BILL ANALYSIS
|
Senate Research Center |
S.B. 1696 |
|
|
By: Paxton |
|
|
Education |
|
|
6/10/2021 |
|
|
Enrolled |
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
In 2020, schools began shifting to online courses and remote learning because of the COVID-19 public health emergency. School districts have the same vulnerabilities to cyber attacks as other state agencies, local governments, and private employers. Many school districts have information security officers that provide the necessary security, but many of the over 1,200 school districts will not have the same consistent approach, necessary funding, or necessary personnel to maintain and keep up with technology enhancements for cybersecurity.
With attacks becoming more sophisticated, school districts must also become more sophisticated in reducing the risk of security breaches and protecting their information systems. The goal of S.B. 1696 is to provide basic support for a collective defense demonstration project at the Texas Education Agency.
(Original Author's/Sponsor's Statement of Intent)
S.B. 1696 amends current law relating to establishing a system for the sharing of information regarding cyber attacks or other cybersecurity incidents occurring in schools in this state.
RULEMAKING AUTHORITY
Rulemaking authority is expressly granted to the commissioner of education in SECTION 2 (Section 11.175, Education Code) of this bill.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends the heading to Section 11.175, Education Code, to read as follows:
Sec. 11.175. SCHOOL CYBERSECURITY.
SECTION 2. Amends Section 11.175, Education Code, by amending Subsection (e) and adding Subsections (g), (h), and (i), as follows:
(e) Requires a school district or open-enrollment charter school, rather than the district's cybersecurity coordinator, to report to the Texas Education Agency (TEA) or, if applicable, the entity that administers the system established under Subsection (g) any cyber attack or other cybersecurity incident against the school district's or open‑enrollment charter school's cyberinfrastructure, rather than against the district cyberinfrastructure, that constitutes a breach of system security as soon as practicable after the discovery of the attack or incident.
(g) Requires TEA to establish and maintain a system to coordinate the anonymous sharing of information concerning cyber attacks or other cybersecurity incidents between participating schools and the state in coordination with the Texas Department of Information Resources. Requires that the system include each report made under Subsection (e), provide for reports made under Subsection (e) to be shared between participating schools in as close to real time as possible, and preserve a reporting school's anonymity by preventing the disclosure through the system of the name of the school at which an attack or incident occurred.
(h) Authorizes TEA, in establishing the system under Subsection (g), to contract with a qualified third party to administer the system.
(i) Requires the commissioner of education to adopt rules as necessary to implement Section 11.175.
SECTION 3. Effective date: September 1, 2021.