| 1 | 1 | | 85S10633 SRS-F |
|---|
| 2 | 2 | | By: Reynolds H.B. No. 342 |
|---|
| 3 | 3 | | |
|---|
| 4 | 4 | | |
|---|
| 5 | 5 | | A BILL TO BE ENTITLED |
|---|
| 6 | 6 | | AN ACT |
|---|
| 7 | 7 | | relating to cybersecurity for voting systems. |
|---|
| 8 | 8 | | BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|---|
| 9 | 9 | | SECTION 1. Section 276.011, Election Code, as added by |
|---|
| 10 | 10 | | Chapter 683 (H.B. 8), Acts of the 85th Legislature, Regular |
|---|
| 11 | 11 | | Session, 2017, as effective September 1, 2017, is amended by |
|---|
| 12 | 12 | | amending Subsections (a) and (b) and adding Subsection (b-1) to |
|---|
| 13 | 13 | | read as follows: |
|---|
| 14 | 14 | | (a) Not later than September [December] 1, 2018, the |
|---|
| 15 | 15 | | secretary of state shall: |
|---|
| 16 | 16 | | (1) conduct a study regarding cyber attacks on |
|---|
| 17 | 17 | | election infrastructure; |
|---|
| 18 | 18 | | (2) prepare a public summary report on the study's |
|---|
| 19 | 19 | | findings that does not contain any information the release of which |
|---|
| 20 | 20 | | may compromise any election; |
|---|
| 21 | 21 | | (3) prepare a confidential report on specific findings |
|---|
| 22 | 22 | | and vulnerabilities that is exempt from disclosure under Chapter |
|---|
| 23 | 23 | | 552, Government Code; and |
|---|
| 24 | 24 | | (4) submit to the [standing committees of the] |
|---|
| 25 | 25 | | legislature [with jurisdiction over election procedures] a copy of |
|---|
| 26 | 26 | | the report required under Subdivision (2) and a general compilation |
|---|
| 27 | 27 | | of the report required under Subdivision (3) that does not contain |
|---|
| 28 | 28 | | any information the release of which may compromise any election. |
|---|
| 29 | 29 | | (b) The study must include: |
|---|
| 30 | 30 | | (1) an investigation of vulnerabilities and risks for |
|---|
| 31 | 31 | | a cyber attack against all voting systems, including a county's |
|---|
| 32 | 32 | | voting system machines, [or] the list of registered voters, or the |
|---|
| 33 | 33 | | administration of voting by mail; |
|---|
| 34 | 34 | | (2) information on any attempted cyber attack on all |
|---|
| 35 | 35 | | voting systems, including a county's voting system machines, [or] |
|---|
| 36 | 36 | | the list of registered voters, or the administration of voting by |
|---|
| 37 | 37 | | mail; and |
|---|
| 38 | 38 | | (3) recommendations for protecting all voting |
|---|
| 39 | 39 | | systems, including a county's voting system machines, the [and] |
|---|
| 40 | 40 | | list of registered voters, and the administration of voting by |
|---|
| 41 | 41 | | mail, from a cyber attack. |
|---|
| 42 | 42 | | (b-1) In conducting the study, the secretary of state shall |
|---|
| 43 | 43 | | consult with: |
|---|
| 44 | 44 | | (1) county election officials, including officials |
|---|
| 45 | 45 | | from any county targeted by a cyber attack; |
|---|
| 46 | 46 | | (2) local law enforcement officials, including county |
|---|
| 47 | 47 | | and district attorneys; |
|---|
| 48 | 48 | | (3) federal law enforcement officials, including |
|---|
| 49 | 49 | | officials from the United States Department of Homeland Security; |
|---|
| 50 | 50 | | and |
|---|
| 51 | 51 | | (4) experts in the field of cybersecurity risk and |
|---|
| 52 | 52 | | incident prevention. |
|---|
| 53 | 53 | | SECTION 2. Chapter 276, Election Code, is amended by adding |
|---|
| 54 | 54 | | Section 276.012 to read as follows: |
|---|
| 55 | 55 | | Sec. 276.012. REPORT OF CYBER ATTACK. A county clerk shall |
|---|
| 56 | 56 | | report any cyber attack or attempted cyber attack on a county's |
|---|
| 57 | 57 | | voting system to the secretary of state not later than 48 hours |
|---|
| 58 | 58 | | after the discovery of the attack or attempted attack. The |
|---|
| 59 | 59 | | secretary of state shall make available a record of the report of |
|---|
| 60 | 60 | | any cyber attack or attempted cyber attack to a member of the |
|---|
| 61 | 61 | | legislature. |
|---|
| 62 | 62 | | SECTION 3. This Act takes effect immediately if it receives |
|---|
| 63 | 63 | | a vote of two-thirds of all the members elected to each house, as |
|---|
| 64 | 64 | | provided by Section 39, Article III, Texas Constitution. If this |
|---|
| 65 | 65 | | Act does not receive the vote necessary for immediate effect, this |
|---|
| 66 | 66 | | Act takes effect December 1, 2017. |
|---|