Bill Text: TX HB1723 | 2023-2024 | 88th Legislature | Introduced
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Relating to requiring the Department of Information Resources to conduct a study concerning the cybersecurity of small businesses.
Spectrum: Bipartisan Bill
Status: (Engrossed - Dead) 2023-05-09 - Referred to Business & Commerce [HB1723 Detail]
Download: Texas-2023-HB1723-Introduced.html
Bill Title: Relating to requiring the Department of Information Resources to conduct a study concerning the cybersecurity of small businesses.
Spectrum: Bipartisan Bill
Status: (Engrossed - Dead) 2023-05-09 - Referred to Business & Commerce [HB1723 Detail]
Download: Texas-2023-HB1723-Introduced.html
| 88R2653 MLH-D | ||
| By: Raymond | H.B. No. 1723 | |
|
|
||
|
|
||
| relating to requiring the Department of Information Resources to | ||
| conduct a study concerning the cybersecurity of small businesses. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. DEFINITIONS. In this Act: | ||
| (1) "Department" means the Department of Information | ||
| Resources. | ||
| (2) "Tax incentive" means any exemption, deduction, | ||
| credit, exclusion, waiver, rebate, discount, deferral, or other | ||
| abatement or reduction of state tax liability of a business entity. | ||
| SECTION 2. STUDY CONCERNING CYBERSECURITY OF SMALL | ||
| BUSINESSES. (a) The department, in collaboration with the Texas | ||
| Workforce Commission, shall conduct a study to: | ||
| (1) assess how small businesses can improve their | ||
| ability to protect against cybersecurity risks and threats to the | ||
| businesses' supply chain and to mitigate and recover from | ||
| cybersecurity incidents; and | ||
| (2) determine the feasibility of establishing a grant | ||
| program for small businesses to receive funds to upgrade their | ||
| cybersecurity infrastructure and to participate in cybersecurity | ||
| awareness training. | ||
| (b) The department may, if necessary and as appropriate, | ||
| partner with a nonprofit entity or institution of higher education, | ||
| as defined by Section 61.003, Education Code, to conduct the study. | ||
| (c) In conducting the study, the department shall: | ||
| (1) consider the current best practices used by small | ||
| businesses for cybersecurity controls for their information | ||
| systems to protect against supply chain vulnerabilities, which may | ||
| include best practices related to: | ||
| (A) software integrity and authenticity; and | ||
| (B) vendor risk management and procurement | ||
| controls, including notification by vendors of any cybersecurity | ||
| incidents related to the vendor's products and services; | ||
| (2) identify barriers or challenges for small | ||
| businesses in purchasing or acquiring cybersecurity products or | ||
| services; | ||
| (3) consider and estimate the cost of any available | ||
| tax incentives or other state incentives to increase the ability of | ||
| small businesses to acquire products and services that promote | ||
| cybersecurity; | ||
| (4) assess the availability of resources small | ||
| businesses need to respond to and recover from a cybersecurity | ||
| event; | ||
| (5) assess the impact of cybersecurity incidents that | ||
| have affected small businesses, including the resulting costs to | ||
| small businesses; | ||
| (6) to the extent possible, identify any emerging | ||
| cybersecurity risks and threats to small businesses resulting from | ||
| the deployment of new technologies; and | ||
| (7) assess any other issue the department and the | ||
| Texas Workforce Commission determine would have a future impact on | ||
| cybersecurity for small businesses with supply chain | ||
| vulnerabilities. | ||
| (d) In determining the feasibility of establishing a grant | ||
| program described by Subsection (a)(2) of this section, the study | ||
| must: | ||
| (1) identify the most significant and widespread | ||
| cybersecurity incidents impacting small businesses, vendors, and | ||
| others in the supply chain network of small businesses; | ||
| (2) consider the amount small businesses currently | ||
| spend on cybersecurity products and services and the availability | ||
| and market price of those services; and | ||
| (3) identify the type and frequency of training | ||
| necessary to protect small businesses from supply chain | ||
| cybersecurity risks and threats. | ||
| SECTION 3. REPORT. (a) Not later than December 31, 2024, | ||
| the department shall submit to the standing committees of the | ||
| senate and house of representatives with jurisdiction over small | ||
| businesses and cybersecurity a report that contains: | ||
| (1) the results of the study conducted under Section 2 | ||
| of this Act, including the feasibility of establishing a grant | ||
| program described by Subsection (a)(2) of that section; and | ||
| (2) recommendations for best practices and controls | ||
| for small businesses to implement in order to update and protect | ||
| their information systems against cybersecurity risks and threats. | ||
| (b) The department shall make the report available on the | ||
| department's Internet website. | ||
| SECTION 4. EXPIRATION OF ACT. This Act expires September 1, | ||
| 2025. | ||
| SECTION 5. EFFECTIVE DATE. This Act takes effect | ||
| immediately if it receives a vote of two-thirds of all the members | ||
| elected to each house, as provided by Section 39, Article III, Texas | ||
| Constitution. If this Act does not receive the vote necessary for | ||
| immediate effect, this Act takes effect September 1, 2023. | ||
