LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 1 –
Chapter 243
(House Bill 1205)
AN ACT concerning
State Government – Information Technology and Cybersecurity –Related
Infrastructure
(Modernize Maryland Act of 2022)
FOR the purpose of requiring a certain water or sewer system to, on or before a certain date,
assess its vulnerability to a cyber attack, develop a cybersecurity plan if appropriate,
and submit a certain report to the General Assembly; authorizing the Maryland Water
Quality Financing Administration to provide financial assistance to a public water
or wastewater system to assess system cybersecurity vulnerabilities and develop a
cybersecurity plan; authorizing the Maryland Stadium Authority to issue bonds and,
in consultation with the Department of Information Technology, finance projects
related to information technology and cybersecurity–related State government
infrastructure; establishing an Information Technology and Cybersecurity
Infrastructure establishing the Local Cybersecurity Support Fund as a special,
nonlapsing fund; requiring interest earnings of the Fund to be credited to the Fund;
establishing certain eligibility requirements to receive assistance from the Fund;
altering the duties of the Secretary of Information Technology; establishing a
Statewide Reporting Framework and an independent Modernize Maryland
Oversight Commission in the Department of Information Technology; requiring the
Department to hire an independent contractor contractors to develop a framework
for investments in technology and annually periodically assess the cybersecurity and
information technology systems in each unit certain units of State government;
specifying the use of proceeds from certain bonds; exempting certain procurements
by the Department of General Services from oversight by the Board of Public Works;
establishing that the Department is a primary procurement unit and authorizing the
Department to engage in or control certain procurements; authorizing a certain
independent contractor to issue a certain change order applying certain change order
requirements to State procurement contracts for certain equipment, services, and
upgrades; authorizing funds to be transferred by budget amendment from the
Dedicated Purpose Account in a certain fiscal year to implement this Act; and
generally relating to the development, financing, and procurement of information
technology and cybersecurity–related State government infrastructure projects.
BY repealing and reenacting, with amendments,
Article – Environment
Section 9–1604(c)
Annotated Code of Maryland
(2014 Replacement Volume and 2021 Supplement)
BY adding to
Article – Public Safety Ch. 243 2022 LAWS OF MARYLAND
– 2 –
Section 14–104.1
Annotated Code of Maryland
(2018 Replacement Volume and 2021 Supplement)
BY repealing and reenacting, with amendments,
Article – Economic Development
Section 10–628(a)
Annotated Code of Maryland
(2018 Replacement Volume and 2021 Supplement)
BY adding to
Article – Economic Development
Section 10–628(d), 10–650.1, and 10–657.5
Annotated Code of Maryland
(2018 Replacement Volume and 2021 Supplement)
BY repealing and reenacting, with amendments,
Article – State Finance and Procurement
Section 3A–101, 3A–303(a)(7) and (8), 6–226(a)(2)(ii)144. and 145., 11–101(m),
12–101, 12–107(b)(2)(i)9. through 11. 12–107(b)(2)(i)8., (3)(vi), and (4)(v), and
12–107(b)(3)(vi) and (4)(v), and 15–112(a)(1)(i)
Annotated Code of Maryland
(2021 Replacement Volume)
BY adding to
Article – State Finance and Procurement
Section 3A–303(a)(9) and (10), 3A–315 through 3A–317, 3A–316, 6–226(a)(2)(ii)146.,
12–107(b)(5), and and 12–107(b)(5) 15–112(b)(4)
Annotated Code of Maryland
(2021 Replacement Volume)
BY repealing and reenacting, without amendments,
Article – State Finance and Procurement
Section 6–226(a)(2)(i), 11–101(a), and 15–112(b)(3) 11–101(a), and 12–107(b)(2)(i)9.
Annotated Code of Maryland
(2021 Replacement Volume)
BY repealing
Article – State Finance and Procurement
Section 12–107(b)(2)(i)10. and 11.
Annotated Code of Maryland
(2021 Replacement Volume)
SECTION 1. BE IT ENACTED BY THE GENERAL ASSEMBLY OF MARYLAND,
That the Laws of Maryland read as follows:
LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 3 –
Article – Environment
9–1604.
