| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to establishing a system for the sharing of information |
|
|
regarding cyber attacks or other cybersecurity incidents occurring |
|
|
in schools in this state. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Section 11.175, Education Code, is amended by |
|
|
amending Subsection (e) and adding Subsections (g), (h), and (i) to |
|
|
read as follows: |
|
|
(e) The district's cybersecurity coordinator shall report |
|
|
to the agency or, if applicable, the entity that administers the |
|
|
system established under Subsection (g) any cyber attack or other |
|
|
cybersecurity incident against the district cyberinfrastructure |
|
|
that constitutes a breach of system security as soon as practicable |
|
|
after the discovery of the attack or incident. |
|
|
(g) The agency, in coordination with the Department of |
|
|
Information Resources, shall establish and maintain a system to |
|
|
coordinate the anonymous sharing of information concerning cyber |
|
|
attacks or other cybersecurity incidents between public and private |
|
|
schools and the state. The system must: |
|
|
(1) include each report made under Subsection (e); |
|
|
(2) provide for reports made under Subsection (e) to |
|
|
be shared between schools in as close to real time as possible; and |
|
|
(3) preserve a reporting school's anonymity by |
|
|
preventing the disclosure through the system of the name of the |
|
|
school at which an attack or incident occurred. |
|
|
(h) In establishing the system under Subsection (g), the |
|
|
agency may: |
|
|
(1) contract with a qualified third party to |
|
|
administer the system; and |
|
|
(2) allow open-enrollment charter schools and private |
|
|
schools in this state to report and receive information through the |
|
|
system. |
|
|
(i) The commissioner shall adopt rules as necessary to |
|
|
implement this section. |
|
|
SECTION 2. This Act takes effect September 1, 2021. |