Print 🖨

The Legislative Budget Board met on September 6, 2018 to hear from the Department of Information Resources concerning the agency’s Legislative Appropriation Request for the 86th Session and key exceptional items.

This report is intended to give you an overview and highlight of the discussions on the various topics the committee took up. It is not a verbatim transcript of the hearing, but is based upon what was audible or understandable to the observer and the desire to get details out as quickly as possible with few errors or omissions.

 

Agency Presentation

Stacey Napier, Department of Information Resources

Nick Villalpando, Department of Information Resources

  • DIR is a cost recovery agency and receives a small portion of funding through GR
  • We set fees at the level sufficient to recover costs
  • DIR has three main expenses,
    • Direct costs; accumulated via providing direct services to customers, etc.
    • Required activities with no direct revenue source; innovation and security policies, etc.
    • Indirect costs; administration, human resources, legal, etc.
  • Goals for our agency concerning costs are,
    • Maximizing savings for customers
    • Recover and minimize cost of program ops
    • Minimize volatility
    • Comply with statutes and regulations
  • Cooperative contracts program has a cap of 2% admin fee
    • These are fees sold to DIR from a vendor
    • There have been declines in this revenue, we are monitoring the changes
  • In our data services center we have a service fee of around 3%
    • FY19 admin fee revenue is about $7 million
  • Communications technology services
    • Admin fee varies between 2-12%
    • We are the service provider in this area
    • Estimated admin fee revenue $11 million
  • gov program revenue flows in and out of our budget
    • Around $73 million revenue
      • Around $35 million to GR, remainder to the vendor along with processing fees
    • In the LAR there is an increase in demand in our data center services program
    • Exceptional item 1:
      • Requesting general revenue related to cybersecurity initiatives
      • Around $12 million over the biennium
      • Request is based on four recommendations to improve cybersecurity,
      • $7 million for statewide, risk-based, multifactor authentication tool
        • This requires one FTE to administer the program
        • It will go to accounts with the highest risk
      • Around $3.6 million for Microsoft 365 Advanced Threat Protection
        • This tool will filter emails to ensure attachments are legitimate
      • Around $1 million for agency training on coding for applications
      • Around $300,000 for benchmarking agency websites
        • Rating state agency websites based on security
      • Budget request includes $1 million to complete San Angelo Data Center’s upgrades
      • $5 million over biennium for security enhancements to the Texas.gov program
      • We have planned procurement assistance for this year and the next
      • Our LAR includes a request for two FTEs
        • One who will operate the risk-based, multifactor tool
        • Another who will be a procurement specialist
      • Cost recovery fees in FY19 are maintained, no planned fee increases

 

Questions from Joint Legislative/LBB Panel

  • Question – What is the cost per person for coder training?
    • This would allow for training for all state employees classified as developers
  • Question – Is the Advanced Threat Protection a one-time cost?
    • It is continual
  • Question – Do you see any areas in the data center with an increase in growth?
    • We are tracking the increased use of cloud
    • Managed application and manage security services are areas our agencies can utilize
    • In managed security, we have partners with the Secretary of State’s Office to administer security to counties
  • Question – The agency is requesting to delete article 9 riders, why?
    • Those riders are already in statute
  • Question – Have you discussed the San Angelo infrastructure upgrades with San Angelo University?
    • We have an agreement with them in order to use their buildings, but the costs are incurred by DIR
  • Question – To what extend do agencies use multifactor authentication on their own? And to what extent do these items relate to bills passed in the previous session?
    • Some agencies are implementing multifactor in some pockets, but it is not extensive
    • Our request would be much larger than what we are already seeing
    • Regarding the previous session, we have worked with committees regarding HB8 to figure out the best options regarding cybersecurity
  • Question – Can you elaborate on your cooperation with SOS?
    • We entered a contract with AT&T for a managed security services program
    • We are working with counties as a liaison of the vendor to get the program up and running