85R10351 AAF-D
 
  By: Blanco, Elkins, Capriglione, H.B. No. 1605
      Gonzales of Williamson, Lucio III
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to the powers and duties of the Department of Information
  Resources regarding cybersecurity.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter C, Chapter 2054, Government Code, is
  amended by adding Sections 2054.0591 and 2054.0592 to read as
  follows:
         Sec. 2054.0591.  CYBERSECURITY REPORT. (a)  Not later than
  November 15 of each even-numbered year, the department shall submit
  to the governor, the lieutenant governor, the speaker of the house
  of representatives, and the standing committee of each house of the
  legislature with primary jurisdiction over state government
  operations a report identifying preventive and recovery efforts the
  state can undertake to improve cybersecurity in this state. The
  report must include:
               (1)  an assessment of the resources available to
  address the operational and financial impacts of a cybersecurity
  event;
               (2)  a review of existing statutes regarding
  cybersecurity and information resources technologies;
               (3)  recommendations for legislative action to
  increase the state's cybersecurity and protect against adverse
  impacts from a cybersecurity event;
               (4)  an evaluation of the costs and benefits of
  cybersecurity insurance; and
               (5)  an evaluation of tertiary disaster recovery
  options.
         (b)  The department or a recipient of a report under this
  section may redact or withhold information confidential under
  Chapter 552, including Section 552.139, or other state or federal
  law that is contained in the report in response to a request under
  Chapter 552 without the necessity of requesting a decision from the
  attorney general under Subchapter G, Chapter 552.
         Sec. 2054.0592.  CYBERSECURITY EMERGENCY FUNDING. If a
  cybersecurity event creates a need for emergency funding, the
  department may request that the governor or Legislative Budget
  Board make a proposal under Chapter 317 to provide funding to manage
  the operational and financial impacts from the cybersecurity event.
         SECTION 2.  This Act takes effect September 1, 2017.