carry out project plans to reach BEAD goals within their territories.
• Final Proposal:?Eligible entities must submit final proposals to NTIA for approval within one year from initial proposal approval. This includes the final challenge results of eligible locations and sub-grantees selected.

What’s the Current Status of the BEAD Application and Funding Process?

Today, all 56 eligible entities (states, territories, tribal nations, and others) have submitted initial proposals to NTIA and are in various stages of the challenge and final proposal process. None of the states have yet progressed to selecting sub-grantees (RSPs), but this should happen in late 2024/early 2025.

What can RSPs do Now?

Each state has a different timeline and a portal and web page. Although the selection process has not started, there are many steps ISPs can take now to prepare for the scoring rounds that determine sub-grantee selection and to plan the network architecture changes that will be needed. The status of each state’s plan, initial proposal, and challenge process can be found on the?NTIA portal. NTIA lists?state broadband leaders?for BEAD and other programs, and Fierce Telecom publishes a?list of broadband resources?in each state.

• Engage in the state’s challenge process:?If you have not already done so, find out your state’s challenge process status through the?NTIA portal. Many states have already closed their challenge windows, but some remain open. Submitting a challenge will enable you to identify locations that should be BEAD-eligible and challenge those locations you believe are already adequately served by broadband.
• Get familiar with the state’s BEAD process and timeline:?Each state will make the final list/map of approved BEAD-eligible locations and project areas available to applicants. These are the locations that you will be competing for during the scoring process, so it may take some time to review and determine your strategy.
• Prepare and submit pre-qualification documentation:?An applicant will need to submit detailed information about their administrative, financial, organizational, and technical capabilities along with information about their workforce development plans. Many states have already opened pre-application portals for potential applicants. The state broadband offices will review the submissions to determine which prospective applicants are qualified to move to the next phase of the process.

• Part of the prequalification submission is a cybersecurity and supply-chain risk management plan. Applicants must certify that they have a plan that complies with the?NIST cybersecurity framework. TIA has also published a?cybersecurity and supply chain risk checklist?that it has made available to state broadband offices managing BEAD programs. A10 provides several cybersecurity solutions that can help comply with these requirements.
• Prepare a preliminary core network architecture plan:?Now is the time to develop an action plan – before the frenzied bidding and final award process begins. BEAD funding is an opportunity to increase capacity, optimize the core network, and improve performance and security. Once awarded, RSPs will be under timeline pressures to deploy and provide service as quickly as possible.

Common Core Network Challenges

Adding significant subscribers and traffic can push the limits of core network capacity and functionality. A10 has worked with several regional ISPs as they upgrade and augment their networks.

Here are some items to consider now regarding improvements to core network capabilities:

• Do you have an adequate supply of IPv4 addresses??Additional IPv4 addresses are in short supply, and prices are high and fluctuating wildly. A carrier-grade NAT solution, such as?A10 Thunder? CGN, can extend IPv4 capacity and stabilize OPEX for future subscriber growth.
• Do you have a carrier-grade IPv6 transition technology in place??For smaller RPSs, enterprise-grade appliances and approaches may no longer be adequate, operationally inefficient, or scalable.
• Do you have sufficient DDoS detection and mitigation??DDoS attacks against DNS and other network infrastructure, downstream business customers, and network IPv4 address pools can disrupt service and impair the high-speed performance you’ve been asked to build. DDoS is now highly sophisticated and often used to mask other cyberattacks, such as ransomware. Your cybersecurity plan should include carrier-grade DDoS protection.?A10 Defend?with A10?DNS security solutions?provides a suite of proven DDoS protection solutions for regional ISPs.

Why BEAD – Why Now?

The near-term release of $42 billion towards bridging the digital divide has escalated media attention and public awareness. The radio, Marketplace, has recently highlighted the BEAD program and the general impact of broadband on?rural communities?through a program?series?broadcast on National Public Radio (NPR).

BEAD is attempting to fill the gap left by many other federal and state broadband programs introduced over the last ten years, such as Connect America Fund (CAF), Rural Digital Opportunity Fund (RDOF), USDA ReConnect, American Rescue Plan (ARP) and others. BEAD was enacted because other, less comprehensive programs did not completely close the gap.

Because BEAD is trying to identify the millions of locations that do not have adequate broadband?AND?that will not be funded by other programs, the database/mapping integrity challenges have been enormous. In addition, states have obligations to constituents and local service providers to ensure fairness of the award process, maintain compliance with state procurement rules, prevent unneeded buildout or over-building, and enable affordability for residents. The NTIA is charged with seeing that the funding is awarded in the manner intended by Congress in the Infrastructure Investment and Jobs Act. This complexity has resulted in a lengthy, long-term process.

Despite frustration over the complexity and lengthy timelines (so far, three years), BEAD funding is critical for regional service providers to build out and provide broadband to those unserved or underserved areas that have long been so financially and physically challenging.

BEAD is a once-in-a-generation opportunity to help their communities leap into broadband.

Consider A10 Networks

A10 Networks provides critical core network solutions that help RSPs secure and scale their networks more efficiently as they grow. We have worked with several regional ISPs to provide carrier-grade networking/CGNAT, DDoS protection, DNS security, and other vital elements.?More details can be found here. This article appears on the A10 blog.