Nancy Rainosek, Texas cyber chief who oversaw response to 2019 ransomware attack, is retiring
Nancy Rainosek, who served as Texas’ chief information security officer since 2017, will soon retire, the Department of Information Resources announced Tuesday.
Two years into the job, Rainosek oversaw Texas’ response to a widespread ransomware attack that affected nearly two dozen local governments, forcing her to reimagine the state’s cybersecurity program, and led her to establish regional response centers to better protect Texans’ data and the state’s technology infrastructure.
As state CISO, Rainosek was tasked with protecting the state from cybersecurity threats through policy measures, and enabling state agencies to protect themselves. One of the ways she approached that responsibility was by establishing a statewide incident response plan.
“If the comptroller’s office and the Health and Human and the Workforce Commission all got hit at the same time, and how would we prioritize and and operate an incident at that level?” Rainosek said, adding that she worked with the Department of Public Safety, Division of Emergency Management, and state military department on the incident response plan. “We practiced. We did training together. We did tabletops together.”
Before joining the Department of Information Resources, Rainosek served as the deputy chief information security officer and the enterprise security operations manager for the Texas Health and Human Services Commission. She was also an IT audit manager and information resource manager at the Texas State Auditor’s Office.
Rainosek joined the state’s technology bureau, the Department of Information Resources, in 2013. In 2017 she became state CISO, and in August 2019, she got to put the incident response plan to the test when a ransomware attack shut down the operations of 23 local government entities across Texas, interrupting their ability to conduct business, including processing licenses and certificates, collecting payment for services or conducting payroll activities.
She said she remembers receiving a call from a sheriff’s office in northeast Texas that had been hit with ransomware, but soon the number of governments affected started growing.
“First it was one, and then it was, you know, eight, and then it was 17, and eventually it was 23 and that was a little scary, but we had really worked hard to put ourselves in a position to be able to respond to that,” Rainosek said.
Gov. Greg Abbott declared the ransomware attack a disaster – the first cybersecurity incident to be deemed a state disaster.
In response to the wide-reaching cyberattack, Rainosek created three Regional Security Operations Centers, which operate out of state universities and help protect local government organizations and school districts in west, central and south Texas from cybersecurity threats.
Rainosek said she was inspired to create the operation centers because during the widespread incident she realized that residents rely on their county and city governments — for marriage certificates, property sales and even to pay highway patrol officers — far more than they do state agencies.
“The sheriff’s officers couldn’t pull people over, because it’s Texas law to do a video recording of a traffic stop, and they couldn’t offload the tapes in their cars, because the server was encrypted,” she said. “It caused problems with the prisons being able to use the commissary or, I mean, it was just a far reaching event, and really showed that we needed to do something to help local governments in Texas.”
Rainosek said her department also started tracking ransomware attacks, which until the end of the state’s legislative session in 2023, local government agencies hadn’t been required to report.
“We’ve tracked about 200 since 2019 that have impacted either a state or local government, and that includes K-12, higher education, as well. Of that, I’d say 5% were state and so the rest local or higher ed,” Rainosek said. “That again shows that need for some kind of help for the local entities.”
As CISO, Rainosek also launched the Texas Information Sharing and Analysis Organization, an online forum for government organizations to share information on cybersecurity threats and best practices. She also helped launch the Statewide Portal for Enterprise Cybersecurity Threat, Risk, and Incident Management, where state agencies can take security assessments.
“Nancy Rainosek is a celebrity in the state government cybersecurity community. She has established an incredible legacy as a public servant dedicated to the security of the state of Texas as well as mentoring and supporting her team,” state Chief Information Officer Amanda Crawford said in a press release. “Both DIR and the state of Texas will continue to benefit from Nancy’s time as Chief Information Security Officer for years to come.”
According to the state’s announcement, Tony Sauerhoff, the deputy CISO and the state cybersecurity coordinator, replaced Rainosek as CISO. Rainosek will continue to serve as the department’s executive cybersecurity strategist until her retirement in December, when, she said, she will explore other career opportunities.
“The cyber field, it’s a great career, and it’s something that can make people feel very proud of themselves every day, and that’s what I leave behind,” she said.
