| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to cybersecurity for voting systems. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Section 276.011, Election Code, as added by |
|
|
Chapter 683 (H.B. 8), Acts of the 85th Legislature, Regular |
|
|
Session, 2017, as effective September 1, 2017, is amended by |
|
|
amending Subsections (a) and (b) and adding Subsection (b-1) to |
|
|
read as follows: |
|
|
(a) Not later than September [December] 1, 2018, the |
|
|
secretary of state shall: |
|
|
(1) conduct a study regarding cyber attacks on |
|
|
election infrastructure; |
|
|
(2) prepare a public summary report on the study's |
|
|
findings that does not contain any information the release of which |
|
|
may compromise any election; |
|
|
(3) prepare a confidential report on specific findings |
|
|
and vulnerabilities that is exempt from disclosure under Chapter |
|
|
552, Government Code; and |
|
|
(4) submit to the [standing committees of the] |
|
|
legislature [with jurisdiction over election procedures] a copy of |
|
|
the report required under Subdivision (2) and a general compilation |
|
|
of the report required under Subdivision (3) that does not contain |
|
|
any information the release of which may compromise any election. |
|
|
(b) The study must include: |
|
|
(1) an investigation of vulnerabilities and risks for |
|
|
a cyber attack against all voting systems, including a county's |
|
|
voting system machines, [or] the list of registered voters, or the |
|
|
administration of voting by mail; |
|
|
(2) information on any attempted cyber attack on all |
|
|
voting systems, including a county's voting system machines, [or] |
|
|
the list of registered voters, or the administration of voting by |
|
|
mail; and |
|
|
(3) recommendations for protecting all voting |
|
|
systems, including a county's voting system machines, the [and] |
|
|
list of registered voters, and the administration of voting by |
|
|
mail, from a cyber attack. |
|
|
(b-1) In conducting the study, the secretary of state shall |
|
|
consult with: |
|
|
(1) county election officials, including officials |
|
|
from any county targeted by a cyber attack; |
|
|
(2) local law enforcement officials, including county |
|
|
and district attorneys; |
|
|
(3) federal law enforcement officials, including |
|
|
officials from the United States Department of Homeland Security; |
|
|
and |
|
|
(4) experts in the field of cybersecurity risk and |
|
|
incident prevention. |
|
|
SECTION 2. Chapter 276, Election Code, is amended by adding |
|
|
Section 276.012 to read as follows: |
|
|
Sec. 276.012. REPORT OF CYBER ATTACK. A county clerk shall |
|
|
report any cyber attack or attempted cyber attack on a county's |
|
|
voting system to the secretary of state not later than 48 hours |
|
|
after the discovery of the attack or attempted attack. The |
|
|
secretary of state shall make available a record of the report of |
|
|
any cyber attack or attempted cyber attack to a member of the |
|
|
legislature. |
|
|
SECTION 3. This Act takes effect immediately if it receives |
|
|
a vote of two-thirds of all the members elected to each house, as |
|
|
provided by Section 39, Article III, Texas Constitution. If this |
|
|
Act does not receive the vote necessary for immediate effect, this |
|
|
Act takes effect December 1, 2017. |