The House Committee on State Affairs interim report to the 88th Legislature covers power generation weatherization, transmission congestion, cybersecurity preparedness, and trade with Russia. The report details committee action and findings on these charges as well as specific recommendations on cybersecurity preparedness. For more information see the full report here.
Spotlight on Recommendations
Charge 4. Study the status and adequacy of cybersecurity preparedness among state agencies and contractors. Make recommendations that enhance cybersecurity measures considering evolving threats to Texas’ information technology infrastructure.
- The state of Texas must continue to invest in its cybersecurity infrastructure through state cybersecurity initiatives, require reporting from local governments to mitigate damages from ransomware attacks, and find ways to staff IT positions in the public sector and indirectly in the private sector through workforce development strategies. Once more, the state’s local governments and school districts face the biggest uphill climb, and our future efforts should be geared towards those entities.
- Further recommendations:
- Legacy modernization: Consider continued investment beyond the nearly $700 million in state funding for cybersecurity and legacy system modernization.
- Agency IT Staffing: Consider cost of living increases to keep our governmental cybersecurity jobs competitive in the Austin area as more technology companies move into the region.
- Local government cybersecurity: Consider the funding of additional Regional Security Operations Centers (RSOC) created by SB 475. RSOCs will support local governments that may not have the experienced staff or the budget for a mature cybersecurity program.
- Legislative recommendations:
- Adopt legislation requiring local governments to follow the same requirements as state agencies and notify DIR in the event of a breach or suspected breach of system security,
- Require all public sector employees, including all public school and legislative branch employees, to take cybersecurity training annually
- Require local governments and school districts to utilize .gov and .edu domains for websites to minimize government website spoofing and provide Texans an authoritative source for information.
- Codify the Texas Division of Emergency Management Annex Emergency Support Function (ESF) 20 Cybersecurity, which details the state incident response plan in the event of a declared cybersecurity disaster.