(c) (1) This subsection applies to financial assistance provided by the
Administration under:
(i) The Water Quality Fund;
(ii) The Bay Restoration Fund;
(iii) The Biological Nutrient Removal Program; and
(iv) The Supplemental Assistance Program.
(2) The Administration shall ensure the fair and equitable distribution of
financial assistance among wastewater treatment facilities with a design capacity of less
than 500,000 gallons per day and wastewater treatment facilities with a design capacity of
500,000 gallons or more per day.
(3) A PUBLIC OR PRIVATE WA TER OR SEWER SYSTEM THAT SERVES
10,000 OR MORE USERS AND RE CEIVES FINANCIAL ASS ISTANCE FROM THE STATE
SHALL:
(I) ASSESS ITS VULNERABIL ITY TO A CYBER ATTAC K; AND
(II) IF APPROPRIATE , DEVELOP A CYBERSECUR ITY PLAN.
(4) THE ADMINISTRATION MAY PR OVIDE FINANCIAL ASSI STANCE TO
A PUBLIC WATER OR WA STEWATER SYSTEM TO A SSESS SYSTEM CYBERSE CURITY
VULNERABILITIES AND DEVELOP A CYBERSECUR ITY PLAN.
Article – Public Safety
14–104.1.
(A) (1) IN THIS SECTION THE F OLLOWING WORDS HAVE THE MEANINGS
INDICATED.
(2) “FUND” MEANS THE LOCAL CYBERSECURITY SUPPORT FUND.
(3) “LOCAL GOVERNMENT ” INCLUDES LOCAL SCHOO L SYSTEMS,
LOCAL SCHOOL BOARDS , AND LOCAL HEALTH DEP ARTMENTS.
(B) (1) THERE IS A LOCAL CYBERSECURITY SUPPORT FUND. Ch. 243 2022 LAWS OF MARYLAND
– 4 –
(2) THE PURPOSE OF THE FUND IS TO:
(I) PROVIDE FINANCIAL AS SISTANCE TO LOCAL GO VERNMENTS
TO IMPROVE CYBERSECU RITY PREPAREDNESS , INCLUDING:
1. UPDATING CURRENT DEV ICES AND NETWORKS WI TH
THE MOST UP–TO–DATE CYBERSE CURITY PROTECTIONS ;
2. SUPPORTING THE PURCH ASE OF NEW HARDWARE ,
SOFTWARE, DEVICES, AND FIREWALLS TO IMP ROVE CYBERSECURITY
PREPAREDNESS ;
3. RECRUITING AND HIRIN G INFORMATION
TECHNOLOGY STAFF FOC USED ON CYBERSECURIT Y;
4. PAYING OUTSIDE VENDORS FOR CYBERSEC URITY
STAFF TRAINING ;
5. CONDUCTING CYBERSECU RITY VULNERABILITY
ASSESSMENTS ;
6. ADDRESSING HIGH –RISK CYBERSECURITY
VULNERABILITIES IDEN TIFIED BY VULNERABIL ITY ASSESSMENTS ;
7. IMPLEMENTING AND MAI NTAINING INTEGRATORS
AND OTHER SIMILAR INTELL IGENCE SHARING INFRA STRUCTURE THAT ENABL E
CONNECTION WITH THE INFORMATION SHARING AND ANALYSIS CENTER IN THE
DEPARTMENT OF INFORMATION TECHNOLOGY ; AND
8. SUPPORTING THE SECUR ITY OF LOCAL WASTEWA TER
TREATMENT PLANTS , INCLUDING BICOUNTY, COUNTY, AND MUNICIPAL PLANTS , BY
ACQUIRING OR IMPLEME NTING CYBERSECURITY –RELATED UPGRADES TO THE
PLANTS; AND
(II) ASSIST LOCAL GOVERNM ENTS APPLYING FOR FE DERAL
CYBERSECURITY PREPAR EDNESS GRANTS .
(3) THE SECRETARY SHALL ADMIN ISTER THE FUND.
(4) (I) THE FUND IS A SPECIAL, NONLAPSING FUND THAT IS NOT
SUBJECT TO § 7–302 OF THE STATE FINANCE AND PROCUREMENT ARTICLE.
LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 5 –
(II) THE STATE TREASURER SHALL HOLD THE FUND
SEPARATELY, AND THE COMPTROLLER SHALL ACC OUNT FOR THE FUND.
