Gov. Greg Abbott announced Monday that there’s a “statewide model security plan” for Texas state agencies to “address vulnerabilities presented by the use of TikTok and other software on personal and state-issued devices.”
The announced plan is a follow-up to the announcement in December that banned social media platform on government-owned devices. Read the governor’s directive here.
RELATED: Texas Gov. Greg Abbott bans TikTok on government-owned devices, citing concern about potential Chinese threat
The governor’s office said the Texas Department of Public Safety and the Texas Department of Information Resources developed this model plan to guide state agencies on managing personal and state-issued devices used to conduct state business. The news release on Monday said each state agency will have until Feb. 15, 2023, to implement its own policy to enforce this statewide plan.
“The security risks associated with the use of TikTok on devices used to conduct the important business of our state must not be underestimated or ignored,” Abbott is quoted as saying. “Owned by a Chinese company that employs Chinese Communist Party members, TikTok harvests significant amounts of data from a user’s device, including details about a user’s internet activity. Other prohibited technologies listed in the statewide model plan also produce a similar threat to the security of Texans. It is critical that state agencies and employees are protected from the vulnerabilities presented by the use of this app and other prohibited technologies as they work on behalf of their fellow Texans. I thank the Texas Department of Public Safety and Texas Department of Information Resources for their hard work helping safeguard the state’s sensitive information and critical infrastructure from potential threats posed by hostile foreign actors.”
The model plan outlines the following objectives for each agency:
- Ban and prevent the download or use of TikTok and prohibited technologies on any state-issued device identified in the statewide plan. This includes all state-issued cell phones, laptops, tablets, desktop computers, and other devices of capable of internet connectivity. Each agency’s IT department must strictly enforce this ban, the governor’s office said.
- Prohibit employees or contractors from conducting state business on prohibited technology-enabled personal devices.
- Identify sensitive locations, meetings, or personnel within an agency that could be exposed to prohibited technology-enabled personal devices. Prohibited technology-enabled personal devices will be denied entry or use in these sensitive areas.
- Implement network-based restrictions to prevent the use of prohibited technologies on agency networks by any device.
- Work with information security professionals to continuously update the list of prohibited technologies.
View the statewide model security plan here.