Skip to Main Content

CyberSecurity

CoSN High Level Summary of Texas Cybersecurity Laws

  • Texas (H.B.1118) – Requires local governments that apply for state grants to submit with their grant applications, a written certification of compliance with the cybersecurity training required by Texas law. Expands mandatory cybersecurity training to include elected and appointed officials.

  • Texas (H.B.4018) Creates a technology improvement and modernization account to improve and modernize state agency information resources, including legacy system projects and cybersecurity projects.

  • Texas (S.B.475)- Allows state agencies or entities to receive cybersecurity support and network security provided by a regional network security center.

  • Texas (S.B.1267) – Relates to continuing education and training requirements for educators and other school district personnel. Specifies that only the school district's cybersecurity coordinator is required to complete the cybersecurity training on an annual basis. Any other school district employee required to complete the cybersecurity training shall complete the training as determined by the district, in consultation with the district's cybersecurity coordinator.

  • Texas (S.B.1696) – Requires the Texas Education Agency, in coordination with the Department of Information Resources, to establish and maintain a system to coordinate the anonymous sharing of information concerning cyberattacks or other cybersecurity incidents between public and private schools and the state.

K-12 Focused Cybersecurity Bills Introduced in Texas

  • Texas H.B.3298 (computer science strategic advisory committee to recommend computer science learning opportunities)

  • Texas HB3804 (continuing education and training requirements for educators and school district personnel re: cybersecurity)

  • Texas H.B.3743 (any district that contracts with provider to provide web services for distance learning must include industry-standard base level of cybersecurity and privacy protection for students and educators)

  • Texas H.B.3892 (safety and security audits by schools must include information related to the technology cybersecurity assessment)

  • Texas S.B.1267 (enacted, continuing education and training requirements for educators and school district personnel re: cybersecurity)

  • Texas S.B.1696 (enacted, establish and maintain coordinated system re: anonymous sharing of information concerning cyberattacks or other cybersecurity incidents between public and private schools and the state)

  • Texas S.B.2135 (pathways to assist students in transitioning from cybersecurity coursework or training in high school to degree or certificate program)

CyberSecurity and Senate Bill 820

With the passage of Senate Bill 820 from the 86th Texas Legislature, districts are now required to implement several security measures. Beginning September 1, 2019, districts will need to:

  • Designate a security coordinator
  • Adopt a cybersecurity policy
  • Report any breach of student personally identifiable data to TEA

 

CyberSecurity Policy:

A district is required to have a cybersecurity policy in order to:

  1. secure district cyberinfrastructure against cyber attacks and other cybersecurity incidents.
  2. determine cybersecurity risk and implement mitigation planning.

The policy may not conflict with the information security standards for institutions of higher education adopted by the Department of Information Resources under Chapters 2054 and 2059, Government Code.

 

CyberSecurity Coordinator:

The superintendent of each school district must designate someone to be the cybersecurity coordinator for the district to serve as a liaison between the district and the agency in cybersecurity matters.

The cybersecurity coordinator is required to:

  • report any breach of the district’s information systems to the agency. 
  • provide notice to a parent or guardian of a breach that involves a student’s PIA.

 

Statewide Cybersecurity Awareness Training

House Bill 1118 (87R) amends some of the cybersecurity training requirements for state and local governments. Here is a link to the bill text.  Organizations are encouraged to confer with their legal counsel concerning specific requirements, or if there are additional questions. DIR has published a new certification form for the FY2022 training cycle for entities to verify compliance.

 

What is a Certified Cybersecurity Training Program? 

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires  requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees and officials to complete a certified training program. The statute also requires state government contractors to complete a certified training program.

 

Annual Timeline

Date Entity Description
Annually All government entities Train employees on certified training programs
March 15 - April 30 DIR DIR with consultation of the Texas Cybersecurity Council reviews requirements of the certified training programs
May 15 DIR Updated list of certification requirements published
June 1 Training providers and government entities Submission of training programs begins
July 31 Training providers Submission of training program ends
August 31 DIR New list of certified training providers published
August 31 All government entities Report completion of training submitted to DIR via the web form

 

Read more.

CoSN Cybersecurity Legislation Review

State leaders’ desire to help schools and higher education institutions better defend themselves from cyberattacks expanded significantly in 2021. Legislators in 40 states introduced at least 170 cybersecurity bills that focused directly or indirectly on the education sector. That growth represents a major increase in legislative activity compared to 2020 when state leaders introduced only 87 comparable cybersecurity bills. Fifty-one of the 2021 bills – in 30 states - became law. The new laws revealed several national trends, including policies focused on required incident reporting, state governance changes, dedicated state agency funding, required state planning, and creating exemptions from state “sunshine laws” for sensitive cybersecurity information. Read the full report.

2021 General TX Cybersecurity Bills with No Specific Education Sector References

  • Texas H.B.1118 (enacted, compliance with cybersecurity training requirements)

  • Texas H.B.2066 (emergency management for cybersecurity events)

  • Texas H.B.4018 (enacted, technology improvement and modernization account, may be used for

    cybersecurity projects)

  • Texas H.B.4071 (endpoint devices that are approved must meet cybersecurity framework)

  • Texas S.B.345 (compliance with cybersecurity training requirements)

  • Texas S.B.475 (enacted, cybersecurity support and network security provided by regional network

    security center)

Texas Bills that Address Cybersecurity Training

  • Texas H.B.1118 (enacted, compliance with cybersecurity training requirements)

  • Texas H.B.3804 (continuing education and training requirements for educators and school district

    personnel re: cybersecurity)

  • Texas S.B.345 (compliance with cybersecurity training requirements)

  • Texas S.B.1267 (enacted, continuing education and training requirements for educators and

    school district personnel relating to cybersecurity)

TASB Cybersecurity Resources 

These and other articles can be found on TASB's Technology page in the TASB Legal eSource Library, which is constantly updated and increased.

SB 15 – Tools on Local Remote Learning Programs

The following resources are available for administrators in response to the recent passage of SB 15, the bill allowing school districts to receive funding for virtual learning starting with the current school year:

Cybersecurity Planning Workshops

TETL will be hosting various workshops across the state to help you and your team members understand the new laws around cybersecurity and get you started on your cybersecurity plan. This will be a hands-on, working session to assist you in developing your plan and staying in compliance with the new legislation (SB 820 and HB 3834). We encourage you to bring a team so you can work on these items together.