BILL ANALYSIS

 

 

 

C.S.H.B. 1605

By: Blanco

Government Transparency & Operation

Committee Report (Substituted)

 

 

 

BACKGROUND AND PURPOSE

 

Interested parties express concern over the lack of an official report on the general state of Texas' governmental cybersecurity and the lack of a clearly stated funding mechanism to manage operational and financial impacts in response to a cybersecurity event. C.S.H.B. 1605 seeks to identify and carry out efforts to improve cybersecurity in Texas by providing for such a report and a request for emergency funding.

 

CRIMINAL JUSTICE IMPACT

 

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

 

RULEMAKING AUTHORITY

 

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

 

ANALYSIS

 

C.S.H.B. 1605 amends the Government Code to require the Department of Information Resources (DIR) to submit a report identifying preventive and recovery efforts the state can undertake to improve cybersecurity in Texas to the governor, the lieutenant governor, the speaker of the house of representatives, and the standing committee of each house of the legislature with primary jurisdiction over state government operations not later than November 15 of each even-numbered year. The bill requires the report to include an assessment of the resources available to address the operational and financial impacts of a cybersecurity event, a review of existing statutes regarding cybersecurity and information resources technologies, recommendations for legislative action to increase the state's cybersecurity and protect against adverse impacts from a cybersecurity event, an evaluation of the costs and benefits of cybersecurity insurance, and an evaluation of tertiary disaster recovery options. The bill authorizes DIR or a recipient of the report to redact or withhold information that is confidential under state public information law or other state or federal law that is contained in the report in response to a request under state public information law without the necessity of requesting a decision from the attorney general.

 

C.S.H.B. 1605 authorizes DIR to request that the governor or the Legislative Budget Board make a proposal under statutory provisions relating to the execution of the state budget to provide funding to manage the operational and financial impacts from a cybersecurity event that creates a need for emergency funding.

 

EFFECTIVE DATE

 

September 1, 2017.

COMPARISON OF ORIGINAL AND SUBSTITUTE

 

While C.S.H.B. 1605 may differ from the original in minor or nonsubstantive ways, the following comparison is organized and formatted in a manner that indicates the substantial differences between the introduced and committee substitute versions of the bill.

 

INTRODUCED

HOUSE COMMITTEE SUBSTITUTE

SECTION 1.  Subchapter C, Chapter 2054, Government Code, is amended by adding Sections 2054.0591 and 2054.0592 to read as follows:

Sec. 2054.0591.  CYBERSECURITY REPORT.  Not later than August 31

of each even-numbered year, the department shall submit to the governor, the lieutenant governor, and the legislature

 

 

 

 

a report identifying preventive and recovery efforts the state can undertake to improve cybersecurity in this state.  The report must include:

(1)  an assessment of the resources available to address the operational and financial impacts of a cybersecurity event;

(2)  a review of existing statutes regarding cybersecurity and information resources technologies;

(3)  recommendations for legislative action to increase the state's cybersecurity and protect against adverse impacts from a cybersecurity event;

(4)  an evaluation of the costs and benefits of cybersecurity insurance; and

(5)  an evaluation of tertiary disaster recovery options.

 

 

 

 

 

 

 

 

 

Sec. 2054.0592.  CYBERSECURITY EMERGENCY FUNDING.

 

SECTION 1.  Subchapter C, Chapter 2054, Government Code, is amended by adding Sections 2054.0591 and 2054.0592 to read as follows:

Sec. 2054.0591.  CYBERSECURITY REPORT.  (a)  Not later than November 15 of each even-numbered year, the department shall submit to the governor, the lieutenant governor, the speaker of the house of representatives, and the standing committee of each house of the legislature with primary jurisdiction over state government operations

a report identifying preventive and recovery efforts the state can undertake to improve cybersecurity in this state.  The report must include:

(1)  an assessment of the resources available to address the operational and financial impacts of a cybersecurity event;

(2)  a review of existing statutes regarding cybersecurity and information resources technologies;

(3)  recommendations for legislative action to increase the state's cybersecurity and protect against adverse impacts from a cybersecurity event;

(4)  an evaluation of the costs and benefits of cybersecurity insurance; and

(5)  an evaluation of tertiary disaster recovery options.

(b)  The department or a recipient of a report under this section may redact or withhold information confidential under Chapter 552, including Section 552.139, or other state or federal law that is contained in the report in response to a request under Chapter 552 without the necessity of requesting a decision from the attorney general under Subchapter G, Chapter 552.

Sec. 2054.0592.  CYBERSECURITY EMERGENCY FUNDING.

 

SECTION 2.  This Act takes effect September 1, 2017.

SECTION 2. Same as introduced version.