Texas establishes a new Cyber Command to combat rising cyberattacks as critical federal cybersecurity changes push states to handle their own defenses.
Since Trump’s return to office, federal cybersecurity has faced a lot of changes and challenges. Between the first few days and just last week, artificial intelligence orders have been repealed, the Cyber Safety Review Board (CSRB) was dismantled, and the Cybersecurity and Infrastructure Security Agency (CISA) got a new senior advisor for cybersecurity amid concerns about a potential government systems breach caused by the Department of Government Efficiency (DOGE). Mixed into this whirlwind, there are hints that the federal government might consider trimming federal cybersecurity authority in favor of state governance.
Kristi Noem, the new Secretary of Homeland Security, said "CISA needs to be much more effective, smaller, more nimble, to really fulfill their mission, which is to hunt and to help harden our nation’s critical infrastructure,” in her confirmation hearing. When coupled with the hiring freeze and DOGE’s efforts to remove incumbent federal workers from several agencies - including CISA - through the Deferred Resignation program, Noem’s words herald a shrinking cyber workforce on the national level. While the move is at odds with Biden’s efforts to close the cyber wage gap, it may not necessarily signify a shrinking cyber workforce on a state level.
On February 2, 2025, Texas Governor Greg Abbot declared the creation of a Texas Cyber Command an emergency item in his State of the State address. In the address, Abbott called the number of cyber attacks “a problem that’s on the rise dramatically in the state of Texas, and candidly, across the country”. It’s true that the Lone Star State has been dealing with pervasive cyber attacks - Matagorda County had to issue a declaration of disaster after a virus invaded several internal systems, and a cyber attack on Texas Tech University health centers last year may have exposed sensitive information (including Social Security Numbers, medical information, diagnoses, and addresses) from 1.4 million patients.
Texas is likely an appealing target for cyber threat actors because of its wealth and valuable information - as a state, it has the eighth-largest economy in the world and is an important source of oil and gas in the US. Texas also hosts 19 seaports, the world’s largest medical complex, and the most airports of any state. According to the press release, the state's Cyber Command “will create a robust strategy for the State of Texas to:
- Anticipate and detect potential cyber threats
- Promote cybersecurity awareness, professional training, and other workforce-oriented measures
- Prepare for cyberattacks through various exercises, pre-attack coordination and planning, and proactive collaboration with critical infrastructure partners
- Defend against, respond effectively to, and mitigate against the effects of cyberattacks when they occur, working across the state and with relevant partners
- Provide subject matter expertise, forensic analysis, and other support to conduct post-attack investigations and recovery efforts”.
The Texas Cyber Command will be based in San Antonio, which will allow it to collaborate with the University of Texas at San Antonio, in addition to their partners at Regional Security Centers, and local, state, and federal agencies.
Texas is not the only state that has weathered cyberattacks recently. School districts in Maine and Tennessee experienced cyberattacks over the holiday period, likely from Bulgaria. A cyberattack in Virginia forced the attorney general’s office to take most of the office's IT systems (including the website) offline. Rhode Island’s health and social services endured a cyberattack in December that may have compromised the personal information of hundreds of thousands of people. These escalating attacks on critical infrastructure, along with DOGE’s work to ‘delete entire agencies’, might make more states create their own cyber commands.