(a) In consultation with the Maryland Cybersecurity Council established under § 9-2901 of the State Government Article, the Board shall establish cybersecurity standards for public safety answering points based on national industry and 9-1-1 system trade association best practices, including standards concerning response protocols in the event of a cybersecurity attack on a public safety answering point.

(b) At least once each year on a date determined by the Board and in advance of submitting a request for or receiving any money from the 9-1-1 Trust Fund, the director of each public safety answering point shall examine the cybersecurity of the public safety answering point to determine whether the cybersecurity defenses employed by the public safety answering point satisfy the standards established by the Board under subsection (a) of this section and submit to the Board a report detailing the results of that exercise.

(c) (1) If a director of a public safety answering point fails to submit a report required under subsection (b) of this section, the Board may not authorize any money from the 9-1-1 Trust Fund to be paid to a county serviced by the public safety answering point until that report has been submitted.

(2) (i) If a public safety answering point fails to meet the cybersecurity standards established by this section during the annual examination required under subsection (b) of this section, the Board shall work with the public safety answering point to develop an aggressive, consensus remediation plan and implementation timeline.

(ii) If a public safety answering point fails to comply with a remediation plan developed under this paragraph, the Board may refuse to authorize money from the 9-1-1 Trust Fund to be paid to a county serviced by the public safety answering point for any new, noncybersecurity purpose.