An alarming rise in cyberattacks prompted the Texas Legislature last session to pass House Bill 3834 authored by Rep. Giovanni Capriglione (R-Southlake), which requires all county officials and their staffs to take a training course, certified by the Texas Department of Information Resources (DIR), to prevent attacks by cyber criminals.
The need for counties to protect citizens' private online data is more pressing than ever with the sensitive information local and state government agencies possess and the increasing risks from those illegally attempting to access that information. Since 2013, there have been a reported 169 cyberattacks on local governments, according to National Public Radio. In August 2019, hackers targeted 22 mostly rural municipalities in Texas with ransomware attacks in which a municipality's data is encrypted by the attackers who then demand a ransom to unencrypt the files. NPR reports that attackers asked one city for a collective $2.5 million in ransom. To protect against common cyberattack methods, the best preventative measure is cybersecurity training for individuals who use equipment vulnerable to such attacks.
HB 3834 Explainer
- The bill requires that all state and local government employees and contractors with access to their respective government computer systems or databases take an annual cybersecurity training course certified by DIR.
- The training course must be completed by June 14, 2020, to fulfill training requirements for the first year the law is in effect.
- DIR is still developing reporting requirements, but has indicated it will likely require that each government employee take responsibility for reporting their individual compliance with the bill.
TAC's Free State-Mandated Training
In compliance with HB 3834, TAC now offers a DIR-certified 45-minute cybersecurity training course at no cost to county members. The course focuses on forming habits that secure information and teaches best practices for identifying and addressing security threats. This is in addition to TAC's existing cybersecurity awareness training program, offered to nearly 12,000 county officials and staff members over the past year.
To enroll in TAC's certified course, counties need to complete the registration steps found on the TAC website, including counties that were previously enrolled in the TAC Cybersecurity Training Program that was launched in early 2019. DIR has certified several other vendors’ courses, and a list of providers can be found on the DIR website.
For more information or to enroll your county, click here.