Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Cybersecurity Bill Would Set Defense Plan for Local Agencies

A new Maryland bill would ask the state’s Department of Information Technology to develop a baseline plan for localities within the state to help battle cyber attacks.

A new Maryland bill would ask the state’s Department of Information Technology to develop a baseline plan for localities within the state to help battle cyber attacks.

Senate bill 120, introduced by Sen. Susan Lee, D-Montgomery, would give the Maryland Department of Information Technology the expanded responsibility of developing a cybersecurity strategy and helping agencies within the state implement it at their discretion.

Under current law, the Department of Information Technology oversees the defense of state systems, but not that of counties, school districts and other similar entities. Having a sample plan in place could be beneficial in preventing future attacks that disrupted the likes of the city of Baltimore and Salisbury Police Department recently and cost millions in reparations.

The legislation does not mandate significant increases in expenditures by the state or local governments, but rather leaves it up to each entity to potentially implement the plan, according to Lee.

This Maryland bill follows a 2019 North Dakota law that added the same provisions and power to its state Information Technology department.

The main point of this bill is to simply draw up guidance and advice for those around the state to be able to help prepare themselves brace for potential attacks, Lee told Capital News Service.

During a Senate Education, Health, and Environmental Affairs Committee hearing on Jan. 14, Lee compared this plan to having a fire extinguisher for protection and to prevent a possibly worse situation.

“Today we have to prepare for and respond to digital fires … upfront rather than scrambling on the back end,” Lee said during the hearing.

Senate committee members responded favorably toward the bill, but looked to generate tighter language to define the tasks this bill sets forward.

Delegate Ned Carey, D-Anne Arundel, has cross-filed this bill in the House — along with three co-sponsors — and said he believes it should receive bipartisan support due to the well-known threat that professional hackers pose.

“The bill is intended to help,” Carey said. “We’re going to work hard to make sure this bill succeeds.”

Carey’s legislation, House bill 235, was heard by the Health and Government Operations Committee on Tuesday afternoon.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.