|
|
|
A BILL TO BE ENTITLED
|
|
AN ACT
|
|
relating to establishing a system for the sharing of information |
|
regarding cyber attacks or other cybersecurity incidents occurring |
|
in schools in this state. |
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
SECTION 1. The heading to Section 11.175, Education Code, |
|
is amended to read as follows: |
|
Sec. 11.175. SCHOOL [DISTRICT] CYBERSECURITY. |
|
SECTION 2. Section 11.175, Education Code, is amended by |
|
amending Subsection (e) and adding Subsections (g), (h), and (i) to |
|
read as follows: |
|
(e) A school district or open-enrollment charter school |
|
[The district's cybersecurity coordinator] shall report to the |
|
agency or, if applicable, the entity that administers the system |
|
established under Subsection (g) any cyber attack or other |
|
cybersecurity incident against the school district's or |
|
open-enrollment charter school's [district] cyberinfrastructure |
|
that constitutes a breach of system security as soon as practicable |
|
after the discovery of the attack or incident. |
|
(g) The agency, in coordination with the Department of |
|
Information Resources, shall establish and maintain a system to |
|
coordinate the anonymous sharing of information concerning cyber |
|
attacks or other cybersecurity incidents between participating |
|
schools and the state. The system must: |
|
(1) include each report made under Subsection (e); |
|
(2) provide for reports made under Subsection (e) to |
|
be shared between participating schools in as close to real time as |
|
possible; and |
|
(3) preserve a reporting school's anonymity by |
|
preventing the disclosure through the system of the name of the |
|
school at which an attack or incident occurred. |
|
(h) In establishing the system under Subsection (g), the |
|
agency may contract with a qualified third party to administer the |
|
system. |
|
(i) The commissioner shall adopt rules as necessary to |
|
implement this section. |
|
SECTION 3. This Act takes effect September 1, 2021. |