BILL ANALYSIS

 

 

 

C.S.S.B. 1696

By: Paxton

Public Education

Committee Report (Substituted)

 

 

 

BACKGROUND AND PURPOSE

 

Concerns have been raised around the cybersecurity of public school districts and open‑enrollment charter schools after schools began shifting to online courses and remote learning during the COVID-19 pandemic. Although many districts have cybersecurity personnel, it has been noted that all districts may not implement the same approach to cybersecurity or have the resources necessary to maintain adequate cybersecurity as attacks continue to become more sophisticated. C.S.S.B. 1696 seeks to address these concerns by establishing a system for the sharing of information regarding cyber attacks or other cybersecurity incidents occurring in schools.

 

CRIMINAL JUSTICE IMPACT

 

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

 

RULEMAKING AUTHORITY

 

It is the committee's opinion that rulemaking authority is expressly granted to the commissioner of education in SECTION 2 of this bill.

 

ANALYSIS

 

C.S.S.B. 1696 amends the Education Code to transfer the duty to report to the applicable entity any cyber attack or other cybersecurity incident against the cyberinfrastructure of a public school district from the district's cybersecurity coordinator to the district and extends the reporting requirement to an open-enrollment charter school. The bill requires the Texas Education Agency (TEA), in coordination with the Department of Information Resources, to establish and maintain a system to coordinate the anonymous sharing of information concerning cyber attacks or other cybersecurity incidents between participating schools and the state. The system must accomplish the following:

·         include each district or charter school report of a cybersecurity incident;

·         provide for the reports to be shared between participating schools in as close to real time as possible; and

·         preserve a reporting school's anonymity by preventing the disclosure through the system of the name of the school.

The bill authorizes TEA, in establishing the system, to contract with a qualified third party to administer the system and requires the commissioner of education to adopt rules as necessary to implement the bill's provisions.

 

EFFECTIVE DATE

 

September 1, 2021.

 

COMPARISON OF SENATE ENGROSSED AND SUBSTITUTE

 

While C.S.S.B. 1696 may differ from the engrossed in minor or nonsubstantive ways, the following summarizes the substantial differences between the engrossed and committee substitute versions of the bill.

 

The substitute does not include the following provisions that appear in the engrossed:

·         provisions extending requirements to adopt a cybersecurity policy and designate a cybersecurity coordinator to open-enrollment charter schools; and

·         a reference to the inclusion of private schools in the proposed information sharing and corresponding authorization for TEA to allow private schools to report and receive information through the reporting system prescribed by the bill.

 

The substitute transfers the duty to report a cyber attack or other cybersecurity incident from a district cybersecurity coordinator to a district or charter school, whereas the engrossed did not.