skip to content
Faucet Facts logo

Cybersecurity

Welcome to the PUC’s Critical Infrastructure Security and Risk Management Division (CISRM) 

CISRM Statement for the team: Critical Infrastructure Security and Risk Management (CISRM) organizes and assists the state of Texas and its utilities in establishing security posture and recovery. Through tools and unilateral communication, the CISRM provides support to utilities and our state during weather emergencies and cyber-attacks. The mission of this division is to increase the preparedness of the state through outreach and assisting in recovery in the event of a disaster for utility companies across the state. This is done by connecting utilities to information and resources to help better prepare for events or by directly assisting in coordination during an emergency.

Cybersecurity News

The world of cybersecurity is a constantly shifting landscape of bad actors innovating to steal critical information or disable critical infrastructure as a way to tilt the balance of power, and most often, to extort money. The following stories are cautionary tales of incidents that merit your attention.

        Cybersecurity Monitor

        In May 2019, State Senate Bill 936 requiring the PUCT and the Electric Reliability Council of Texas (ERCOT) to foster a more collaborative, strategic approach identifying cybersecurity issues and finding areas to improve security measures across Texas’s critical electric infrastructure was passed. As part of this process, a Cybersecurity Monitor (CSM) was selected to help gather and share information across the state. Securitas Critical Infrastructure Services, Inc. (SCIS) was chosen to serve as the CSM for this program leveraging its experience and expertise in strategic planning and regulatory analysis to build a voluntary, non-regulatory outreach program to achieve these goals.

        Reach out to the CSM with any questions at TXCSM@scisusa.com.

          Join The Monitor Program

          To develop a more comprehensive understanding of the Cybersecurity posture of the Texas electrical grid, electrical utilities can join the Cybersecuity Monitor program. Join this program and help better protect the critical infrastructure of Texas.

          Cybersecurity Monitor Program Information

          Cybersecurity Resources

          Best Practices

          While the tactics employed by cyber criminals change constantly, the strategic posture adopted by the owners and managers of critical utility infrastructure are rooted in time-tested practices that improve the odds of thwarting an attack and losing control. This guide provides an overview of those practices.

          Frameworks and Assessment tools

          Cybersecurity defense can be neither an afterthought or a half measure. Effective defense against intrusions must be conducted within established frameworks that are scalable and measurable. The following resources can help you choose the right framework and testing tools for your organization.

          Alert Systems and Information Sharing

          Fortunately, the organizations devoted to protecting critical infrastructure from attack are closely integrated and continually monitoring threats from around the globe.

          Alert Systems links

          We strongly encourage Texas utility industry participants to subscribe to the following alert systems to ensure they have access to real-time threat information.

          Industry Information sharing websites

          Below is a list of information sharing websites that can help provide with the most up to date research and practices that take place throughout the nation.

          Legislation

          State

          Utility cybersecurity isn’t just a business best practice, it’s a matter of keen interest for the Texas Legislature. With each passing legislative session, and each advance in the skills of cyber criminals, Texas legislators are building a framework for critical infrastructure companies to follow. The two most critical laws governing CISRM and State Policy related to Cybersecurity are:

          Federal

          The federal government works closely with state-level agencies like ours to establish and disseminate cybersecurity guidelines for the protection of critical infrastructure. Companies are encouraged to familiarize themselves with the following

          We Are Here To Help

          If you are a Texas utility owner or operator who wants to notify us of an incident or have a question about your cybersecurity posture, contact us.

          CISRM@PUC.TEXAS.GOV

          512.936.7000

            Contact CISRM

            Emergency Management

            Texas has essentially written the book on emergency management, creating a networked approach to disaster response integrating the public, private and military sectors in a way designed to minimize loss of life and accelerate recovery. Whether the threat is the weather, a cyber-attack or a pandemic, accurate information is critical for public safety. Report outages or emergency events affecting your utility to the PUC.

            Report Outages or Emergency Events

            Stay connected

            To ensure we can reach our counterpart at your utility company, please be sure to submit accurate contact information for our confidential database using this form:

            Stay alert and Informed

            When storms blow through Texas, flooding, power outages, and blocked roadways are commonplace. Further advisories and emergency changes may also come up as during emergency events. Be sure to bookmark the PUC Storm Resource site to monitor critical utility recovery efforts.