(5) THE FUND CONSISTS OF:
(I) MONEY APPROPRIATED I N THE STATE BUDGET TO THE
FUND;
(II) INTEREST EARNINGS ; AND
(III) ANY OTHER MONEY FROM ANY OTHER SOURCE ACC EPTED
FOR THE BENEFIT OF T HE FUND.
(6) THE FUND MAY BE USED ONLY :
(I) TO PROVIDE FINANCIAL ASSISTANCE TO LOCAL
GOVERNMENTS TO IMPRO VE CYBERSECURITY PRE PAREDNESS, INCLUDING:
1. UPDATING CURRENT DEV ICES AND NETWORKS WI TH
THE MOST UP–TO–DATE CYBERSECURITY P ROTECTIONS;
2. SUPPORTING THE PURCH ASE OF NEW HARDWARE ,
SOFTWARE, DEVICES, AND FIREWALLS TO IMP ROVE CYBERSECURITY
PREPAREDNESS ;
3. RECRUITING AND HIRIN G INFORMATION
TECHNOLOGY STAFF FOC USED ON CYBERSECURIT Y;
4. PAYING OUTSIDE VENDO RS FOR CYBERSECURITY
STAFF TRAINING ;
5. CONDUCTING CYBERSECU RITY VULNERABILITY
ASSESSMENTS ;
6. ADDRESSING HIGH –RISK CYBERSECURITY
VULNERABILITIES IDEN TIFIED BY VULNERABIL ITY ASSESSMENTS ;
7. IMPLEMENTING OR MAIN TAINING INTEGRATORS AND
OTHER SIMILAR INTELL IGENCE SHARING INFRA STRUCTURE THAT ENABL E
CONNECTION WITH THE INFORMATION SHARING AND ANALYSIS CENTER IN THE
DEPARTMENT OF INFORMATION TECHNOLOGY ; AND
8. SUPPORTING THE SECUR ITY OF LOCAL WASTEWA TER
TREATMENT PLANTS , INCLUDING BICOUNTY , COUNTY, AND MUNICIPAL PLANTS , BY Ch. 243 2022 LAWS OF MARYLAND
– 6 –
ACQUIRING OR IMPLEME NTING CYBERSECURITY –RELATED UPGRADES TO THE
PLANTS;
(II) TO ASSIST LOCAL GOVE RNMENTS APPLYING FOR FEDERAL
CYBERSECURITY PREPAR EDNESS GRANTS ; AND
(III) FOR ADMINISTRATIVE E XPENSES ASSOCIATED W ITH
PROVIDING THE ASSIST ANCE DESCRIBED UNDER ITEM (I) OF THIS PARAGRAPH.
(7) (I) THE STATE TREASURER SHALL INVES T THE MONEY OF THE
FUND IN THE SAME MANN ER AS OTHER STATE MONEY MAY BE IN VESTED.
(II) ANY INTEREST EARNINGS OF THE FUND SHALL BE
CREDITED TO THE FUND.
(8) EXPENDITURES FROM THE FUND MAY BE MADE ON LY IN
ACCORDANCE WITH THE STATE BUDGET.
(C) TO BE ELIGIBLE TO REC EIVE ASSISTANCE FROM THE FUND, A LOCAL
GOVERNMENT SHALL :
(1) PROVIDE PROOF TO THE DEPARTMENT OF INFORMATION
TECHNOLOGY THAT THE L OCAL GOVERNMENT COND UCTED A CYBERSECURIT Y
PREPAREDNESS AS SESSMENT IN THE PREV IOUS 12 MONTHS; OR
(2) WITHIN 12 MONTHS UNDERGO A CYB ERSECURITY PREPAREDN ESS
ASSESSMENT PROVIDED BY, IN ACCORDANCE WITH T HE PREFERENCE OF THE LOCAL
GOVERNMENT :
(I) THE DEPARTMENT OF INFORMATION TECHNOLOGY AT A
COST TO THE LOCAL GOVERNMENT THAT DOES NOT EXCEED THE COST TO THE
DEPARTMENT OF INFORMATION TECHNOLOGY OF PROVIDI NG THE ASSESSMENT ; OR
(II) A VENDOR AUTHORIZED BY THE DEPARTMENT OF
INFORMATION TECHNOLOGY TO COMPLET E CYBERSECURITY PREP AREDNESS
ASSESSMENTS .
