Foreign Threats, Executive Orders, and Training Resources

Protecting Texans, Securing State Government, and Hardening Critical Infrastructure

Texas faces a broad and increasing threat from hostile foreign adversaries seeking to undermine and harm US national security. Hostile foreign adversaries’ goals are to steal protected information and intellectual property, compromise our capabilities and infrastructure, and influence public policy at all levels. They target dissidents, government agencies and employees, private industry, infrastructure owners and assets, economic interests, and others. The penetration of our critical infrastructure systems, for example, such as electrical or water treatment, through cyber intrusion and breaching poses a significant and potentially deadly impact to public safety. Expanding and enhancing the state’s ability to identify, analyze, and counter these threats increases the security of the state and will provide key stakeholders the intelligence and information necessary to continually evolve their security posture to meet future threats and address vulnerabilities.

Thus, in November 2024, in order to address these concerns, Governor Abbott issued Executive Order GA-47, relating to the prevention of harassment or coercion of Texans by foreign adversaries, and Executive Order GA-48, relating to the hardening of state government.

TRAINING

Texas DPS sourced the following trainings and resources for governmental and nongovernmental organizations to identify and report instances of foreign adversaries targeting Texas.

Transnational Repression: Inside the FBI Podcast: Transnational Repression

Counterintelligence: Counterintelligence Awareness and Security Brief

Insider Threat: Insider Threat Awareness

Operational Security: OPSEC Awareness for Military Members, DOD Employees and Contractors

Cyber Security: Cybersecurity Awareness

ADDITIONAL RESOURCES

Texas DPS partners at the National Counterintelligence and Security Center (NCSC), Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and the Defense Counterintelligence and Security Agency (DCSA) provided the following counterintelligence, operational security, insider threat, and cyber security training and resources for additional situational awareness.

Technical Surveillance Awareness for Insiders

Threat Intimidation Guide

Cyber Explore – Fundamentals of Cyber

Cyber Exploits – Understand the Threat

Counterintelligence Foreign Travel Briefing

Insider Threat Mitigation Guide

INSIDER THREAT INDICATORS

• Criminal History
• Misuse of Sensitive or Classified Information
• Alcohol/Drug Abuse
• Uncontrollable Gambling
• Efforts to Expand Job Access
• Unexplained Affluence
• Unauthorized Use of a Removable Device
• Concealing Reportable Foreign Travel and/or Foreign Contacts
• Expressed Loyalty to a Foreign Country
• Repeated Security Violations
• Excessive Personal Life Stress
• Questionable Downloads

REPORT SUSPICIOUS ACTIVITY

At the direction of Governor Greg Abbott, Texas DPS added a feature to the iWatch Texas Community Reporting System, enabling individuals to specify their concern is related to foreign influence. Governor Abbott stated, the foreign influence feature enables Texas DPS to quickly address threats from foreign adversaries, “who wish to undermine the public safety and national security of Texas.”

Foreign adversaries seek to affect the popular or political attitudes, perceptions, or behaviors of Texans, and use foreign government officials, non-state actors, criminal organizations, and/or proxies to sow division, undermine democratic and legal processes, and steer policy or regulations in favor of a foreign adversary’s strategic objectives. Foreign influence may include assassination, assault, physical surveillance, harassment, abduction, familial intimidation, digital threats, passport revocation, consular services denial, unlawful detention and deportation, forced rendition and repatriation, INTERPOL abuses, and/or coercion.

Anyone who experiences, observes, or has knowledge of such activities in Texas stemming from a foreign government, or carried out by individuals acting at the direction of a foreign government, are encouraged report such activities on the iWatch Texas mobile application or by calling 844-643-2251. All iWatchTexas reports indicating possible foreign influence will automatically be routed to DPS for further vetting.

The iWatchTexas Community Reporting System is a critical resource for the public to report any suspicious activities or behaviors in their schools and communities that may indicate criminal activity, terroristic and school safety-related threat, or foreign intelligence activity. All reports are confidential, take less than five minutes to report, and are all reviewed by law enforcement analysts.

NOTE: The iWatchTexas program is not designed to report emergencies. If a situation requires an emergency response, call 911.

AGENCY GUIDANCE FOR GA-48 #5 COMPLIANCE

In accordance with Governor Abbott’s Executive Order GA-48, section 5, which requires DPS to contract with a vendor to facilitate reviews of certain employees, DPS has shared the below information with entities subject to this order.

All employees, or similarly situated state contractors, that research, work on, or have access to critical infrastructure (as defined in Section 117.001(2), Business and Commerce Code) must be routinely reviewed to determine whether things such as criminal history or continuous connections to the government or political apparatus of a foreign adversary might prevent the applicant, employee, or contractor from being able to maintain the security or integrity of the infrastructure.

If the applicant, employee, or contractor work on the following types of critical infrastructure and their research, work, or access would allow them to compromise the security or integrity of the infrastructure, they fall subject to these reviews. The infrastructure systems identified in Section 117.001(2), Business and Commerce Code, are as follows:

• Communication infrastructure system
• Cybersecurity system – defined as measures taken to protect a computer, computer network, computer system, or other technology infrastructure against unauthorized use or access.
• Electric grid
• Hazardous waste treatment system
• Water treatment facility Entities who are subject to this order may either use the vendor procured by DPS or procure these services independently after consulting with DPS.

If an agency wishes to directly procure these services, in order to meet the consultation requirement of this order, please submit a letter that a) identifies the vendor, process, or service in use by your agency to comply with this order and b) explains how the vendor, process or service addresses the requirements of this order. DPS will review the information submitted and determine if the services meet the requirements outlined in Executive Order GA-48.

If your agency instead wishes to make use of the vendor procured by DPS, please follow the below process:

• An Interagency Cooperation Contract (IAC) has been established outlining the statement of services and other applicable terms and conditions.   The IAC can be found here.  Please read the instructions provided to fill out the form accurately.  The IAC contains boilerplate language that is applicable to most entities.  Any changes to the IAC template will require an addendum and coordination with DPS’ Office of General Counsel and Procurement and Contract Services team.
• Once the IAC has been signed by both parties, agencies may submit a request for review to statesecurityreviews@dps.texas.gov.  Each request must be submitted using the supplied template and include the necessary information on the employee or business.
• Sensitive data should be sent password protected via encrypted email or via a Secure File Transfer Protocol (SFTP) site.  If you would like to transmit your personnel data via SFTP, please contact statesecurityreviews@dps.texas.gov.
• For each request, DPS will utilize the submitted information and query the names/entities. The results will be provided to the agency point of contact. DPS may also perform additional review on the employees. DPS recommends that personnel who are subject to this order undergo these routine reviews at least every 5 years.

In addition, the Governor’s Office has created a standardized process for agencies to certify their compliance with Governor Abbott’s Executive Order GA-48. In accordance with the EO, agencies must certify compliance by August 1, 2025. Executive Directors, or their designee, from any agency controlled by gubernatorial appointees must certify compliance. Any questions related to this should be directed to the Office of the Governor’s assigned budget and policy advisor.