Relating to cybersecurity for retail public utilities that provide water or sewer service.
Impact
If enacted, the provisions of SB1034 will necessitate significant changes to how retail public utilities secure their systems and manage data. The bill outlines requirements for annual cybersecurity training for officials and staff, mandates the completion of security assessments, and establishes protocols for incident notification within 48 hours of any security breach. This aligns Texas's regulatory framework with modern cybersecurity practices and aims to protect public interests by ensuring that utilities can respond swiftly to information security incidents. Furthermore, the Texas Commission on Environmental Quality and the Department of Information Resources are empowered to develop applicable rules, ensuring a structured approach to implementation.
Summary
SB1034 focuses on enhancing cybersecurity measures for retail public utilities that provide water or sewer services in Texas. This bill stipulates rigorous requirements aimed at safeguarding sensitive information and maintaining the integrity of these utilities' operational technologies. It mandates that such utilities refrain from connecting critical control systems to the Internet, thereby minimizing exposure to potential cyber threats. These measures are designed to bolster the operational resilience of public utilities against malware and unauthorized data access, which could endanger service delivery.
Contention
While the bill aims to secure critical infrastructure, it may elicit concerns regarding the operational challenges it poses. Utilities may face increased costs associated with compliance, particularly for smaller entities that may lack resources for implementing extensive cybersecurity measures. Additionally, there might be apprehensions regarding the balance between regulatory oversight and the autonomy of local utilities, particularly in adapting to changing technological landscapes. As with any regulatory initiative, stakeholders will likely engage in discourse around the sufficiency of the measures proposed and their potential impact on service delivery.
Texas Constitutional Statutes Affected
Government Code
Chapter 2054. Information Resources
Section: 0525
Chapter 2059. Texas Computer Network Security System
Relating to the eligibility of certain entities for services and commodity items provided by the Department of Information Resources and statewide technology centers.
Relating to the eligibility of certain entities for services and commodity items provided by the Department of Information Resources and statewide technology centers.
Relating to public school cybersecurity controls and requirements and technical assistance and cybersecurity risk assessments for public schools provided by the Department of Information Resources.
Relating to public school cybersecurity controls, student data privacy protection, and requirements and technical assistance and cybersecurity risk assessments for public schools provided by the Department of Information Resources.
Relating to information maintained by certain municipally owned utilities that provide electricity services and cable, Internet, or broadband services.
Relating to physical security and cybersecurity practices for certain utilities that provide electricity service and an independent organization certified to manage a power region.
Relating to the transfer of functions relating to the economic regulation of water and sewer service from the Public Utility Commission of Texas and the Office of Public Utility Counsel to the Water Public Utility Commission and the Office of Water Public Utility Counsel; creating a criminal offense.