COVID-19 Preparedness for Information Technology

DIR Guidelines for Zoom (PDF|174.4KB) Guidance and suggestions on the use of Zoom and other virtual collaboration tools. 

Cybersecurity Hygiene

All Texans need to remain vigilant and practice good cyber hygiene, especially during critical incidents. Threat actors often use pressing current events to bait their targets. The current COVID-19 threat is no different. DIR provides cyber hygiene practices everyone should consider for working remotely.

• DIR OCISO Teleworking Tips (PDF|138.28KB) DIR's Office of the Chief Information Security Officer provides the following information technology guidance for teleworkers.
• DIR OCISO Virtual Collaboration Tools Security Tips (PDF|215.77KB) DIR's recommendations for cybersecurity when using virtual collaboration tools.

Cooperative Contracts for Remote Access and Remote Learning Tools, Products and Services

DIR leverages the state's purchasing power to negotiate competitive discounts on information and communications technology products and services. DIR's streamlined cooperative purchasing program allows Texas public entities to purchase through pre-negotiated contracts that meet stringent state procurement requirements.  DIR provides the following information for teleconferencing, videoconferencing, meeting tools,and learning and training services to support remote access.  This list will be regularly updated.

Cooperative Contracts for Remote Access (XLSX|25.53KB)- Last Updated: 12/1/2020

DIR Exemption Announcement (PDF|61.15KB)  Agencies may use the Emergency Procurement Blanket Exemption throughout the duration of the declared disaster to purchase IT commodities that may otherwise be purchased through the DIR Cooperative Contract Program if using the DIR Cooperative Contracts Program would impede any state agency's emergency response that is necessary to cope with this declared disaster.

• Tips for Conducting Open Meetings Remotely (PDF|244.32KB) DIR's how-to guide for governing bodies convening in a virtual forum (e.g. webinar, teleconference).
• Best Practices for Virtual Engagements- from the Texas State Agency Coordinating Committee- Training and Development (SACC T&D) Subcommittee, this report displays entries collected from members of Texas government informally sharing reference sources for more effective virtual meetings, webinars, remote training, and telework.
• DIR Remote Access Offerings Webinar 3-23-20 (PDF|1.79MB) - Presentation regarding teleconference and videoconference meeting tools and learning and training services available through DIR contracts. A recording of this webinar is also available.

Bulk Purchase Initiatives

DIR also coordinates bulk purchase of information technology (IT) at additional discounts for agencies needing to procure IT.

Free Trial Considerations

There are a number of vendors offering free trials during this time of disaster.  Please be diligent in your review and acceptance of terms, including those related to trial period, security, accessibility, transition support, and price. At some point the trial period will end, and without the appropriate review prior to accepting the terms, the entity may find itself liable for additional products or services beyond the trial period. Consider alternatively, issuing a purchase order, perhaps under a DIR contract, to include an initial term at no cost, with optional renewals based on established pricing. This provides for continuity of services – without additional procurements – and the ability for the procuring entity to terminate the agreement by not exercising the renewal.  

Please direct any questions to [email protected].

Shared Technology Services

DIR Shared Technology Services (STS) provides the following information regarding software tools and applications to assist organizations with managing the unique challenges to the COVID-19 pandemic.  These solutions are self-managed and provided by the respective software vendors at no cost to existing customers during the COVID-19 pandemic.

Software Tools and Applications for COVID-19 Support

Virtual Private Network (VPN)

VPN extends an agency private network through an internet service provider. This allows users to securely send and receive data across a public internet service provider as if their computer is directly connected to the agency's private network. Like a tunnel between an offsite computer and the agency's private network, VPN allows users to securely send and receive data should agency staff need to work remotely. 

DIR advises against accessing unsecured or public WiFi access points. Consider using mobile hotspots, smart phone tethering, or a private network. Always connect through VPN on an unsecured or public WiFi access points.

Network and system administrators may prepare to manage the increased load caused by additional teleworkers by implementing strategies to handle additional traffic, such as split tunneling. In a security event, disconnect from WiFi immediately and contact your administrator.

• Enterprise VPN Security- As organizations elect to implement telework, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity.

Accessibility

As many Texas state agencies are considering enhanced telework policies to mitigate the spread of COVID-19, it is vitally important that agency IT applications and tools comply with Texas Administrative Codes §206 and §213 on Electronic and Information Resources (EIR) Accessibility.  This will ensure that our digital work environments are inclusive and accessible for individuals with disabilities within in our diverse workforce. We encourage all agencies to review their IT compliance with the Administrative Code as quickly as possible to ensure productivity across the enterprise can be maintained.

Captioning of video, live or recorded, is vitally important to our deaf and hard of hearing employees.  The use of accessibility-compliant productivity and collaboration tools is also central to addressing the needs of blind, vision impaired, or other employees with disabilities that rely on assistive technologies to perform IT related work. 

