Maryland ramps up cybersecurity
Maryland Gov. Larry Hogan at a news conference on the state's Covid-19 situation, at the State Capitol on Aug. 5, 2021, in Annapolis, Maryland. Drew Angerer/Getty Images
Connecting state and local government leaders
Gov. Larry Hogan signed three bills to improve cyber coordination and preparedness among state and local agencies.
To minimize future cyberattacks, Maryland Gov. Larry Hogan signed a trio of bills aimed at strengthening the state’s cybersecurity posture on May 12.
The three measures are designed to improve cyber preparedness, boost coordination between state and local governments and formally establish the role of a state chief information security officer (CISO).
The legislation comes after a number of high-profile cyberattacks hit Maryland, including a ransomware attack last December that disrupted the Department of Health’s ability to report and share COVID-19 data during the Omicron variant surge.
“Now, everything is electronic: our drinking water, our transportation, our public safety, our education, our financial systems — this is the government’s responsibility to maintain,” State Sen. Katie Fry Hester said in a report. “We have to make sure that our Marylanders’ day-to-day routines are not disrupted, and I think these three bills in combination with the $570 million in the 2023 budget will get us a long ways toward achieving those goals.”
Thanks to a budget surplus, state lawmakers approved $200 million for cybersecurity and almost $334 million for IT development projects in the legislative session that ended last month, AP said.
Senate Bill 812 expands the regulatory framework for ensuring the cybersecurity of state and local government. It establishes an Office of Security Management within the Department of Information Technology that will be led by the CISO, a governor-appointed position. It requires DoIT to ensure state agency compliance with cybersecurity standards and requires local government entities to report cybersecurity incidents.
House Bill 1205 calls for DoIT to upgrade the state’s IT and cybersecurity-related infrastructure and evaluate data analytics technologies to enable data-driven policymaking by state agencies. It creates a Local Cybersecurity Support Fund to help local governments improve cybersecurity preparedness and apply for federal cybersecurity preparedness grants.
It also requires water and sewer systems to develop a cyber response plan and assess their vulnerabilities to cyberattacks – a vulnerability highlighted by a 2021 attack on a water treatment plant in Oldsmar, Florida.
Senate Bill 754 establishes a cyber preparedness unit within the Maryland Department of Emergency Management and requires the state security operations center to alert agencies to cybersecurity incidents.
“Today we are signing into law bipartisan legislation to continue solidifying our standing as the cyber capital of America, and further strengthen our infrastructure to protect Marylanders against cyberattacks,” Hogan said at the bill signing ceremony.
NEXT STORY: Idaho maps out cybersecurity strategy