House Bill No. 4231 aims to enhance cybersecurity measures for retail public utilities that provide water or sewer services in Texas. The bill amends the Government Code to include retail public utilities as eligible customers for services provided by the Department of Information Resources. It also introduces new cybersecurity requirements specifically for these utilities, including prohibitions on connecting their supervisory control and data acquisition systems to the Internet, and mandates for employee identification authentication before network access. Additionally, the bill requires annual cybersecurity training for employees with access to the utility's computer systems and establishes protocols for security assessments and incident notifications.

The bill further stipulates that the Texas Commission on Environmental Quality and the Department of Information Resources must adopt necessary rules by September 1, 2026, to implement these changes, with compliance required from retail public utilities by September 1, 2027. The legislation emphasizes the importance of cybersecurity in protecting sensitive information and ensuring the integrity of water and sewer services, reflecting a proactive approach to safeguarding critical infrastructure against cyber threats.

Statutes affected:
Introduced: Government Code 2054.0525, Government Code 2059.058 (Government Code 2054, Government Code 2059)