The lede. BEAD — the federal government's $42.45 billion Broadband Equity, Access, and Deployment program — is the largest rural infrastructure build in a generation, and Washington buried a security mandate inside the plumbing. Under the NTIA's NOFO, every subgrantee (rural ISP, electric co-op, tribal utility) must submit a Cybersecurity and Supply Chain Risk Management (C-SCRM) plan aligned to NIST frameworks before a dollar of federal money is released, and network software including cybersecurity solutions is an explicit eligible cost. That single clause turns a telecom construction subsidy into a security procurement mandate: thousands of small, under-resourced rural carriers and co-ops that have never run a SOC now must buy — and prove they operate — enterprise-grade network security as a condition of federal funding. States are actively grinding through BEAD Final Proposals and subgrantee awards in 2026, meaning this procurement wave is live now, not theoretical.

Who cashes in.