Maryland Code, PUBLIC SAFETY 14-104.1
Terms Used In Maryland Code, PUBLIC SAFETY 14-104.1
- Administrator: includes an executor and a personal representative. See
- Appropriation: The provision of funds, through an annual appropriations act or a permanent law, for federal agencies to make payments out of the Treasury for specified purposes. The formal federal spending process consists of two sequential steps: authorization
- Fiscal year: The fiscal year is the accounting period for the government. For the federal government, this begins on October 1 and ends on September 30. The fiscal year is designated by the calendar year in which it ends; for example, fiscal year 2006 begins on October 1, 2005 and ends on September 30, 2006.
- including: means includes or including by way of illustration and not by way of limitation. See
- state: means :
(1) a state, possession, territory, or commonwealth of the United States; or
(2) the District of Columbia. See
(2) “Local government” includes local school systems, local school boards, and local health departments.
(3) “Unit” means the Cyber Preparedness Unit.
(b) (1) There is a Cyber Preparedness Unit in the Department.
(2) In coordination with the State Chief Information Security Officer, the Unit shall:
(i) support local governments in developing a vulnerability assessment and cyber assessment, including providing local governments with the resources and information on best practices to complete the assessments;
(ii) develop and regularly update an online database of cybersecurity training resources for local government personnel, including technical training resources, cybersecurity continuity of operations templates, consequence management plans, and trainings on malware and ransomware detection;
(iii) assist local governments in:
1. the development of cybersecurity preparedness and response plans;
2. implementing best practices and guidance developed by the State Chief Information Security Officer; and
3. identifying and acquiring resources to complete appropriate cybersecurity vulnerability assessments;
(iv) connect local governments to appropriate resources for any other purpose related to cybersecurity preparedness and response;
(v) as necessary and in coordination with the National Guard, local emergency managers, and other State and local entities, conduct regional cybersecurity preparedness exercises; and
(vi) establish regional assistance groups to deliver and coordinate support services to local governments, agencies, or regions.
(3) The Unit shall support the Office of Security Management in the Department of Information Technology during emergency response efforts.
(c) (1) Each local government shall report a cybersecurity incident, including an attack on a State system being used by the local government, to the appropriate local emergency manager and the State Security Operations Center in the Department of Information Technology and to the Maryland Joint Operations Center in the Department in accordance with paragraph (2) of this subsection.
(2) For the reporting of cybersecurity incidents under paragraph (1) of this subsection, the State Chief Information Security Officer shall determine:
(i) the criteria for determining when an incident must be reported;
(ii) the manner in which to report; and
(iii) the time period within which a report must be made.
(3) The State Security Operations Center shall immediately notify appropriate agencies of a cybersecurity incident reported under this subsection through the State Security Operations Center.
(d) (1) Five Position Identification Numbers (PINs) shall be created for the purpose of hiring staff to conduct the duties of the Maryland Department of Emergency Management Cybersecurity Preparedness Unit.
(2) For fiscal year 2024 and each fiscal year thereafter, the Governor shall include in the annual budget bill an appropriation of at least:
(i) $220,335 for 3 PINs for Administrator III positions; and
(ii) $137,643 for 2 PINs for Administrator II positions.