| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to the application of the open meetings law and public |
|
|
information law to government information related to certain |
|
|
cybersecurity measures. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subchapter D, Chapter 551, Government Code, is |
|
|
amended by adding Section 551.0761 to read as follows: |
|
|
Sec. 551.0761. DELIBERATION REGARDING CRITICAL |
|
|
INFRASTRUCTURE FACILITY; CLOSED MEETING. (a) In this section: |
|
|
(1) "Critical infrastructure facility" means a |
|
|
communication infrastructure system, cybersecurity system, |
|
|
electric grid, electrical power generating facility, substation, |
|
|
switching station, electrical control center, natural gas and |
|
|
natural gas liquids gathering, processing, and storage |
|
|
transmission and distribution system, hazardous waste treatment |
|
|
system, water treatment facility, water intake structure, |
|
|
wastewater treatment plant, pump station, or water pipeline and |
|
|
related support facility, equipment, and property. |
|
|
(2) "Cybersecurity" means the measures taken to |
|
|
protect a computer, a computer network, a computer system, or other |
|
|
technology infrastructure against unauthorized use or access. |
|
|
(b) This chapter does not require a governmental body to |
|
|
conduct an open meeting to deliberate a cybersecurity measure, |
|
|
policy, or contract solely intended to protect a critical |
|
|
infrastructure facility located in the jurisdiction of the |
|
|
governmental body. |
|
|
SECTION 2. Subchapter C, Chapter 552, Government Code, is |
|
|
amended by adding Section 552.1391 to read as follows: |
|
|
Sec. 552.1391. EXCEPTION: CONFIDENTIALITY OF |
|
|
CYBERSECURITY MEASURES. (a) In this section: |
|
|
(1) "Critical infrastructure facility" has the |
|
|
meaning assigned by Section 551.0761. |
|
|
(2) "Cybersecurity" has the meaning assigned by |
|
|
Section 551.0761. |
|
|
(b) Information is excepted from the requirements of |
|
|
Section 552.021 if it is information that relates to: |
|
|
(1) a cybersecurity measure, policy, or contract |
|
|
solely intended to protect a critical infrastructure facility |
|
|
located in the jurisdiction of the governmental body; |
|
|
(2) coverage limits and deductible amounts for |
|
|
insurance or other risk mitigation coverages acquired for the |
|
|
protection of information technology systems, critical |
|
|
infrastructure, operational technology systems, or data of a |
|
|
governmental body or the amount of money set aside by a governmental |
|
|
body to self-insure against those risks; |
|
|
(3) cybersecurity incident information reported |
|
|
pursuant to state law; and |
|
|
(4) network schematics, hardware and software |
|
|
configurations, or encryption information or information that |
|
|
identifies the detection, investigation, or response practices for |
|
|
suspected or confirmed cybersecurity incidents if the disclosure of |
|
|
such information would facilitate unauthorized access to: |
|
|
(A) data or information, whether physical or |
|
|
virtual; or |
|
|
(B) information technology resources, including |
|
|
a governmental body's existing or proposed information technology |
|
|
system. |
|
|
(c) A governmental body may disclose information made |
|
|
confidential by this section to comply with applicable state or |
|
|
federal law or a court order. |
|
|
SECTION 3. This Act takes effect immediately if it receives |
|
|
a vote of two-thirds of all the members elected to each house, as |
|
|
provided by Section 39, Article III, Texas Constitution. If this |
|
|
Act does not receive the vote necessary for immediate effect, this |
|
|
Act takes effect September 1, 2025. |