Texas Launches New Cybersecurity Portal
The Texas Department of Information Resources has launched a portal for local government agencies to report cybersecurity incidents, in compliance with a new law approved by Gov. Greg Abbott this past May.
According to SB 271, state and local governments with computers housing sensitive information must report a security incident — such as a data breach, suspected data breach or ransomware attack — within 48 hours of discovery. Additional details and analysis must be sent to DIR within 10 days of resolving the security incident.
“With both state and local government entities reporting cybersecurity incidents to the state, DIR will have a more complete picture of the cyber threats Texas is facing,” Texas Cybersecurity Coordinator Tony Sauerhoff said in a press release.
Under the Texas law, local government entities such as counties, cities, special districts and K-12 schools are now required to report a cybersecurity attack, a requirement that previously only extended to state agencies and higher education institutions. Local governments that are required to report to an independent organization certified by the Public Utility Commission of Texas are exempt from the statute.
According to K–12 Security Information Exchange, a national nonprofit dedicated to public schools’ cybersecurity, cases of ransomware and malicious cyber activity aimed at K-12 school districts are on the rise. Its annual report showed ransomware has become the most common type of publicly disclosed cyber incident at U.S. schools. In response, the Texas Legislature in July allocated $55 million to the Texas Education Agency to counter cybersecurity threats targeted at schools, as part of the state’s K-12 Cybersecurity Initiative.
Local government entities in Texas can submit cybersecurity incident reports to DIR via the Archer Engage secure webform, after first creating an account. Once submitted, DIR sends an incident email confirmation with an incident identification number. Entities can also call the DIR Security Hotline if the incident requires immediate assistance.
“DIR is here to assist state and local governments in the aftermath of a cyber incident. Sharing threat intelligence gained from these reports with other entities will prevent additional cyberattacks aimed at Texas,” Sauerhoff said.