- (a) The chief or the chief's designee shall lead a cybersecurity council that includes public and private sector leaders and cybersecurity practitioners to collaborate on matters of cybersecurity concerning this state.
(b) The cybersecurity council must include:
- (1) one member who is an employee of the office of the governor;
- (2) one member of the senate appointed by the lieutenant governor;
- (3) one member of the house of representatives appointed by the speaker of the house of representatives;
- (4) the director of the Elections Division of the Office of the Secretary of State;
- (5) one member who is an employee of the department; and
- (6) additional members appointed by the chief, including representatives of institutions of higher education and private sector leaders.
- (c) Members of the cybersecurity council serve staggered six-year terms, with as near as possible to one-third of the members' terms expiring February 1 of each odd-numbered year.
- (d) In appointing representatives from institutions of higher education to the cybersecurity council, the chief shall consider appointing members of the Information Technology Council for Higher Education.
(e) The cybersecurity council shall:
- (1) consider the costs and benefits of establishing a computer emergency readiness team to address cybersecurity incidents occurring in this state during routine and emergency situations;
- (2) establish criteria and priorities for addressing cybersecurity threats to critical state installations;
- (3) consolidate and synthesize best practices to assist state agencies in understanding and implementing cybersecurity measures that are most beneficial to this state; and
- (4) assess the knowledge, skills, and capabilities of the existing information technology and cybersecurity workforce to mitigate and respond to cyber threats and develop recommendations for addressing immediate workforce deficiencies and ensuring a long-term pool of qualified applicants.
(f) The chief, in collaboration with the cybersecurity council, shall provide recommendations to the legislature on any legislation necessary to implement cybersecurity best practices and remediation strategies for this state.
Redesignated from Government Code, Section 2054.552 by Acts 2015, 84th Leg., R.S., Ch. 1236 (S.B. 1296), Sec. 21.001(29), eff. September 1, 2015.
Transferred, redesignated and amended from Government Code, Section 2054.512 by Acts 2025, 89th Leg., R.S., Ch. 331 (H.B. 150), Sec. 14, eff. September 1, 2025.
Added by Acts 2013, 83rd Leg., R.S., Ch. 32 (S.B. 1102), Sec. 1, eff. May 10, 2013.
Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 9, eff. September 1, 2017.
Acts 2021, 87th Leg., R.S., Ch. 376 (S.B. 851), Sec. 1, eff. September 1, 2021.