(a) The command shall establish a dedicated cybersecurity incident response unit to:
- (1) detect and contain cybersecurity incidents in collaboration with the cybersecurity threat intelligence center under Section 2063.201;
- (2) engage in threat neutralization as necessary and appropriate, including removing malware, disallowing unauthorized access, and patching vulnerabilities in information resources technologies;
- (3) in collaboration with the digital forensics laboratory under Section 2063.203, undertake mitigation efforts if sensitive personal information is breached during a cybersecurity incident;
- (4) loan resources to state agencies and covered entities to promote continuity of operations while the agency or entity restores the systems affected by a cybersecurity incident;
- (5) assist in the restoration of information resources and information resources technologies after a cybersecurity incident and conduct post-incident monitoring;
- (6) in collaboration with the cybersecurity threat intelligence center under Section 2063.201 and digital forensics laboratory under Section 2063.203, identify weaknesses, establish risk mitigation options and effective vulnerability-reduction strategies, and make recommendations to state agencies and covered entities that have been the target of a cybersecurity attack or have experienced a cybersecurity incident in order to remediate identified cybersecurity vulnerabilities;
- (7) in collaboration with the cybersecurity threat intelligence center under Section 2063.201, the digital forensics laboratory under Section 2063.203, the Texas Division of Emergency Management, and other state agencies, conduct, support, and participate in cyber-related exercises; and
- (8) undertake any other activities necessary to carry out the duties described by this subsection.
- (b) The chief shall employ a director for the cybersecurity incident response unit.
Added by Acts 2025, 89th Leg., R.S., Ch. 331 (H.B. 150), Sec. 1, eff. September 1, 2025.