Governor Greg Abbott today announced a statewide model security plan for Texas state agencies to address vulnerabilities presented by the use of TikTok and other software on personal and state-issued devices. Following the Governor’s directive, the Texas Department of Public Safety and the Texas Department of Information Resources developed this model plan to guide state agencies on managing personal and state-issued devices used to conduct state business. Each state agency will have until February 15, 2023 to implement its own policy to enforce this statewide plan.
“The security risks associated with the use of TikTok on devices used to conduct the important business of our state must not be underestimated or ignored,” said Governor Abbott.
“Owned by a Chinese company that employs Chinese Communist Party members, TikTok harvests significant amounts of data from a user’s device, including details about a user’s internet activity. Other prohibited technologies listed in the statewide model plan also produce a similar threat to the security of Texans. It is critical that state agencies and employees are protected from the vulnerabilities presented by the use of this app and other prohibited technologies as they work on behalf of their fellow Texans.
“I thank the Texas Department of Public Safety and Texas Department of Information Resources for their hard work helping safeguard the state’s sensitive information and critical infrastructure from potential threats posed by hostile foreign actors.”
To protect Texas’ sensitive information and critical infrastructure from potential threats, the model plan outlines the following objectives for each agency:
- Ban and prevent the download or use of TikTok and prohibited technologies on any state-issued device identified in the statewide plan. This includes all state-issued cell phones, laptops, tablets, desktop computers, and other devices of capable of internet connectivity. Each agency’s IT department must strictly enforce this ban.
- Prohibit employees or contractors from conducting state business on prohibited technology-enabled personal devices.
- Identify sensitive locations, meetings, or personnel within an agency that could be exposed to prohibited technology-enabled personal devices. Prohibited technology-enabled personal devices will be denied entry or use in these sensitive areas.
- Implement network-based restrictions to prevent the use of prohibited technologies on agency networks by any device.
- Work with information security professionals to continuously update the list of prohibited technologies.
In December 2022, Governor Abbott directed state agency leaders to immediately ban employees from downloading or using TikTok on any government-issued devices. The Governor also informed Lieutenant Governor Dan Patrick and Speaker Dade Phelan that the Executive Branch is ready to assist in codifying and implementing any necessary cybersecurity reforms passed during the current legislative session, including passing legislation to make permanent the Governor’s directive to state agencies.
Governor Abbott has taken significant action to combat threats to Texas’ cybersecurity, including signing the Lone Star Infrastructure Protection Act in 2021 to fortify certain physical infrastructure against threats that include hostile foreign actors.
View the statewide model security plan here.