State leaders are looking to create a Texas Cyber Command, a new component of The University of Texas system charged with preparing for and responding to cybersecurity threats statewide.
The big picture
Gov. Greg Abbott raised the strategy to bolster Texas' digital defenses in his February State of the State address, naming the command's establishment a priority for this year's legislative session.
The new command tied to The University of Texas at San Antonio is outlined in House Bill 150 from state Rep. Giovanni Capriglione, R-Southlake, that's now under review in a Texas House committee. A companion version was also filed in the Senate in March.
"The threat is evolving and growing increasingly sophisticated by the day, if not the hour and the minute," Capriglione said during a March 19 committee session. "Everything we set out to accomplish as legislators, be it securing water, strengthening our grid, improving government services or being the top state for business, is being jeopardized if we do not have a robust cybersecurity posture.”
The new command would spin off and expand state cybersecurity work currently handled by the Texas Department of Information Resources. Among its many responsibilities would be developing cyber defense tools and security standards, workforce training, and public and private partnerships in the field.
Zooming in
During the March 19 review of HB 150 by the House Committee on Delivery of Government Efficiency, Capriglione listed significant digital breaches that had taken place in each committee member's community and said millions of Texans saw their personal information compromised last year, according to the attorney general's office.
"We are facing these attacks against our critical infrastructure every day. We’ve had wastewater treatment plants affected, we’ve had our government services affected, we’ve had multiple attempts on everything from our natural gas pipelines to our grid itself," Capriglione said. "If you just think about what the costs are and could be if some of those were taken, not just financial costs but maybe even lost life and public safety.”
The command would also be responsible for cybersecurity training to be mandated for government employees at all levels. Capriglione stressed the importance of this provision within the larger command system given common lapses by individuals, like clicking suspicious links or reusing passwords.
“There’s going to be billions of attacks ... but the biggest risk is the human," he said.
The framework
Capriglione likened the command's location at UTSA to the Texas Division of Emergency Management's placement under The Texas A&M University System. It'd be helmed by an appointee of the governor, who'd oversee the initiative alongside a "cybersecurity council" including political appointees and representatives from the Secretary of State's Elections Division, university and private sectors.
The command would also provide regular reporting to state leaders with cybersecurity recommendations and funding reports on priority projects.
The cost
The command would cost hundreds of millions of dollars to stand up and operate over the coming years, carrying an estimated $413.85 million price tag through 2030. That total includes tens of millions of dollars of building and start-up costs at UTSA and tens of millions more for scores of full-time employees and contracted workers.
Some initial needs could be covered by Texas' university systems without dipping into state funds. UT is ready to make space available at UTSA and direct about $60 million from the systems' investments to support the Texas Cyber Command, according to UTSA President Taylor Eighmy and a letter to lawmakers from UT Board of Regents Chair Kevin Elitfe and Chancellor James Milliken.
"It's a completely different revenue source and it would be put on the table to benefit this, and it will dramatically decrease the fiscal note for this biennium by dropping it by $60 million," Eighmy told the House committee.
Testimony by attendees at the House DOGE committee's March session was supportive of HB 150 and the new command.
Jeff Webster, president and CEO of Greater San Antonio Chamber of Commerce, and San Antonio council member Marc Whyte joined Eighmy in calling out the cybersecurity, educational and military foundation and workforce in "Cyber City USA" as reasons it should house the new initiative.
"The establishment of the Texas Cyber Command in San Antonio would leverage our existing cybersecurity ecosystem and infrastructure; enhance protection of our state’s critical infrastructure from increasing cyber threats; create high-skill job opportunities for our residents; strengthen collaboration between academic, military and private sector cyber initiatives; and position Texas as a national leader in cybersecurity innovation and defense," Whyte told lawmakers.
What's next
HB 150 was left pending after the March 19 committee hearing. It will advance to the full House if approved after further review.
If the bill eventually passes, it'd go into effect and formally lay out the Texas Cyber Command on or before Sept. 1. All DIR cybersecurity matters would be transferred to the command by the end of 2026.
One more thing
The DOGE committee reviewed HB 150 after considering another state cybersecurity update in House Bill 876 by Rep. Suleman Lalani, D-Sugar Land.
That legislation calls to create a new information-sharing system within the DIR where Texas public and private entities could discuss cybersecurity threats and related responses. The bill would also allow for an interstate program. The committee didn't dive into how both proposals might interact; Lalani's HB 876 was sent to the full House on March 20.
