NCPA - National Center for Policy Analysis

Texas Legislature moves on cyber issues after latest global attack

May 31, 2017

NCPA Senior Fellow David Grantham writes in the Star-Telegram

The United States avoided the brunt of the WannaCry ransomware that wreaked havoc internationally.

Ironically, the attack came just as two pieces of legislation, House Bill 8 and House Bill 9, update state law to account for the use of malware and upgrade public-sector cyber capabilities.

These necessary and timely bills, introduced by state Rep. Giovanni Capriglione, R-Southlake, have also illuminated how far behind the state remains in becoming digitally resilient.

House Bill 8 sets new standards for cyber reporting, training and protection among state agencies.

It calls for the long overdue creation of House and Senate select committees on cybersecurity. The absence of these dedicated bodies is indicative of the state's current preparedness.

The bill also creates a public-private cybersharing task force to be staffed with both government officials and private sector professionals.

That should not be hard to fill, since Texas currently ranks second in the country with over 485,000 cyber-related jobs and is home to the Air Force's Cyber Command and assets from the National Security Agency.

House Bill 9 criminalizes the intentional, indirect compromise of a network and computer without the consent of the owner.

Current state law oddly addresses only direct access, whereas HB 9 extends prosecutorial authorities to cover the use of malware and ransomware against parties not physically present at the computer.

Each bill represents the first step in a thousand-mile journey. The content and scope of the bills reveals just how long that journey will be.

Not only are the gaps in state law worrisome, the process in drafting the bills uncovered a severe lack of digital uniformity and modernization across government agencies.

Some offices ran on old software. Others could not communicate effectively because of incompatible systems.

Standards for cyber hygiene varied widely from department to department. Education and training was inconsistent.

Recall that the WannaCry ransomware proved successful because it exploited the continued use of old software, reliance on dated systems and user error.

People rely on the resiliency and integration of the state's digital infrastructure, as do local businesses, law enforcement and industry.

The importance of network compatibility, for instance, comes into play when one considers that Texas owns the only state-based electric grid in the nation.

Texas also remains crucial to the health and well-being of the United States.

In all, Texas is responsible for producing, manufacturing and safeguarding some of the nation's most critical commodities and technologies, making it a prime target of America's adversaries.

The state's cyber capabilities must keep pace with the private sector to ensure this legacy continues.

Legal statutes must evolve if the state expects to defend itself against the inevitable threats that come with the age of technology.

There is a saying that comes to mind after the latest ransomware attack: A wise man learns from his mistakes, but a wiser man learns from another man's mistakes.

Texas can avoid the mistakes that compromised others.

 

 

Browse more articles on Government Issues