


116 HR 8612 IH: Enhancing K–12 Cybersecurity Act
U.S. House of Representatives
2020-10-16
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I
116th CONGRESS2d Session
H. R. 8612
IN THE HOUSE OF REPRESENTATIVES

October 16, 2020
Ms. Matsui (for herself and Mr. Langevin) introduced the following bill; which was referred to the Committee on Homeland Security, and in addition to the Committees on Education and Labor, and Science, Space, and Technology, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned

A BILL
To direct the Director of the Cybersecurity and Infrastructure Security Agency to establish a School Cybersecurity Clearinghouse, and for other purposes.


1.Short titleThis Act may cited as the Enhancing K–12 Cybersecurity Act.  2.School cybersecurity clearinghouse (a)EstablishmentThe Director of the Cybersecurity and Infrastructure Security Agency shall establish a publicly accessible website (to be known as the School Cybersecurity Clearinghouse) to disseminate information, best practices, and grant opportunities in accordance with subsection (b) and section 2(e).
(b)DutiesIn establishing the School Cybersecurity Clearinghouse under subsection (a), the Secretary shall— (1)engage appropriate Federal, State, local, and nongovernmental organizations to identify, promote, and disseminate information and best practices for local educational agencies (as defined in section 101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 8101)) with respect to cybersecurity, data protection, remote learning security, and student online privacy; and
(2)maintain a searchable database for an elementary school, secondary school, local educational agency, State educational agency, and educational service agency to find and apply for funding opportunities (including the opportunity provided under section 3) to improve cybersecurity. (c)ConsultationIn carrying out the duties under subsection (b), the Secretary shall consult with the following:
(1)The Secretary of Education. (2)The Director of the National Institute of Standards and Technology.
(3)The Federal Communication Commission. (4)The Director of the National Science Foundation.
(5)The Federal Bureau of Investigation. (6)State and local leaders, including, when appropriate, Governors, members of State legislatures and State boards of education, local educational agencies, representatives of Indian tribes, teachers, principals, other school leaders, charter school leaders, specialized instructional support personnel, paraprofessionals, administrators, other staff, and parents.
3.Cybersecurity registry
(a)In generalThe Director of the Cybersecurity and Infrastructure Security Agency shall establish a voluntary registry of information relating to cyber attacks on elementary schools and secondary schools. (b)UseInformation in the registry established pursuant to subsection (a) may be used to—
(1)improve data collection and coordination activities related to the nationwide monitoring of the incidence and financial impact of cyber attacks on elementary schools and secondary schools; (2)conduct analyses regarding trends in cyber attacks against such schools;
(3)develop systematic approaches to assist such schools in preventing and responding to cyber attacks; (4)increase the awareness and preparedness of elementary school and secondary school administrators regarding the cybersecurity of such schools; and
(5)identify, prevent, or investigate cyber attacks on elementary schools and secondary schools. (c)Information collectionThe Director of the Cybersecurity and Infrastructure Security Agency may collect information relating to cyber attacks on schools to store in the registry established pursuant to subsection (a). Such information may be submitted by schools and may include the following:
(1)The dates of each cyber attack, including the dates on which each such attack was initially detected and the dates on which each such attack was first reported. (2)A description of each cyber attack which shall include whether each such attack was as a result of a breach, malware, distributed denial of service attack, or other method designed to cause a vulnerability.
(3)The effects of each cyber attack, including descriptions of the type and size of each such attack. (4)Other information determined relevant by the Secretary.
(d)AccessThe Director of the Cybersecurity and Infrastructure Security Agency may make information submitted to the registry established pursuant to subsection (a) available to relevant law enforcement agencies, and State and local government agencies, as determined appropriate, for the purpose identified in subsection (b)(5). (e)ReportThe Director of the Cybersecurity and Infrastructure Security Agency shall make available on the School Cybersecurity Clearinghouse established under section 1, an annual report relating to cyber attacks on elementary schools and secondary schools which includes data, and the analysis of such data, in a manner that—
(1)is— (A)de-identified; and
(B)presented in the aggregate; and (2)at a minimum, protects personal privacy to the extent required by applicable Federal and State privacy laws.
4.K–12 Cybersecurity Human Capacity grant program
(a)EstablishmentThe Director of the National Science Foundation, acting through the Director of the Office of Advanced Cyberinfrastructure, shall establish a program (to be known as the K–12 Cybersecurity Human Capacity grant program) to make grants available to eligible entities to address cybersecurity risks and threats to information systems of elementary schools and secondary schools through— (1)expanded workforce capacity and development; and
(2)improved network and cyberinfrastructure. (b)ApplicationsAn eligible entity applying for a grant under the program shall submit to the Director a proposal that includes the following:
(1)A description of how the proposed cybersecurity capacity improvements will be conceived, designed, and implemented to meet local needs. Such description shall take the form of a coherent cybersecurity strategy and approach for a school, district, or region such that such strategy and approach are integrated horizontally (intra-school, district, or region) and vertically (regionally and nationally) with cybersecurity investments and best practices. (2)A plan for increasing the ability of educational leaders to prevent, recognize, and address cybersecurity threats.
(3)An assessment of the sustainability of the activities under such proposal in light of any recurring operational and engineering costs associated with such activities. (4)A plan to address the relevant cybersecurity issues and challenges implicated by the activities under such plan which includes issues or challenges pertaining to data integrity, privacy, network security measures, federated access and identity management, and infrastructure monitoring.
(c)Federal shareThe Director shall provide grants to eligible entities in an amount not to exceed 80 percent of the total cost of the plan. (d)SelectionIn selecting recipients for grants under this section, the Director shall consider, and give preference to the extent practicable, the percentage of—
(1)students in the eligible entity’s jurisdiction eligible to receive free or reduced price lunch under the Richard B. Russell National School Lunch Act (42 U.S.C. 1751 et seq.); or (2)household units in the eligible entity’s jurisdiction receiving non-cash benefits under the supplemental nutrition assistance program under the Food and Nutrition Act of 2008.
(e)Authorization of appropriationsThere are authorized to be appropriated for grants under this section $400,000,000 for fiscal year 2020, to remain available through fiscal year 2021. 5.DefinitionsIn this Act:
(1)Educational service agencyThe term educational service agency has the meaning given that term in section 8101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 7801). (2)Elementary schoolThe term elementary school has the meaning given that term in section 8101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 7801).
(3)Eligible entitiesThe term eligible entities means— (A)an elementary school;
(B)a secondary school; (C)a local educational agency;
(D)a State educational agency; (E)an educational service agency; and
(F)any combination of the entities listed in subparagraph consortia of such entities. (4)Local educational agencyThe term local educational agency has the meaning given that term in section 8101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 7801).
(5)State educational agencyThe term State educational agency has the meaning given that term in section 8101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 7801). (6)Secondary schoolThe term secondary school has the meaning given that term in section 8101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 7801).

