skip to content
Faucet Facts logo

Cybersecurity

Welcome to the PUC’s Critical Infrastructure Security and Risk Management Division (CISRM) 

CISRM Statement for the team: Critical Infrastructure Security and Risk Management (CISRM) organizes and assists the state of Texas and its utilities in establishing security posture and recovery. Through tools and unilateral communication, the CISRM provides support to utilities and our state during weather emergencies and cyber-attacks. The mission of this division is to increase the preparedness of the state through outreach and assisting in recovery in the event of a disaster for utility companies across the state. This is done by connecting utilities to information and resources to help better prepare for events or by directly assisting in coordination during an emergency.

Cybersecurity News

The world of cybersecurity is a constantly shifting landscape of bad actors innovating to steal critical information or disable critical infrastructure as a way to tilt the balance of power, and most often, to extort money. The following stories are cautionary tales of incidents that merit your attention.

              Cybersecurity Monitor

              In May 2019, State Senate Bill 936 requiring the PUCT and the Electric Reliability Council of Texas (ERCOT) to foster a more collaborative, strategic approach identifying cybersecurity issues and finding areas to improve security measures across Texas’s critical electric infrastructure was passed. As part of this process, a Cybersecurity Monitor (CSM) was selected to help gather and share information across the state. Securitas Critical Infrastructure Services, Inc. (SCIS) was chosen to serve as the CSM for this program leveraging its experience and expertise in strategic planning and regulatory analysis to build a voluntary, non-regulatory outreach program to achieve these goals.

              Reach out to the CSM with any questions at TXCSM@scisusa.com.

                Join The Monitor Program

                To develop a more comprehensive understanding of the Cybersecurity posture of the Texas electrical grid, electrical utilities can join the Cybersecuity Monitor program. Join this program and help better protect the critical infrastructure of Texas.

                Cybersecurity Monitor Program Information

                Cybersecurity Resources

                Best Practices

                While the tactics employed by cyber criminals change constantly, the strategic posture adopted by the owners and managers of critical utility infrastructure are rooted in time-tested practices that improve the odds of thwarting an attack and losing control. This guide provides an overview of those practices.

                Frameworks and Assessment tools

                Cybersecurity defense can be neither an afterthought or a half measure. Effective defense against intrusions must be conducted within established frameworks that are scalable and measurable. The following resources can help you choose the right framework and testing tools for your organization.

                Alert Systems and Information Sharing

                Fortunately, the organizations devoted to protecting critical infrastructure from attack are closely integrated and continually monitoring threats from around the globe.

                Alert Systems links

                We strongly encourage Texas utility industry participants to subscribe to the following alert systems to ensure they have access to real-time threat information.

                Industry Information sharing websites

                Below is a list of information sharing websites that can help provide with the most up to date research and practices that take place throughout the nation.

                  Legislation

                  State

                  Utility cybersecurity isn’t just a business best practice, it’s a matter of keen interest for the Texas Legislature. With each passing legislative session, and each advance in the skills of cyber criminals, Texas legislators are building a framework for critical infrastructure companies to follow. The two most critical laws governing CISRM and State Policy related to Cybersecurity are:

                  Federal

                  The federal government works closely with state-level agencies like ours to establish and disseminate cybersecurity guidelines for the protection of critical infrastructure. Companies are encouraged to familiarize themselves with the following

                  We Are Here To Help

                  If you are a Texas utility owner or operator who wants to notify us of an incident or have a question about your cybersecurity posture, contact us.

                  CISRM@PUC.TEXAS.GOV

                  512.936.7000

                    Contact CISRM

                    Emergency Management

                    Texas has essentially written the book on emergency management, creating a networked approach to disaster response integrating the public, private and military sectors in a way designed to minimize loss of life and accelerate recovery. Whether the threat is the weather, a cyber-attack or a pandemic, accurate information is critical for public safety. Report outages or emergency events affecting your utility to the PUC.

                    Report Outages or Emergency Events

                    Stay connected

                    To ensure we can reach our counterpart at your utility company, please be sure to submit accurate contact information for our confidential database using this form:

                    Stay alert and Informed

                    When storms blow through Texas, flooding, power outages, and blocked roadways are commonplace. Further advisories and emergency changes may also come up as during emergency events. Be sure to bookmark the PUC Storm Resource site to monitor critical utility recovery efforts.