Texas Proposes Sharing Information Security Expertise Across Higher Ed and State Agencies

The Texas Department of Information Resources, in its newly released Biennial Performance Report, has asked the state legislature to make it easier for higher education institutions and other state agencies to have dedicated information security officers by allowing them to share ISOs regionally.

The report also requested legislative action to expand DIR's pilot program with Angelo State University in West Texas that established a Regional Security Operations Center to provide university students with hands-on cybersecurity experience and give boots-on-the-ground support to local taxpayer-funded agencies that need assistance with major cybersecurity incidents.

The BPR tracks state-funded agencies' technology progress in fiscal years 2021 and 2022; highlights their technology accomplishments; lists areas of concern; and recommends policy and legislative changes to improve the effectiveness of IT operations at state agencies. Texas counts nearly 200 state agencies, and over half of those are public institutions of higher education.

Challenges Filling the ISO Role

DIR Executive Director and Texas Chief Information Officer Amanda Crawford wrote in the BPR, released Nov. 16, that 76% of state agencies say their designated information security officer — Texas law requires every agency to designate one — also has other daily responsibilities. Surveys of state agencies indicate that less than half have an information security officer whose duties are primarily or solely related to data security, the report said.

"Information security officers play a vital role in protecting state government assets and information," the BPR said. "A nationwide shortage of skilled cybersecurity professionals hinders the public sector's ability to recruit and retain people with the specialized skills and certifications needed for the ISO role."

Texas law currently "does not permit state agencies or IHEs to designate a joint ISO as a shared resource," the report said. "Permitting state agencies and IHEs to designate a joint ISO that is employed by one organization and simultaneously serves as the ISO for two or more designating entities will provide cost-effective resource sharing that benefits smaller agencies and IHEs."

Expanded Regional SOC Pilot to Bolster Cyber Defenses

The BPR separately called on the Texas legislature to approve funding for the expansion of DIR's pilot program. The program started in April 2022 after the passage of Senate Bill 475, which authorized DIR to establish a Regional Security Operations Center in partnership with a Texas public university. "The RSOC may offer network security infrastructure that local governments can utilize and provide real-time network security monitoring; network security alerts; incident response; and cybersecurity educational services. Eligible customers of the RSOC include counties, local governments, school districts, water districts, and hospital districts," according to the BPR summary.

"DIR's vision for the RSOC initiative is to partner with additional public universities and establish RSOCs throughout the state to serve local entities and assist in protecting the state from cyber threats," Crawford said in the report. "This vision aligns with a whole-of-state approach to cybersecurity that increases the threat protection and cyber maturity of all of Texas through collaboration and partnerships. DIR is requesting funding from the 88th Legislature to establish two additional RSOCs including one in the Rio Grande Valley and one in central Texas."

Calls for More Digital Signatures and Blockchain Guidance

Another DIR recommendation that would impact higher education institutions, if lawmakers act, is for new legislation to enable broader access to digital government services, streamlined processes, and digitization by expanding the use of digital signatures.

"Currently, a digital signature can be used to authenticate a written electronic communication sent by an individual to a state agency or local government if the signature complies with DIR's rules as well as rules adopted by the state agency or local government," the BPR explained. "Allowing more digital signatures in lieu of handwritten signatures, without additional rulemaking, could lead to improved administrative efficiency and reduced costs."

A final recommendation for lawmakers spelled out in the BPR is to "provide guidance for distributed ledger and blockchain technology best practices."

Nationally, a handful of colleges and universities have piloted using blockchain technology to store and share digital credentials such as academic records; although widespread adoption of blockchain for academic records isn't seen as likely in the next year or two, the DIR noted that 10% of state agencies have said they're considering adopting distributed ledger-based systems.

View or download the full 2022 BPR at https://dir.texas.gov/strategic-planning-and-reporting/biennial-performance-report.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • illustration of a VPN network with interconnected nodes and lines forming a minimalist network structure

    Report: Increasing Number of Vulnerabilities in OpenVPN

    OpenVPN, a popular open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a new report from Microsoft.

  • interconnected cubes and circles arranged in a grid-like structure

    Hugging Face Gradio 5 Offers AI-Powered App Creation and Enhanced Security

    Hugging Face has released version 5 of its Gradio open source platform for building machine learning (ML) applications. The update introduces a suite of features focused on expanding access to AI, including a novel AI-powered app creation tool, enhanced web development capabilities, and bolstered security measures.