This website will be unavailable from Friday, April 26, 2024 at 6:00 p.m. through Monday, April 29, 2024 at 7:00 a.m. due to data center maintenance.

BILL ANALYSIS

 

 

Senate Research Center

H.B. 1421

86R19459 ADM-D

By: Israel et al. (Zaffirini)

 

State Affairs

 

5/9/2019

 

Engrossed

 

 

 

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

 

In 2017 the legislature directed the Secretary of State (SOS) to conduct a study to address the state's election security vulnerabilities. Generally, H.B. 1421 would strengthen Texas's election infrastructure by requiring all counties to participate in cybersecurity training and risk assessments of their work environments if the necessary funds are available. H.B. 1421 would not place a financial burden on counties because federal funds received in connection with the federal Help America Vote Act are earmarked for cybersecurity purposes through the Secretary of State's Office. Many cybersecurity programs currently are offered to counties free of charge using this funding.

 

Specifically, H.B. 1421 would require SOS to adopt rules defining best practices to reduce the risks related to electronic election data and systems. If funds are available, H.B. 1421 would require county election officers to implement cybersecurity measures to comply with those rules and require the county to receive a cybersecurity assessment recommended by SOS. What's more, H.B. 1421 would require SOS to provide annual training regarding best practices to all appropriate SOS personnel and require a county election officer to request training on cybersecurity from SOS. Also, counties must request training annually from another provider of cybersecurity training if funding is available. Finally, H.B. 1421 would require SOS to notify members of the relevant standing committees in the legislature if he or she becomes aware of a cybersecurity breach that affects election data. Relatedly, a county election officer who becomes aware of a cybersecurity breach would be required to notify SOS immediately. H.B. 1421 would help reduce the risk of data breaches and other cybersecurity incidents that could present significant costs.

 

H.B. 1421 amends current law relating to cybersecurity of voter registration lists and other election-related documents, systems, and technology.

 

RULEMAKING AUTHORITY

 

Rulemaking authority is expressly granted to the secretary of state in SECTION 1 (Section 279.002, Election Code) of this bill.

 

SECTION BY SECTION ANALYSIS

 

SECTION 1. Amends Title 16, Election Code, by adding Chapter 279, as follows:

 

CHAPTER 279. CYBERSECURITY OF ELECTION SYSTEMS

 

Sec. 279.001. DEFINITIONS. Defines "election data" and "election system" and defines "county election officer" (officer) for purposes of this chapter.

 

Sec. 279.002. ELECTION CYBERSECURITY: SECRETARY OF STATE. (a) Requires the secretary of state (SOS) to adopt rules defining classes of protected election data and establishing best practices for identifying and reducing risk to the electronic use, storage, and transmission of election data and the security of election systems.

 

(b) Requires SOS to offer training on best practices:

 

(1) on an annual basis, to all appropriate personnel in the Office of the Secretary of State; and

 

(2) on request, to officers in this state.

 

(c) Requires SOS, if SOS becomes aware of a breach of cybersecurity that impacts election data, to immediately notify the members of the standing committees of each house of the legislature with jurisdiction over elections.

 

Sec. 279.003. ELECTION CYBERSECURITY: COUNTY ELECTION OFFICERS. (a) Requires an officer to request training on cybersecurity:

 

(1) from SOS; and

 

(2) on an annual basis from another provider of cybersecurity training, if the officer has available state funds for that purpose.

 

(b) Requires an officer to request an assessment of the cybersecurity of the county's election system from a provider of cybersecurity assessments if SOS recommends an assessment and the necessary funds are available.

 

(c) Requires the officer, if an officer becomes aware of a breach of cybersecurity that impacts election data, to immediately notify SOS.

 

(d) Requires an officer, to the extent that state funds are available for the purpose, to implement cybersecurity measures to ensure that all devices with access to election data comply to the highest extent possible with rules adopted by SOS under Section 279.002.

 

SECTION 2. This Act takes effect September 1, 2019.