October 2019 | From the Executive Director

Get Ready for New CyberSecurity Requirements

With the recent passage of SB 820 and HB 3834 in the Texas legislature, school districts need to ensure they are compliant with the new laws, parts of which went into effect on September 1 and need to be addressed as soon as possible.

1. Designate a Security Coordinator for Your District

SB 820, which went into effect September 1, 2019, requires that: "(d) The superintendent of each school district shall designate a cybersecurity coordinator to serve as a liaison between the district and the agency in cybersecurity matters."

Each district should determine who is the best person to oversee the district's security matters. Districts will report their designee to TEA through the AskTed system, as soon as TEA has finished adding the role of Cybersecurity Coordinator to that application.

2. Report CyberSecurity Breaches to TEA

Under SB 820, the security coordinator "(e) . . . shall report to the agency any cyber-attack or other cybersecurity incident against the district cyberinfrastrucure that constitutes a breach of system security as soon as practicable after the discovery of the attack or incident."

In SB 820, the definition of "breach" reads as follows:

(1) Breach of system security means an incident in which student information that is sensitive, protected, or confidential, as provided by state or federal law, is stolen or copied, transmitted, viewed, or used by a person unauthorized to engage in that action.

If a breach occurs, your district security coordinator should file an incident report with TEA via this specially created email at cybersecurity@tea.texas.gov.

3. Notify Parents of Cyber Attacks

As with any security incident, districts are responsible for notifying parents as soon as possible about student data breaches.

SB 820 states:

(f) The district’s cybersecurity coordinator shall provide notice to a parent of or person standing in parental relation to a student enrolled in the district of an attack or incident for which a report is required under Subsection (e) involving the student’s information.

Districts should follow their local policy about the procedures and format for notifying parents of such attacks.

4. Provide Cybersecurity Training

The new HB 3834 mandates that certain employees of government entities be required to take cybersecurity training. The law states:

 (a-1) At least once each year, a local government shall identify local government employees who have access to a local government computer system or database and require those employees and elected officials of the local government to complete a cybersecurity training program certified under Section 2054.519 or offered under Section 2054.519(f).

Local governments have been defined to include school districts. The Department of Information Resources (DIR) will be the entity responsible for certifying training programs for state and local government employees. Once the programs have been established, districts will be required to report their training. HB 3834 states:

(b) The governing body of a local government may select the most appropriate cybersecurity training program certified under Section 2054.519 or offered under Section 2054.519(f) for employees of the local government to complete. The governing body shall:

(1) verify and report on the completion of a cybersecurity training program by employees of the local government to the department (DIR); and

(2) require periodic audits to ensure compliance with this section.

 

How Texas K-12 CTO Council Can Help

The Texas K-12 CTO Council, in partnership with our parent organization the Consortium of School Networking (CoSN), has numerous resources to support districts as they work to provide the best possible protection for their systems. Last summer, our CTO Clinic focused on building a trusted learned environment through physical, network, and data security. We will continue that conversation at our Fall Technical Summit to be held in Aldine ISD on October 18.

In addition, we are hosting a Trusted Learning Environment (TLE) cohort this fall which will help districts become aware of and address their security vulnerabilities. Districts may want to consider working toward achieving the TLE national seal of approval from CoSN as a way of demonstrating to their communities that they are meeting the standards for secure environments.

Security will always be a hot topic for CTOs and our organization will continue to provide this key training for our members. Mark your calendars for our Winter Leadership Summit on January 26, 2020, at the Hilton Hotel in Austin, in conjunction with the TASA MidWinter Conference, and our summer CTO Clinic 2020 on June 17-18, 2020, at the Sheraton Hotel in Georgetown. We welcome and encourage technology leaders and other staff members to attend all our meetings and get involved in these important security conversations affecting your students and your schools.

I look forward to seeing you soon!

Alice Owen, Ph.D., CAE, CETL

Fall Technical Summit

Bring your technical staff and join the Texas K-12 CTO Council on October 18, 2019, at Aldine ISD!

The new format of this meeting focuses on the technical issues that your districts experience and gives your staff an opportunity to participate in topical discussions and exchange best practices with their peers.

In addition, Frosty Walker from TEA will update members on the most recent TX state legislation (SB 820 and HB 3834) and discuss what it means for security planning in our school districts. 

REGISTER now!

Join the CTO Council!

Who We Are

The Texas K-12 CTO Council is the state chapter of the Consortium for School Networking [CoSN] and the premier organization for chief technology officers in Texas schools. The purpose of the organization is to assist Texas K-12 school districts in understanding how to plan for the use and successful implementation of information technology in Texas schools and advocate for districts’ technology needs to improve student learning.

Membership

Members benefit from a host of professional development opportunities and access to a network of K-12 EdTech experts.

Events

Through professional development, conferences, meetings, webinars, and study groups, Texas K-12 CTO Council gives members a variety of opportunities to connect.

Jobs

View the most comprehensive job board within the Texas K-12 EdTech industry.

Recent News

Check out the latest in Texas K-12 CTO Council news.