IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Texas Law Will Block IT Contracts With Some Foreign Vendors

Starting next month, Texas businesses and government entities will no longer contract with companies from China, Russia, North Korea and Iran as a preventative measure to protect the state's critical infrastructure.

Starting Sept. 1, contracts with foreign-owned companies from China, Russia, North Korea and Iran will be prohibited in Texas as part of a recently signed law that looks to protect the state’s critical infrastructure.

According to the “Lone Star Infrastructure Protection Act,” this includes the state’s cybersecurity systems, communication infrastructure systems, electric grid, hazardous waste treatment system and water treatment facilities.

The new rules would also “ban businesses from entering into contracts with entities associated with countries that could threaten our infrastructure,” Gov. Greg Abbott said during a press conference.

These entities include foreign companies with remote or direct access to the state’s critical infrastructure or companies owned by Chinese, Iranian, North Korean or Russian citizens.

“I am signing a law that protects our critical infrastructure from hostile nations that seek to harm either the United States of America or the state of Texas,” Abbott said. “We will not allow these nations to compromise our infrastructure like the power grid, water treatment plants, communication systems or cyber networks.”

The law would also give the governor the authority to add other countries to the list, so long as he consults with the director of public safety and the state’s Department of Homeland Security.

As for other security measures against potential threats, Amanda Crawford, the state’s chief information officer, said, “The Texas Department of Information Resources takes the security posture of the vendors that we contract with very seriously.”

“Through the state’s contracting process, vendors are vetted and required to provide documentation of security controls,” Crawford said. “For vendors of cloud computing products and services, this process will become even more strenuous after the Texas Risk and Authorization Management Program is implemented at the beginning of next year.”

In terms of the bill, she said, “we will be updating the terms and conditions of our contracts to comply with SB 2116 and appreciate the Legislature’s foresight in passing this legislation that protects our critical infrastructure from hostile nations.”
Katya Diaz is a staff writer for Government Technology. She has a bachelor’s degree in journalism and a master’s degree in global strategic communications from Florida International University.