| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to a requirement that a school district adopt a |
|
|
cybersecurity policy. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subchapter D, Chapter 11, Education Code, is |
|
|
amended by adding Section 11.175 to read as follows: |
|
|
Sec. 11.175. DISTRICT CYBERSECURITY. (a) In this section: |
|
|
(1) "Cyber attack" means an attempt to damage, |
|
|
disrupt, or gain unauthorized access to a computer, computer |
|
|
network, or computer system. |
|
|
(2) "Cybersecurity" means the measures taken to |
|
|
protect a computer, computer network, or computer system against |
|
|
unauthorized use or access. |
|
|
(b) Each school district shall adopt a cybersecurity policy |
|
|
to: |
|
|
(1) secure district cyberinfrastructure against cyber |
|
|
attacks and other cybersecurity incidents; and |
|
|
(2) determine cybersecurity risk and implement |
|
|
mitigation planning. |
|
|
(c) A school district's cybersecurity policy may not |
|
|
conflict with the information security standards for institutions |
|
|
of higher education adopted by the Department of Information |
|
|
Resources under Chapters 2054 and 2059, Government Code. |
|
|
(d) The superintendent of each school district shall |
|
|
designate a cybersecurity coordinator to serve as a liaison between |
|
|
the district and the agency in cybersecurity matters. |
|
|
(e) The district's cybersecurity coordinator shall report |
|
|
to the agency any cyber attack or other cybersecurity incident |
|
|
against the district cyberinfrastructure that constitutes a breach |
|
|
of system security as defined by Section 521.053, Business & |
|
|
Commerce Code, as soon as practicable after the discovery of the |
|
|
attack or incident. |
|
|
SECTION 2. This Act takes effect September 1, 2019. |