The bill, S.B. No. 1034, aims to enhance cybersecurity measures for retail public utilities that provide water or sewer services in Texas. It amends the Government Code to expand the list of entities eligible for cybersecurity services from the Department of Information Resources to include retail public utilities, alongside other governmental and educational organizations. Additionally, it introduces a new subchapter in the Water Code that establishes specific cybersecurity requirements for these utilities, including prohibiting the connection of their supervisory control and data acquisition systems to the Internet, mandating employee identification authentication for network access, and requiring annual cybersecurity training for relevant employees.

Furthermore, the bill outlines the responsibilities of the Texas Commission on Environmental Quality and the Department of Information Resources in implementing these cybersecurity measures, including conducting security assessments and audits of retail public utilities. It also mandates that utilities report any security incidents involving sensitive personal information within 48 hours. The bill sets a compliance deadline for retail public utilities to adhere to the new cybersecurity requirements by September 1, 2027, and requires the relevant agencies to adopt necessary rules by September 1, 2026.

Statutes affected:
Introduced: Government Code 2054.0525, Government Code 2059.058 (Government Code 2054, Government Code 2059)