Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Management & Strategy

Maryland Governor Signs Bills to Strengthen Cybersecurity

Gov. Larry Hogan signed measures to strengthen cybersecurity in state and local governments in Maryland on Thursday, after lawmakers approved legislation and big investments earlier this year to protect vital systems against cyberattacks.

Gov. Larry Hogan signed measures to strengthen cybersecurity in state and local governments in Maryland on Thursday, after lawmakers approved legislation and big investments earlier this year to protect vital systems against cyberattacks.

One of the measures aims to help local governments, school systems and health departments work with more resources and assistance from the Maryland Emergency Management Agency to improve cybersecurity. The agency will support local governments in developing vulnerability assessments and response plans.

“Today we are signing into law bipartisan legislation to continue solidifying our standing as the cyber capital of America, and further strengthen our infrastructure to protect Marylanders against cyberattacks,” the Republican governor said in reference to the number of cybersecurity companies in the state, as well as cyber-related federal agencies and military installations.

In a year with a huge budget surplus, Maryland lawmakers approved roughly $570 million for cybersecurity and information technology upgrades in the legislative session that ended last month. That includes about $200 million for cybersecurity and nearly $334 million for information technology development projects.

State Sen. Katie Fry Hester, a Democrat who was the lead Senate sponsor of cybersecurity legislation, said it’s vital to protect the state’s basic public infrastructure.

“Now, everything is electronic: our drinking water, our transportation, our public safety, our education, our financial systems — this is the government’s responsibility to maintain,” she said. “We have to make sure that our Marylanders’ day-to-day routines are not disrupted, and I think these three bills in combination with the $570 million in the 2023 budget will get us a long ways toward achieving those goals.”

Hogan also signed a bill to create reporting requirements for state agencies and local governments, including reporting of cybersecurity incidents. Agencies will be required to complete a cybersecurity assessment and to remediate findings. Local government entities will have to consult with the local emergency manager to create or update a cybersecurity preparedness and response plan.

Advertisement. Scroll to continue reading.

Another measure expands cybersecurity requirements for state agencies and water and sewer systems. It requires public or private water or sewer systems that serve 10,000 or more users and receive financial assistance from the state to assess their vulnerability to a cyber attack.

Last year, a hacker gained entry to the system controlling the water treatment plant of a Florida city of 15,000 and tried to taint the water supply with a caustic chemical. Cybersecurity experts said the incident exposed a danger that has grown as systems become both more computerized and accessible via the internet.

A provision in the bill also requires that at least 20% of the amount spent on information technology in fiscal year 2023 to be spent in the following fiscal year.

State and local governments are ripe targets for hackers, even as President Joe Biden’s administration has announced additional steps to safeguard federal government systems from hacking. Cities also have come under cyberattack.

Baltimore County was one of about 50 school systems across the nation attacked with ransomware in 2020, costing the county millions of dollars. In December, Maryland’s health department was hit by a ransomware attack that impeded information about health metrics relating to COVID-19.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.