The local government reporting portal, which went live on September 1, can be found on DIR’s website at: https://dir.texas.gov/information-security/cybersecurity-incident-management-and-reporting/sb-271-security-incident.
Under SB 271 by Senator Nathan Johnson and Rep. Matt Shaheen, state law now requires local government entities such as counties, cities, special districts, and K-12 schools to report a breach (or suspected breach) of system security and ransomware to DIR, a requirement that previously only pertained to state agencies and institutions of higher education. Security incidents must be submitted to DIR within 48 hours of discovery, and security incident details and analysis are due to DIR within 10 days of incident eradication, closure, and recovery.
“With both state and local government entities reporting cybersecurity incidents to the state, DIR will have a more complete picture of the cyber threats Texas is facing,” State Cybersecurity Coordinator Tony Sauerhoff said. “DIR is here to assist state and local governments in the aftermath of a cyber incident. Sharing threat intelligence gained from these reports with other entities will prevent additional cyberattacks aimed at Texas.”
After an account is created, entities can submit the incident report to DIR. Once submitted, DIR will send an incident email confirmation with an incident identification number. Entities can also call the DIR Security Hotline at (877) DIR-CISO or (877) 347-2476 if urgent incident assistance is needed, or if they need help submitting an incident report.
The statute exempts from reporting to DIR local governments that are required to report to an independent organization certified by the Public Utility Commission of Texas under Section 39.151, Utilities Code.