(a) The commission shall establish a program to monitor cybersecurity efforts among utilities in this state. The program shall:
(1) provide guidance on best practices in cybersecurity and facilitate the sharing of cybersecurity information between utilities; and
(2) provide guidance on best practices for cybersecurity controls for supply chain risk management of cybersecurity systems used by utilities, which may include, as applicable, best practices related to:
(A) software integrity and authenticity;
(B) vendor risk management and procurement controls, including notification by vendors of incidents related to the vendor’s products and services; and
(C) vendor remote access.
(b) The commission may collaborate with the state cybersecurity coordinator and the cybersecurity council established under Chapter 2054, Government Code, in implementing the program.