(a) The department shall establish an information sharing and analysis organization to provide a forum for state agencies, local governments, public and private institutions of higher education, and the private sector to share information regarding cybersecurity threats, best practices, and remediation strategies.
(b) The department shall provide administrative support to the information sharing and analysis organization.

(c) A participant in the information sharing and analysis organization shall assert any exception available under state or federal law, including § 552.139, in response to a request for public disclosure of information shared through the organization. § 552.007 does not apply to information described by this subsection.
(d) The department shall establish a framework for regional cybersecurity working groups to execute mutual aid agreements that allow state agencies, local governments, regional planning commissions, public and private institutions of higher education, the private sector, and the incident response team established under Subchapter N-2 to assist with responding to a cybersecurity event in this state. A working group may be established within the geographic area of a regional planning commission established under Chapter 391, Local Government Code. The working group may establish a list of available cybersecurity experts and share resources to assist in responding to the cybersecurity event and recovery from the event.