Texas mulls establishing new Cyber Command
Texas Gov. Greg Abbott speaks during last year's Republican National Convention. Abbott has backed new legislation to establish the Texas Cyber Command in a bid to boost the state's cyber posture. Patrick T. Fallon via Getty Images
By
Chris Teale
Legislation would create the command and mandate that it set up a cybersecurity strategy. Gov. Greg Abbott said it is vital to protect the Lone Star State from bad actors.
Legislation introduced this month in the Texas legislature would establish the Texas Cyber Command as the state seeks to defend itself from cyberattacks and create a cybersecurity strategy.
Gov. Greg Abbott floated the new initiative, to be housed by the University of Texas at San Antonio, in his State of the State speech in early February. During the speech, Abbott announced an “emergency item” to create the cyber command, which would take over some of the roles and responsibilities now held by the Department of Information Resources.
“San Antonio is home to one of the world’s largest concentrations of cybersecurity experts,” Abbott said. “We must harness those assets to protect against threats from China, Iran, Russia and other foreign enemies. They could cripple our power, water and communications with cyberattacks. We must use cutting-edge capabilities to secure our state.”
According to a fact sheet prepared by Abbott’s office, the Texas Cyber Command will create a “robust strategy” for the state to anticipate and detect cyber threats; promote cybersecurity awareness and other trainings for its workers; defend against, respond to and mitigate cyberattacks; and provide expertise, support and analysis for recovery and investigations after a successful attack.
Bills creating the Texas Cyber Command have been filed in the Texas House and Senate, and await further action. The former has already been referred to the Committee on Delivery of Government Efficiency, the state’s version of the federal Department of Government Efficiency that has generated interest among other governors and legislators alike.
It comes as various Texas institutions have been hit by cyberattacks recently. The city of Mission near the Mexico border suffered a cybersecurity incident in which Mayor Norie Gonzalez Garza said in a letter to Abbott the “entire City computer server is at severe risk of a cyberattack that could release protected personal information, protected health information, civil and criminal records, and/or any and all other data” held by the city.
In a subsequent letter asking Abbott to extend a local disaster declaration issued on March 4, Gonzalez Garza said the cyber event “is of such severity and magnitude that extraordinary measures must be taken to alleviate the immeasurable and imminent cybersecurity incident.”
Abbott’s fact sheet noted that the state as a whole is a “common target,” given its role in oil and gas production, that it is home to over a dozen military installations and a major port, it has the most airports of any state and has the world’s largest medical complex at the Texas Medical Center. The fact sheet said Texas “must lead the nation in safeguarding critical infrastructure from hackers and hostile foreign actors.”
“China, Iran, Russia, and other foreign enemies could cripple our power, water, and transportation systems with online attacks,” it continued.
And the state has already taken moves to protect its cybersecurity. It stood up a regional security operations center at Angelo State University in a bid to boost information sharing between the state and its local governments, as well as other entities that are under threat.
On stage at the Billington State and Local Cybersecurity Summit in Washington, D.C., last week, state chief information security officer Tony Sauerhoff said two more will follow soon at the University of Texas’ campus in the Rio Grande Valley and in Austin, its flagship, with more to follow. Sauerhoff said it provides “real world SOC experience” to students, who can then go on to be hired after they graduate.
Those centers, combined with a stronger cybersecurity curriculum in schools, should help the state alleviate the ongoing workforce shortages they and others have struggled with, Sauerhoff said.
“The idea ultimately is we can build a pipeline from high school through college and into the workforce,” he said. “We're not trying to find and hire those highly skilled, most expensive individuals out there. We're growing them. We're building them from the ground up, and as someone leaves from a higher-level position, we've got the pipeline built so we can move everybody up one and pull the next person from our pipeline.”
Keeping critical infrastructure safe remains a major concern for all states, including Texas, but it is a struggle, as those utilities may have a weaker cybersecurity posture than they need given the threats they face. The new Texas Cyber Command should help bring people together, as well as pending legislation that would require water entities and other utilities to report cyber incidents.
It can be tricky, however, as Sauerhoff said the state doesn’t “have a lot of control, or even a ton of visibility” over utilities, which are either under local control or owned by the private sector. That could change, he said.
“I guess really in Texas there hasn't been much of an appetite at the state level to tell those local entities how to do business,” he said. “But we do see some momentum going in the other direction there.”