Over the past few years, local governments and their acting agencies have become prey for cybercriminals. In fact, a report from 2018 showed a 39 percent increase in the number of attacks against state and local governments. Most recently, 22 municipalities in Texas were hacked, seized and held ransom by a single cybercriminal.
Lack of resources and awareness are the primary reason local and state governments are vulnerable to cyberattacks. These variables in tandem with the rise in cybercrimes caught the attention of Texas lawmakers, pushing them to pass legislation requiring local and state government employees to complete annual cybersecurity training.
What is House Bill 3834?
On June 14, Governor Greg Abbot signed House Bill 3834 (HB 3834) into law, amending section 2054.518 of the Texas Government Code and requiring most municipal and state employees to undergo cybersecurity training. This bill is an extension of Chapter 202 of the Texas Administration Code aimed at strengthening the state’s protection against such attacks.
The bill, which took effect June 14, requires the Texas Department of Information Resources (DIR) to certify at least five cybersecurity training programs. Each program will focus on educating government employees on how to detect, asses, report and address cyber threats as well as how to develop proactive information security habits.
DIR has yet to publish a list of certified programs, but according to their website, the department anticipates publishing a list of initial programs in October 2019. Once available, public servants will have until June 14, 2020 to complete their certification classes.
Who is Required to Complete Cybersecurity Training under HB 3834?
The bill provides state and local government employees with different criteria for who is required to participate in cybersecurity training. State employees, for example, are only required to undergo the training if they use a computer to complete at least 25 percent of their required duties while those employed by a local government will only undergo the training if they have access to the entity’s computer system or database. State and local elected and appointed officials must also complete cybersecurity training, regardless of how often they use a computer.
HB 3834 requires certain state contractors to complete the training as well. According to the bill, a state agency shall require contractors to complete a cybersecurity course if they have access to a state computer system or database. The requirement shall be met during the terms of the contract and during any renewal period.
Why HB 3834 is Important
As we’ve seen over the past few years, government agencies continue to be appealing targets for cyberattacks. Cybercriminals have found they can gain access to valuable information, or block access to such information, by attacking untrained and underprepared local and state agencies.
Local and state employees operating vulnerable components such as SCADA systems, electrical grids and wastewater treatment plants will benefit greatly by participating in a cybersecurity program. The available programs will provide these individuals with the skill they need to spot, assess and report cyber threats, potentially saving municipalities millions of dollars.
State and local entities could be left with a costly repair bill if their systems or databases are targeted by cybercriminals. For example, the City of Atlanta paid $9.5 million in recovery efforts after a 2018 cyberattack that left a third of the city’s software programs offline. By providing the education and resources state and local government employees need to address cyberattacks, Texas residents can feel confident knowing their utilities and personal information are better protected.
Jones|Carter offers a range of cybersecurity services to municipalities across Texas. Consult with us to learn more about what we do.