|
|
A BILL TO BE ENTITLED
|
|
AN ACT
|
|
relating to the powers and duties of the Department of Information |
|
Resources regarding cybersecurity. |
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
SECTION 1. Subchapter C, Chapter 2054, Government Code, is |
|
amended by adding Sections 2054.0591 and 2054.0592 to read as |
|
follows: |
|
Sec. 2054.0591. CYBERSECURITY REPORT. (a) Not later than |
|
November 15 of each even-numbered year, the department shall submit |
|
to the governor, the lieutenant governor, the speaker of the house |
|
of representatives, and the standing committee of each house of the |
|
legislature with primary jurisdiction over state government |
|
operations a report identifying preventive and recovery efforts the |
|
state can undertake to improve cybersecurity in this state. The |
|
report must include: |
|
(1) an assessment of the resources available to |
|
address the operational and financial impacts of a cybersecurity |
|
event; |
|
(2) a review of existing statutes regarding |
|
cybersecurity and information resources technologies; |
|
(3) recommendations for legislative action to |
|
increase the state's cybersecurity and protect against adverse |
|
impacts from a cybersecurity event; |
|
(4) an evaluation of the costs and benefits of |
|
cybersecurity insurance; and |
|
(5) an evaluation of tertiary disaster recovery |
|
options. |
|
(b) The department or a recipient of a report under this |
|
section may redact or withhold information confidential under |
|
Chapter 552, including Section 552.139, or other state or federal |
|
law that is contained in the report in response to a request under |
|
Chapter 552 without the necessity of requesting a decision from the |
|
attorney general under Subchapter G, Chapter 552. |
|
Sec. 2054.0592. CYBERSECURITY EMERGENCY FUNDING. If a |
|
cybersecurity event creates a need for emergency funding, the |
|
department may request that the governor or Legislative Budget |
|
Board make a proposal under Chapter 317 to provide funding to manage |
|
the operational and financial impacts from the cybersecurity event. |
|
SECTION 2. This Act takes effect September 1, 2017. |