

117 HR 4691 RH: K–12 Cybersecurity Act of 2021
U.S. House of Representatives
2021-09-14
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



IBUnion Calendar No. 87117th CONGRESS1st SessionH. R. 4691[Report No. 117–122]IN THE HOUSE OF REPRESENTATIVESJuly 26, 2021Mr. Langevin (for himself, Ms. Matsui, Ms. Slotkin, Mr. Garbarino, and Mr. Clyde) introduced the following bill; which was referred to the Committee on Homeland SecuritySeptember 14, 2021Reported from the Committee on Homeland Security; committed to the Committee of the Whole House on the State of the Union and ordered to be printedA BILLTo establish a K–12 education cybersecurity initiative, and for other purposes.1.Short titleThis Act may be cited as the K–12 Cybersecurity Act of 2021.2.FindingsCongress finds the following:(1)K–12 educational institutions across the United States are facing cyber attacks.(2)Cyber attacks place the information systems of K–12 educational institutions at risk of possible disclosure of sensitive student and employee information, including—(A)grades and information on scholastic development;(B)medical records;(C)family records; and(D)personally identifiable information.(3)Providing K–12 educational institutions with resources to aid cybersecurity efforts will help K–12 educational institutions prevent, detect, and respond to cyber events.3.K–12 education cybersecurity initiative(a)DefinitionsIn this section:(1)Cybersecurity riskThe term cybersecurity risk has the meaning given the term in section 2209 of the Homeland Security Act of 2002 (6 U.S.C. 659).(2)DirectorThe term Director means the Director of Cybersecurity and Infrastructure Security.(3)Information systemThe term information system has the meaning given the term in section 3502 of title 44, United States Code.(4)K–12 educational institutionThe term K–12 educational institution means an elementary school or a secondary school, as those terms are defined in section 8101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 7801).(b)Study(1)In generalNot later than 120 days after the date of enactment of this Act, the Director, in accordance with subsection (g)(1), shall conduct a study on the specific cybersecurity risks facing K–12 educational institutions that—(A)analyzes how identified cybersecurity risks specifically impact K–12 educational institutions;(B)includes an evaluation of the challenges K–12 educational institutions face in—(i)securing—(I)information systems owned, leased, or relied upon by K–12 educational institutions; and(II)sensitive student and employee records; and(ii)implementing cybersecurity protocols;(C)identifies cybersecurity challenges relating to remote learning; and(D)evaluates the most accessible ways to communicate cybersecurity recommendations and tools.(2)Congressional briefingNot later than 120 days after the date of enactment of this Act, the Director shall provide a congressional briefing on the study conducted under paragraph (1).(c)Cybersecurity recommendationsNot later than 60 days after the completion of the study required under subsection (b)(1), the Director, in accordance with subsection (g)(1), shall develop recommendations that include cybersecurity guidelines designed to assist K–12 educational institutions in facing the cybersecurity risks described in subsection (b)(1), using the findings of the study.(d)Online training toolkitNot later than 120 days after the completion of the development of the recommendations required under subsection (c), the Director shall develop an online training toolkit designed for officials at K–12 educational institutions to—(1)educate the officials about the cybersecurity recommendations developed under subsection (c); and (2)provide strategies for the officials to implement the recommendations developed under subsection (c).(e)Public availabilityThe Director shall make available on the website of the Department of Homeland Security with other information relating to school safety the following:(1)The findings of the study conducted under subsection (b)(1).(2)The cybersecurity recommendations developed under subsection (c).(3)The online training toolkit developed under subsection (d).(f)Voluntary useThe use of the cybersecurity recommendations developed under (c) by K–12 educational institutions shall be voluntary.(g)Consultation(1)In generalIn the course of the conduction of the study required under subsection (b)(1) and the development of the recommendations required under subsection (c), the Director shall consult with individuals and entities focused on cybersecurity and education, as appropriate, including—(A)teachers;(B)school administrators;(C)Federal agencies;(D)non-Federal cybersecurity entities with experience in education issues; and(E)private sector organizations.(2)Inapplicability of FACAThe Federal Advisory Committee Act (5 U.S.C App.) shall not apply to any consultation under paragraph (1).September 14, 2021Committed to the Committee of the Whole House on the State of the Union and ordered to be printed