Texas IT division launches security incident reporting portal

A new law requires state and local government entities to submit incident reports through a new web portal within 48 hours of discovery.
Getty Images

The Texas Department of Information Resources on Friday launched a portal for local government agencies to report cybersecurity incidents, in compliance with a new law approved by Gov. Greg Abbott this past May.

According to SB 271, state and local governments with computers housing sensitive information must report a security incident — such as a data breach, suspected data breach or ransomware attack — within 48 hours of discovery. Additional details and analysis must be sent to DIR within 10 days of resolving the security incident.

“With both state and local government entities reporting cybersecurity incidents to the state, DIR will have a more complete picture of the cyber threats Texas is facing,” Texas Cybersecurity Coordinator Tony Sauerhoff said in a press release.

Texas is following on the heels of North Dakota and Indiana, both of which passed laws requiring local governments to report cyber incidents to the state in recent years. North Dakota sought a unified approach to cybersecurity and a more centralized enforcement for all its political subdivisions, ranging from libraries to county governments. Indiana state officials can now respond to incident reports by providing local municipalities with free training about phishing, through licenses available on a state contract, according to the Indiana Information Sharing and Analysis Center.


Under the Texas law, local government entities such as counties, cities, special districts and K-12 schools are now required to report a cybersecurity attack, a requirement that previously only extended to state agencies and higher education institutions. Local governments that are required to report to an independent organization certified by the Public Utility Commission of Texas are exempt from the statute.

According to K–12 Security Information Exchange, a national nonprofit dedicated to public schools’ cybersecurity, cases of ransomware and malicious cyber activity aimed at K-12 school districts are on the rise. Its 2022 annual report showed ransomware has become the most common type of publicly disclosed cyber incident at U.S. schools. In response, the Texas Legislature in July allocated $55 million to the Texas Education Agency to counter cybersecurity threats targeted at schools, as part of the state’s K-12 Cybersecurity Initiative.

The Biden administration has also acknowledged the vulnerability faced by school districts with outdated security systems. In March, the White House released its National Cybersecurity Strategy, which outlines how to help school districts fight cybersecurity threats across the country through training and computer system upgrades. Rural districts in particular are prime targets, as they often have fewer resources to devote to cybersecurity.

Local government entities in Texas can submit cybersecurity incident reports to DIR via the Archer Engage secure webform, after first creating an account. Once submitted, DIR sends an incident email confirmation with an incident identification number. Entities can also call the DIR Security Hotline if the incident requires immediate assistance.

“DIR is here to assist state and local governments in the aftermath of a cyber incident. Sharing threat intelligence gained from these reports with other entities will prevent additional cyberattacks aimed at Texas,” Sauerhoff said.

Sophia Fox-Sowell

Written by Sophia Fox-Sowell

Sophia Fox-Sowell reports on artificial intelligence, cybersecurity and government regulation for StateScoop. She was previously a multimedia producer for CNET, where her coverage focused on private sector innovation in food production, climate change and space through podcasts and video content. She earned her bachelor’s in anthropology at Wagner College and master’s in media innovation from Northeastern University.

Latest Podcasts