Other information and additional resources on EIR Accessibility can be found in the EIR Accessibility section.

Public Information Requests and the Texas Open Data Portal

During the COVID-19 pandemic, Texas agencies may face difficulty responding to Public Information Requests (PIRs) in a timely manner.

Senate Bill 79, passed by the 85th Legislature and signed by the Governor in 2017, authorized state agencies to direct PIRs to an Internet address where requested information may already exist. The Texas Open Data Portal, as the official open data Internet website for the State of Texas, serves this purpose.  Agencies are encouraged to post their data sets to the Texas Open Data Portal to allow constituents to find the information they need and self-serve their public information requests. By directing PIRs to the Texas Open Data Portal, agencies can redirect the time and resources that would otherwise be used fulfilling those requests, particularly while working remotely, and constituents can be assured they are receiving official data from the State of Texas.

To get started and leverage the Texas Open Data Portal contact: [email protected].

Risk Management for COVID-19

CISA Insights - Risk Management for Novel Coronavirus (PDF|422.32KB) This information sheet provides insights for the physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19, provided by the Cybersecurity and Infrastructure Security Agency

DIR COVID-19 Virtual Town Hall Series

DIR Remote Access Offerings Webinar Slide Deck (PDF|1.79MB) | Recording - Presentation regarding teleconference and videoconference meeting tools and learning and training services available through DIR contracts. 3/23/2020

DIR COVID-19 Series - Technology and Procurement: Slide Deck (PDF|1.46MB) | Recording COVID-19 technology solutions and services discussion with DIR Chief Technology Office and Chief Procurement Office.  4/9/2020

DIR COVID-19 Series - Cybersecurity: Slide Deck (PDF|1.98MB) Recording COVID-19 cybersecurity discussion with DIR Office of the Chief Information Security Officer and Network Security Operations Center.  4/22/2020

Organizations

• Centers for Disease Control and Prevention (CDC) - communication tools and resources provided by the CDC.

• Cybersecurity and Infrastructure Security Agency (CISA) - preparations for disruptions to critical infrastructure that may stem from COVID-19.

• Federal Communications Commission - broadband and telephone services providers and trade commissions have signed an agreement to ensure connectivity to residents and small businesses during the current Coronavirus pandemic.

• Gartner, Inc: complimentary collection of COVID-19 research and tools.

• State Office of Risk Management - continuity of operations training and resources.

• Texas Higher Education Coordinating Board- resources for higher education administrators, faculty and other campus stakeholders

• The Texas Department of State Health Services (DSHS)- communication tools provided by DSHS for distribution.

• Texas.gov- official website for the State of Texas, includes useful information to Texas citizens but to also help the public donate or sell personal protective equipment and medical retirees or students to volunteer their time.

Publications

• Best Practices for Virtual Engagements- from the Texas State Agency Coordinating Committee- Training and Development (SACC T&D) Subcommittee, this report displays entries collected from members of Texas government informally sharing reference sources for more effective virtual meetings, webinars, remote training, and telework.
• Coronavirus Map Theme Used to Disguise and Deliver AZORult Infostealer (PDF|210.02KB) DIR's Office of the Chief Information Security Officer warns against malicious website pretending to be the live map for COVID-19.
• COVID-19 Lessons Learned from Employers in Asia- from Gartner, organizations in Asia, after months of managing the impact of coronavirus, offer lessons on remote work success and keeping employees engaged. 
• COVID-19 Planning and Response Guidance for State CIOs- Steps for state Chief Information Security Officers to consider in response to the COVID-19 virus provided by the National Association of State Chief Information Security Officers (NASCIO).  
• DSHS COVID-19 Guidance for Employees and Managers - workplace-specific recommendations for state agencies, business owners, employers, and members of the general public can find recommendations.
• FBI Warns of Teleconferencing and Online Classroom (PDF|215.97KB) The FBI has received multiple reports of conferences being disrupted.
• Interim Exposure Risk Categories for Travelers, Flight Crews, and Contacts in Community or Household Settings for COVID‑19- DSHS risk levels for persons under monitoring. 
• Preventing Eavesdropping and Protecting Privacy on Virtual Meetings- A few simple options for holding a secure virtual meeting from the National Institute of Standards and Technology. 
• SSA-WorkingFromHome-CheatSheet (PDF|130.41KB) Sans Security Awareness top five steps to securely work from home.
• SSA-Creating a Cybersecure Home (PDF|233.27KB) Sans Security Awareness presentation on how to create a cybersecure home.
• Threat Actors Spoof Collaboration Tools (PDF|218.8KB) Reports on the rise of newly registered Zoom-themed domains being leveraged for malicious purposes.
• Voice to Email Messaging Security Awareness (PDF|56.03KB) DIR urges caution for voice to email messaging.
• DIR Zoom Usage Guidelines (PDF|174.4KB) Guidance and suggestions on the use of Zoom and other virtual collaboration tools.