[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 8612 Introduced in House (IH)]

<DOC>






116th CONGRESS
  2d Session
                                H. R. 8612

To direct the Director of the Cybersecurity and Infrastructure Security 
Agency to establish a School Cybersecurity Clearinghouse, and for other 
                               purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            October 16, 2020

  Ms. Matsui (for herself and Mr. Langevin) introduced the following 
bill; which was referred to the Committee on Homeland Security, and in 
addition to the Committees on Education and Labor, and Science, Space, 
   and Technology, for a period to be subsequently determined by the 
  Speaker, in each case for consideration of such provisions as fall 
           within the jurisdiction of the committee concerned

_______________________________________________________________________

                                 A BILL


 
To direct the Director of the Cybersecurity and Infrastructure Security 
Agency to establish a School Cybersecurity Clearinghouse, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may cited as the ``Enhancing K-12 Cybersecurity Act''.

SEC. 2. SCHOOL CYBERSECURITY CLEARINGHOUSE.

    (a) Establishment.--The Director of the Cybersecurity and 
Infrastructure Security Agency shall establish a publicly accessible 
website (to be known as the ``School Cybersecurity Clearinghouse'') to 
disseminate information, best practices, and grant opportunities in 
accordance with subsection (b) and section 2(e).
    (b) Duties.--In establishing the School Cybersecurity Clearinghouse 
under subsection (a), the Secretary shall--
            (1) engage appropriate Federal, State, local, and 
        nongovernmental organizations to identify, promote, and 
        disseminate information and best practices for local 
        educational agencies (as defined in section 101 of the 
        Elementary and Secondary Education Act of 1965 (20 U.S.C. 
        8101)) with respect to cybersecurity, data protection, remote 
        learning security, and student online privacy; and
            (2) maintain a searchable database for an elementary 
        school, secondary school, local educational agency, State 
        educational agency, and educational service agency to find and 
        apply for funding opportunities (including the opportunity 
        provided under section 3) to improve cybersecurity.
    (c) Consultation.--In carrying out the duties under subsection (b), 
the Secretary shall consult with the following:
            (1) The Secretary of Education.
            (2) The Director of the National Institute of Standards and 
        Technology.
            (3) The Federal Communication Commission.
            (4) The Director of the National Science Foundation.
            (5) The Federal Bureau of Investigation.
            (6) State and local leaders, including, when appropriate, 
        Governors, members of State legislatures and State boards of 
        education, local educational agencies, representatives of 
        Indian tribes, teachers, principals, other school leaders, 
        charter school leaders, specialized instructional support 
        personnel, paraprofessionals, administrators, other staff, and 
        parents.

SEC. 3. CYBERSECURITY REGISTRY.

    (a) In General.--The Director of the Cybersecurity and 
Infrastructure Security Agency shall establish a voluntary registry of 
information relating to cyber attacks on elementary schools and 
secondary schools.
    (b) Use.--Information in the registry established pursuant to 
subsection (a) may be used to--
            (1) improve data collection and coordination activities 
        related to the nationwide monitoring of the incidence and 
        financial impact of cyber attacks on elementary schools and 
        secondary schools;
            (2) conduct analyses regarding trends in cyber attacks 
        against such schools;
            (3) develop systematic approaches to assist such schools in 
        preventing and responding to cyber attacks;
            (4) increase the awareness and preparedness of elementary 
        school and secondary school administrators regarding the 
        cybersecurity of such schools; and
            (5) identify, prevent, or investigate cyber attacks on 
        elementary schools and secondary schools.
    (c) Information Collection.--The Director of the Cybersecurity and 
Infrastructure Security Agency may collect information relating to 
cyber attacks on schools to store in the registry established pursuant 
to subsection (a). Such information may be submitted by schools and may 
include the following:
            (1) The dates of each cyber attack, including the dates on 
        which each such attack was initially detected and the dates on 
        which each such attack was first reported.
            (2) A description of each cyber attack which shall include 
        whether each such attack was as a result of a breach, malware, 
        distributed denial of service attack, or other method designed 
        to cause a vulnerability.
            (3) The effects of each cyber attack, including 
        descriptions of the type and size of each such attack.
            (4) Other information determined relevant by the Secretary.
    (d) Access.--The Director of the Cybersecurity and Infrastructure 
Security Agency may make information submitted to the registry 
established pursuant to subsection (a) available to relevant law 
enforcement agencies, and State and local government agencies, as 
determined appropriate, for the purpose identified in subsection 
(b)(5).
    (e) Report.--The Director of the Cybersecurity and Infrastructure 
Security Agency shall make available on the School Cybersecurity 
Clearinghouse established under section 1, an annual report relating to 
cyber attacks on elementary schools and secondary schools which 
includes data, and the analysis of such data, in a manner that--
            (1) is--
                    (A) de-identified; and
                    (B) presented in the aggregate; and
            (2) at a minimum, protects personal privacy to the extent 
        required by applicable Federal and State privacy laws.

