DIR Outlines Cybersecurity Transition to Texas Cyber Command

The Department of Information Resources (DIR) has transferred statewide cybersecurity employees and functions to Texas Cyber Command (TXCC), marking a shift in how Texas organizes cybersecurity responsibilities across state and local government.

Executive Director and state CIO Tony Sauerhoff told the DIR board during its May 21 meeting that the transition took effect March 1. He said the cybersecurity employees and functions that were set to move from DIR to TXCC have now done so.

DIR is retaining a smaller cybersecurity role. Sauerhoff said the agency has kept an internal cybersecurity team responsible for DIR’s own agency security needs and has created a small security team within its Shared Technology Services program to focus on vendor management and vendor compliance. The vendor-focused function had previously been housed in DIR’s chief information security office division, but it was tied to the Shared Technology Services program and will remain there.

DIR also retains the state’s chief privacy officer, Jennie Hoelscher.

Sauerhoff said DIR is still maintaining cybersecurity-related webpages on its website for now, though those pages include banners notifying visitors that the functions have moved to TXCC and providing contact information.

The prohibited technologies program has also shifted. Sauerhoff said DIR previously led that work with the Texas Department of Public Safety (DPS), making recommendations to the governor’s office on changes or additions to the prohibited technologies list. That role now belongs to TXCC and DPS.

DIR is also still maintaining the webpage listing products and companies on the prohibited technologies list, Sauerhoff said.

The federal State and Local Cybersecurity Grant Program is also affected by the transition. Sauerhoff said DIR had served as a subject matter expert for the governor’s office on the program, but that role has now moved to Texas Cyber Command.

Sauerhoff said the command’s plan is to be fully self-sufficient by the end of the year. He said DIR is still helping with some administrative functions, including human resources, IT and procurement support, while TXCC builds its own internal support functions.

Sauerhoff also said DIR and TXCC will need to continue working together, particularly where cybersecurity intersects with data center responsibilities.

The transition comes as DIR continues to operate technology programs that intersect with cybersecurity, procurement and vendor oversight. Sauerhoff said the agency expects to maintain a partnership with TXCC as the new agency matures.