The plan lists four goals:
- Enhancing Texas’ cybersecurity readiness
- Boosting cyber resilience
- Growing Texas’ skilled cybersecurity workforce
- Sustaining the administrative functions needed to operate the agency
The Command’s responsibilities include providing cybersecurity leadership, guidance and tools; facilitating cybersecurity workforce education and training; monitoring and coordinating cyber threat intelligence; planning and executing incident response; conducting digital forensics to support law enforcement; and receiving cybersecurity incident reports from state agencies and covered entities.
The plan identifies several core operational components, including the Cybersecurity Threat Intelligence Center, Cybersecurity Incident Response Unit, Digital Forensics Laboratory, Texas Information Sharing and Analysis Organization, Network Security Center, an online statewide cyber incident reporting portal, a 24-hour cybersecurity hotline, the Texas Volunteer Incident Response Team and Regional Security Operations Centers.
Artificial intelligence is included in the plan’s cybersecurity readiness and resilience goals. TXCC says it will integrate state-of-the-art AI into state cyber defenses to prevent attacks, and it plans to expand and transform incident response capabilities previously provided by the Department of Information Resources (DIR) by adding technologies including AI.
The plan also points to potential vendor-facing work around threat intelligence, information sharing, 24/7 network monitoring, vulnerability scanning, penetration testing, security assessments and AI. TXCC’s proposed budget structure calls for building out the Cybersecurity Threat Intelligence Center, Texas Information Sharing and Analysis Organization and Digital Forensics Laboratory with those capabilities.
Procurement flexibility is one of the plan’s more direct legislative recommendations. TXCC says current purchasing statutes and requirements are not designed for the speed, duration or operational complexity of modern cybersecurity threats. The Command recommends language allowing delegation and exclusion from the comptroller’s purchasing authority, saying the change would help it act with speed and precision when emerging cyber risks outpace the standard procurement process.
The Command also recommends statutory clarity around cybersecurity training, prohibited technologies and covered applications. The plan says DIR will keep AI training and guidance for governmental entities, while TXCC will incorporate an AI training component related to cybersecurity.
Another recommendation would add TXCC to the list of member agencies on the Homeland Security Council. The plan says the current statutory framework does not adequately reflect the operational connection between homeland security and cybersecurity or the level of interagency coordination now required in practice.
Workforce development is also central to the plan. TXCC says it will build on training and education programs transferred from DIR through internships, fellowships, outreach, research, cyber innovation challenges, training platforms and collaboration with Texas institutions of higher education.
The workforce section says the Command will pursue partnerships with Texas universities, community colleges, military transition programs and professional networks while developing apprenticeship and internship programs. The plan also says public-sector competitiveness remains a challenge because state agencies face salary and hiring constraints when competing for cybersecurity professionals.
The plan’s capital planning section identifies statewide managed cybersecurity services, the use of AI to secure existing software stacks and a managed transition to post-quantum encryption as likely investment areas.