CyberSecurity

• Texas (H.B.1118) – Requires local governments that apply for state grants to submit with their grant applications, a written certification of compliance with the cybersecurity training required by Texas law. Expands mandatory cybersecurity training to include elected and appointed officials.

• Texas (H.B.4018) Creates a technology improvement and modernization account to improve and modernize state agency information resources, including legacy system projects and cybersecurity projects.

• Texas (S.B.475)- Allows state agencies or entities to receive cybersecurity support and network security provided by a regional network security center.

• Texas (S.B.1267) – Relates to continuing education and training requirements for educators and other school district personnel. Specifies that only the school district's cybersecurity coordinator is required to complete the cybersecurity training on an annual basis. Any other school district employee required to complete the cybersecurity training shall complete the training as determined by the district, in consultation with the district's cybersecurity coordinator.

• Texas (S.B.1696) – Requires the Texas Education Agency, in coordination with the Department of Information Resources, to establish and maintain a system to coordinate the anonymous sharing of information concerning cyberattacks or other cybersecurity incidents between public and private schools and the state.

• Texas H.B.3298 (computer science strategic advisory committee to recommend computer science learning opportunities)

• Texas HB3804 (continuing education and training requirements for educators and school district personnel re: cybersecurity)

• Texas H.B.3743 (any district that contracts with provider to provide web services for distance learning must include industry-standard base level of cybersecurity and privacy protection for students and educators)

• Texas H.B.3892 (safety and security audits by schools must include information related to the technology cybersecurity assessment)

• Texas S.B.1267 (enacted, continuing education and training requirements for educators and school district personnel re: cybersecurity)

• Texas S.B.1696 (enacted, establish and maintain coordinated system re: anonymous sharing of information concerning cyberattacks or other cybersecurity incidents between public and private schools and the state)

• Texas S.B.2135 (pathways to assist students in transitioning from cybersecurity coursework or training in high school to degree or certificate program)

With the passage of Senate Bill 820 from the 86^th Texas Legislature, districts are now required to implement several security measures. Beginning September 1, 2019, districts will need to:

• Designate a security coordinator
• Adopt a cybersecurity policy
• Report any breach of student personally identifiable data to TEA

CyberSecurity Policy:

A district is required to have a cybersecurity policy in order to:

1. secure district cyberinfrastructure against cyber attacks and other cybersecurity incidents.
2. determine cybersecurity risk and implement mitigation planning.

The policy may not conflict with the information security standards for institutions of higher education adopted by the Department of Information Resources under Chapters 2054 and 2059, Government Code.

CyberSecurity Coordinator:

The superintendent of each school district must designate someone to be the cybersecurity coordinator for the district to serve as a liaison between the district and the agency in cybersecurity matters.

The cybersecurity coordinator is required to:

• report any breach of the district’s information systems to the agency. 
• provide notice to a parent or guardian of a breach that involves a student’s PIA.

Statewide Cybersecurity Awareness Training

House Bill 1118 (87R) amends some of the cybersecurity training requirements for state and local governments. Here is a link to the bill text.  Organizations are encouraged to confer with their legal counsel concerning specific requirements, or if there are additional questions. DIR has published a new certification form for the FY2022 training cycle for entities to verify compliance.

What is a Certified Cybersecurity Training Program? 

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires  requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees and officials to complete a certified training program. The statute also requires state government contractors to complete a certified training program.

Annual Timeline

Read more.

• TEA CyberSecurity Tips and Tools (webinars)
• Texas CyberSecurity Framework Controls and Definitions
• Texas CyberSecurity Strategic Plan 2018
• NIST Standards for CyberSecurity
• NIST Framework for Improving Critical Infrastructure CyberSecurity V1.1
• Trusted Learning Environment Framework
• CyberSecurity CoSN Resources
• Top 5 Cybersecurity Threats
• District Security Checklist
• Cyber Insurance
• DIR Incident Response Team Redbook