The Texas Department of Information Resources announced the launch of a portal for local government entities to report cybersecurity incidents in compliance with SB 271 88(R). The local government reporting portal can be found on DIR’s website here. Under SB 271 state law now requires local government entities such as counties, cities, special districts, and K-12 schools to report a breach (or suspected breach) of system security and ransomware to DIR, a requirement that previously only pertained to state agencies and institutions of higher education. Security incidents must be submitted to DIR within 48 hours of discovery, and security incident details and analysis are due to DIR within 10 days of incident eradication, closure, and recovery.
After an account is created, entities can submit the incident report to DIR. Once submitted, DIR will send an incident email confirmation with an incident identification number. Entities can also call the DIR Security Hotline at (877) DIR-CISO or (877) 347-2476 if urgent incident assistance is needed, or if they need help submitting an incident report.
The statute exempts from reporting to DIR local governments that are required to report to an independent organization certified by the Public Utility Commission of Texas under Section 39.151, Utilities Code.