BILL ANALYSIS
|
Senate Research Center |
S.B. 1696 |
|
87R8096 MLH-D |
By: Paxton |
|
|
Education |
|
|
4/6/2021 |
|
|
As Filed |
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
In 2020, schools began shifting to online courses and remote learning because of the COVID-19 public health emergency. School districts have the same vulnerabilities to cyber attacks as other state agencies, local governments, and private employers. Many school districts have information security officers that provide the necessary security, but many of the over 1,200 school districts will not have the same consistent approach, necessary funding, or necessary personnel to maintain and keep up with technology enhancements for cybersecurity.
With attacks becoming more sophisticated, school districts must also become more sophisticated in reducing the risk of security breaches and protecting their information systems. The goal of S.B. 1696 is to provide basic support for a collective defense demonstration project at the Texas Education Agency.
As proposed, S.B. 1696 amends current law relating to establishing a system for the sharing of information regarding cyber attacks or other cybersecurity incidents occurring in schools in this state.
RULEMAKING AUTHORITY
Rulemaking authority is expressly granted to commissioner of education in SECTION 1 (Section 11.175, Education Code) of this bill.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Section 11.175, Education Code, by amending Subsection (e) and adding Subsections (g), (h), and (i), as follows:
(e) Requires the district's cybersecurity coordinator to report to the Texas Education Agency (agency), or if applicable, the entity that administers the system established under Subsection (g) any cyber attack or other cybersecurity incident against the district cyberinfrastructure that constitutes a breach of system security as soon as practicable after the discovery of the attack or incident.
(g) Requires TEA to establish and maintain a system to coordinate the anonymous sharing of information concerning cyber attacks or other cybersecurity incidents between public and private schools and the state in coordination with the Texas Department of Information Resources. Requires that the system include each report made under Subsection (e), provide for reports made under Subsection (e) to be shared between schools in as close to real time as possible, and preserve a reporting school's anonymity by preventing the disclosure through the system of the name of the school at which an attack or incident occurred.
(h) Authorizes TEA, in establishing the system under Subsection (g), to contract with a qualified third party to administer the system, and to allow open-enrollment charter schools and private schools in this state to report and receive information through the system.
(i) Requires the commissioner of education to adopt rules as necessary to implement Section 11.175 (District Cybersecurity).
SECTION 2. Effective date: September 1, 2021.