| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
| |
|
|
relating to a requirement that a school district develop and |
|
|
maintain a cybersecurity framework. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subchapter D, Chapter 11, Education Code, is |
|
|
amended by adding Section 11.175 to read as follows: |
|
|
Sec. 11.175. DISTRICT CYBERSECURITY. (a) In this section: |
|
|
(1) "Cyber attack" means an attempt to damage, |
|
|
disrupt, or gain unauthorized access to a computer, computer |
|
|
network, or computer system. |
|
|
(2) "Cybersecurity" means the measures taken to |
|
|
protect a computer, computer network, or computer system against |
|
|
unauthorized use or access. |
|
|
(b) Each school district shall develop and maintain a |
|
|
cybersecurity framework for: |
|
|
(1) the securing of district cyberinfrastructure |
|
|
against cyber attacks and other cybersecurity incidents; and |
|
|
(2) cybersecurity risk assessment and mitigation |
|
|
planning. |
|
|
(c) A school district's cybersecurity framework must be |
|
|
consistent with the information security standards for |
|
|
institutions of higher education adopted by the Department of |
|
|
Information Resources under Chapters 2054 and 2059, Government |
|
|
Code. |
|
|
(d) The superintendent of each school district shall |
|
|
designate a cybersecurity coordinator to serve as a liaison between |
|
|
the district and the agency in cybersecurity matters. |
|
|
(e) The district's cybersecurity coordinator shall report |
|
|
to the agency any cyber attack, attempted cyber attack, or other |
|
|
cybersecurity incident against the district cyberinfrastructure as |
|
|
soon as practicable after the discovery of the attack or incident. |
|
|
SECTION 2. This Act takes effect September 1, 2019. |
|
|
|
|
|
* * * * * |