| 1 | 1 | | 86R5791 SOS-D |
|---|
| 2 | 2 | | By: Minjarez H.B. No. 904 |
|---|
| 3 | 3 | | |
|---|
| 4 | 4 | | |
|---|
| 5 | 5 | | A BILL TO BE ENTITLED |
|---|
| 6 | 6 | | AN ACT |
|---|
| 7 | 7 | | relating to requiring The University of Texas at San Antonio to |
|---|
| 8 | 8 | | conduct a study regarding cyber attacks against financial |
|---|
| 9 | 9 | | institutions in this state. |
|---|
| 10 | 10 | | BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|---|
| 11 | 11 | | SECTION 1. Chapter 71, Education Code, is amended by adding |
|---|
| 12 | 12 | | Section 71.07 to read as follows: |
|---|
| 13 | 13 | | Sec. 71.07. STUDY AND REPORT REGARDING CYBER ATTACKS |
|---|
| 14 | 14 | | AGAINST FINANCIAL INSTITUTIONS. (a) In this section: |
|---|
| 15 | 15 | | (1) "Breach of system security" has the meaning |
|---|
| 16 | 16 | | assigned by Section 521.053, Business & Commerce Code. |
|---|
| 17 | 17 | | (2) "Financial institution" has the meaning assigned |
|---|
| 18 | 18 | | by Section 201.101, Finance Code. |
|---|
| 19 | 19 | | (b) The University of Texas at San Antonio shall conduct a |
|---|
| 20 | 20 | | study regarding cyber attacks against financial institutions in |
|---|
| 21 | 21 | | this state. The study must include: |
|---|
| 22 | 22 | | (1) an evaluation of: |
|---|
| 23 | 23 | | (A) the prevalence and impact of and breaches of |
|---|
| 24 | 24 | | system security resulting from cyber attacks on financial |
|---|
| 25 | 25 | | institutions; and |
|---|
| 26 | 26 | | (B) the vulnerability of financial institutions |
|---|
| 27 | 27 | | to cyber attacks and the security risks cyber attacks present to |
|---|
| 28 | 28 | | those institutions; |
|---|
| 29 | 29 | | (2) the identification of: |
|---|
| 30 | 30 | | (A) any projects necessary to modernize the |
|---|
| 31 | 31 | | security systems of financial institutions; |
|---|
| 32 | 32 | | (B) any recommendations to improve the |
|---|
| 33 | 33 | | cybersecurity infrastructure of financial institutions; and |
|---|
| 34 | 34 | | (C) best practices to prevent or lessen the |
|---|
| 35 | 35 | | impact of cyber attacks on financial institutions; and |
|---|
| 36 | 36 | | (3) an examination of any other aspect of cyber |
|---|
| 37 | 37 | | attacks on the operation of financial institutions as considered |
|---|
| 38 | 38 | | appropriate by the university. |
|---|
| 39 | 39 | | (c) In conducting the study, the university shall consult |
|---|
| 40 | 40 | | with: |
|---|
| 41 | 41 | | (1) the Department of Information Resources; |
|---|
| 42 | 42 | | (2) the Texas Department of Banking; |
|---|
| 43 | 43 | | (3) the Department of Savings and Mortgage Lending; |
|---|
| 44 | 44 | | (4) the Credit Union Department; |
|---|
| 45 | 45 | | (5) community stakeholders; and |
|---|
| 46 | 46 | | (6) other interested parties. |
|---|
| 47 | 47 | | (d) To the extent permitted by state or federal law, a |
|---|
| 48 | 48 | | financial institution shall cooperate with and provide, on request, |
|---|
| 49 | 49 | | information to The University of Texas at San Antonio to allow the |
|---|
| 50 | 50 | | university to perform its duties under this section. |
|---|
| 51 | 51 | | (e) Not later than December 1, 2020, The University of Texas |
|---|
| 52 | 52 | | at San Antonio shall submit a written report on the results of the |
|---|
| 53 | 53 | | study to the governor, the lieutenant governor, the speaker of the |
|---|
| 54 | 54 | | house of representatives, and the presiding officer of each |
|---|
| 55 | 55 | | standing committee of the senate and house of representatives |
|---|
| 56 | 56 | | having primary jurisdiction over financial services matters and to |
|---|
| 57 | 57 | | the Legislative Budget Board. The report must include any |
|---|
| 58 | 58 | | recommendations for changes to applicable state statutes or rules. |
|---|
| 59 | 59 | | (f) This section expires September 1, 2021. |
|---|
| 60 | 60 | | SECTION 2. This Act takes effect September 1, 2019. |
|---|