BILL ANALYSIS

 

 

 

H.B. 876

By: Lalani

Delivery of Government Efficiency

Committee Report (Unamended)

 

 

 

BACKGROUND AND PURPOSE

 

The Texas Information Sharing and Analysis Organization (TX-ISAO) under the Department of Information Resources (DIR) provides notifications and other releases regarding cybersecurity matters and functions as a forum for members from any Texas entity to collect and share cybersecurity threat intelligence and resources, including security vulnerabilities, best practices, current threat actor tactics, and the state's attack surface. TX-ISAO hosts monthly meetings to bring the Texas cybersecurity community together for discussion and collaboration. TX-ISAO is currently open to any entity, either governmental or private, but only if the entity is located within Texas. H.B. 876 seeks to allow DIR to establish a new interstate information sharing and analysis organization and to expand threat sharing beyond entities in Texas.

 

CRIMINAL JUSTICE IMPACT

 

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

 

RULEMAKING AUTHORITY

 

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

 

ANALYSIS

 

H.B. 876 amends the Government Code to specify that the information sharing and analysis organization the Department of Information Resources (DIR) is required to establish to provide a forum for state agencies, local governments, public and private institutions of higher education, and private sector entities in Texas to share information regarding cybersecurity threats, best practices, and remediation strategies is intrastate. Additionally, the bill authorizes DIR to establish an interstate information sharing and analysis organization to provide a forum for states to share information regarding cybersecurity threats, best practices, and remediation strategies and makes provisions regarding the intrastate organization applicable also to an interstate organization that DIR establishes.

 

EFFECTIVE DATE

 

September 1, 2025.