SEC. 4. K-12 CYBERSECURITY HUMAN CAPACITY GRANT PROGRAM.

    (a) Establishment.--The Director of the National Science 
Foundation, acting through the Director of the Office of Advanced 
Cyberinfrastructure, shall establish a program (to be known as the ``K-
12 Cybersecurity Human Capacity grant program'') to make grants 
available to eligible entities to address cybersecurity risks and 
threats to information systems of elementary schools and secondary 
schools through--
            (1) expanded workforce capacity and development; and
            (2) improved network and cyberinfrastructure.
    (b) Applications.--An eligible entity applying for a grant under 
the program shall submit to the Director a proposal that includes the 
following:
            (1) A description of how the proposed cybersecurity 
        capacity improvements will be conceived, designed, and 
        implemented to meet local needs. Such description shall take 
        the form of a coherent cybersecurity strategy and approach for 
        a school, district, or region such that such strategy and 
        approach are integrated horizontally (intra-school, district, 
        or region) and vertically (regionally and nationally) with 
        cybersecurity investments and best practices.
            (2) A plan for increasing the ability of educational 
        leaders to prevent, recognize, and address cybersecurity 
        threats.
            (3) An assessment of the sustainability of the activities 
        under such proposal in light of any recurring operational and 
        engineering costs associated with such activities.
            (4) A plan to address the relevant cybersecurity issues and 
        challenges implicated by the activities under such plan which 
        includes issues or challenges pertaining to data integrity, 
        privacy, network security measures, federated access and 
        identity management, and infrastructure monitoring.
    (c) Federal Share.--The Director shall provide grants to eligible 
entities in an amount not to exceed 80 percent of the total cost of the 
plan.
    (d) Selection.--In selecting recipients for grants under this 
section, the Director shall consider, and give preference to the extent 
practicable, the percentage of--
            (1) students in the eligible entity's jurisdiction eligible 
        to receive free or reduced price lunch under the Richard B. 
        Russell National School Lunch Act (42 U.S.C. 1751 et seq.); or
            (2) household units in the eligible entity's jurisdiction 
        receiving non-cash benefits under the supplemental nutrition 
        assistance program under the Food and Nutrition Act of 2008.
    (e) Authorization of Appropriations.--There are authorized to be 
appropriated for grants under this section $400,000,000 for fiscal year 
2020, to remain available through fiscal year 2021.

SEC. 5. DEFINITIONS.

    In this Act:
            (1) Educational service agency.--The term ``educational 
        service agency'' has the meaning given that term in section 
        8101 of the Elementary and Secondary Education Act of 1965 (20 
        U.S.C. 7801).
            (2) Elementary school.--The term ``elementary school'' has 
        the meaning given that term in section 8101 of the Elementary 
        and Secondary Education Act of 1965 (20 U.S.C. 7801).
            (3) Eligible entities.--The term ``eligible entities'' 
        means--
                    (A) an elementary school;
                    (B) a secondary school;
                    (C) a local educational agency;
                    (D) a State educational agency;
                    (E) an educational service agency; and
                    (F) any combination of the entities listed in 
                subparagraph consortia of such entities.
            (4) Local educational agency.--The term ``local educational 
        agency'' has the meaning given that term in section 8101 of the 
        Elementary and Secondary Education Act of 1965 (20 U.S.C. 
        7801).
            (5) State educational agency.--The term ``State educational 
        agency'' has the meaning given that term in section 8101 of the 
        Elementary and Secondary Education Act of 1965 (20 U.S.C. 
        7801).
            (6) Secondary school.--The term ``secondary school'' has 
        the meaning given that term in section 8101 of the Elementary 
        and Secondary Education Act of 1965 (20 U.S.C. 7801).
                                 <all>