By: Paxton S.B. No. 1696
A BILL TO BE ENTITLED
AN ACT
relating to establishing a system for the sharing of information
regarding cyber attacks or other cybersecurity incidents occurring
in schools in this state.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. The heading to Section 11.175, Education Code,
is amended to read as follows:
Sec. 11.175. SCHOOL DISTRICT AND OPEN-ENROLLMENT CHARTER
SCHOOL CYBERSECURITY.
SECTION 2. Section 11.175, Education Code, is amended by
amending Subsections (b), (c), (d), and (e) and adding Subsections
(g), (h), and (i) to read as follows:
(b) Each school district and open-enrollment charter school
shall adopt a cybersecurity policy to:
(1) secure district cyberinfrastructure against cyber
attacks and other cybersecurity incidents; and
(2) determine cybersecurity risk and implement
mitigation planning.
(c) A school district's or open-enrollment charter school's
cybersecurity policy may not conflict with the information security
standards for institutions of higher education adopted by the
Department of Information Resources under Chapters 2054 and 2059,
Government Code.
(d) The superintendent of each school district and
open-enrollment charter school shall designate a cybersecurity
coordinator to serve as a liaison between the district or school and
the agency in cybersecurity matters.
(e) A [The district's] cybersecurity coordinator designated
under Subsection (d) shall report to the agency or, if applicable,
the entity that administers the system established under Subsection
(g) any cyber attack or other cybersecurity incident against the
school district's or open-enrollment charter school's [district]
cyberinfrastructure that constitutes a breach of system security as
soon as practicable after the discovery of the attack or incident.
(g) The agency, in coordination with the Department of
Information Resources, shall establish and maintain a system to
coordinate the anonymous sharing of information concerning cyber
attacks or other cybersecurity incidents between participating
public and private schools and the state. The system must:
(1) include each report made under Subsection (e);
(2) provide for reports made under Subsection (e) to
be shared between participating schools in as close to real time as
possible; and
(3) preserve a reporting school's anonymity by
preventing the disclosure through the system of the name of the
school at which an attack or incident occurred.
(h) In establishing the system under Subsection (g), the
agency may:
(1) contract with a qualified third party to
administer the system; and
(2) allow open-enrollment charter schools and private
schools in this state to report and receive information through the
system.
(i) The commissioner shall adopt rules as necessary to
implement this section.
SECTION 3. This Act takes effect September 1, 2021.