Article – Economic Development
10–628.
(a) Except as provided in subsections (b) [and], (c), AND (D) of this section and
subject to the prior approval of the Board of Public Works, the Authority may issue bonds LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 7 –
at any time for any corporate purpose of the Authority, including the establishment of
reserves and the payment of interest.
(D) UNLESS AUTHORIZED BY THE GENERAL ASSEMBLY, THE BOARD OF
PUBLIC WORKS MAY NOT APPROVE AN ISSUANCE BY THE AUTHORITY OF BONDS ,
WHETHER TAXABLE OR T AX EXEMPT, THAT CONSTITUTE TAX SUPPORTED DEBT OR
NONTAX SUPPORTED DEB T IF, AFTER ISSUANCE , THERE WOULD BE OUTST ANDING
AND UNPAID $1,500,000,000 FACE AMOUNTS OF THE BONDS FOR THE PURPOS E OF
FINANCING RESEARCH I NTO, ACQUISITION OF , INSTALLATION OF , MAINTENANCE
OF, AND RELATED EXPENSES FOR UPGRADES TO INFORMAT ION TECHNOLOGY AND
CYBERSECURITY –RELATED STATE GOVERNMENT INFR ASTRUCTURE .
10–650.1.
(A) THE AUTHORITY AND THE DEPARTMENT OF INFORMATION
TECHNOLOGY SHALL COMP LY WITH THIS SECTION TO FINANCE PROJECTS TO
RESEARCH, ACQUIRE, INSTALL, MAINTAIN, AND UPGRADE INFORMAT ION
TECHNOLOGY AND CYBER SECURITY–RELATED STATE GOVERNMENT
INFRASTRUCTURE .
(B) THE AUTHORITY SHALL TRANS FER TO THE DEPARTMENT OF
INFORMATION TECHNOLOGY THE PROCEE DS OF BONDS ISSUED U NDER THIS
SUBTITLE FOR FINANCI NG INFORMATION TECHNOLOGY AND
CYBERSECURITY –RELATED STATE GOVERNMENT INFR ASTRUCTURE PROJECTS .
(C) AT LEAST 90 DAYS BEFORE PROVIDIN G THE WRITTEN NOTICE TO THE
FISCAL COMMITTEES OF THE GENERAL ASSEMBLY REQUIRED UND ER SUBSECTION
(D) OF THIS SECTION, THE AUTHORITY SHALL CONSULT WITH THE DEPARTMENT OF
INFORMATION TECHNOLOGY TO DETERMI NE THE AMOUNT OF FUN DS NEEDED FOR
INFORMATION TECHNOLO GY AND CYBERSECURITY –RELATED STATE GOVERNMENT
INFRASTRUCTURE PROJE CTS TO BE FINANCED W ITH THE PROPOSED BON DS.
(D) AT LEAST 45 DAYS BEFOR E SEEKING APPROVAL O F THE BOARD OF
PUBLIC WORKS FOR EACH BOND I SSUE RELATED TO INFO RMATION TECHNOLOGY
AND CYBERSECURITY –RELATED STATE GOVERNMENT INFR ASTRUCTURE , THE
AUTHORITY SHALL PROVI DE TO THE FISCAL COM MITTEES OF THE GENERAL
ASSEMBLY, IN ACCORDANCE WIT H § 2–1257 OF THE STATE GOVERNMENT ARTICLE,
WRITTEN NOTICE OF :
(1) THE AGGREGATE AMOUNT OF FUNDS NEEDED FOR INFORMATION
TECHNOLOGY AND CYBER SECURITY–RELATED STATE GOVERNMENT
INFRASTRUCTURE PROJE CTS TO BE FINANCED W ITH THE PROPOSED BON DS;
Ch. 243 2022 LAWS OF MARYLAND
– 8 –
(2) THE ANTICIPATED TOTAL DEBT S ERVICE FOR THE PROPO SED
BOND ISSUE; AND
(3) THE ANTICIPATED TOTA L DEBT SERVICE WHEN COMBINED WITH
THE DEBT SERVICE FOR ALL PRIOR OUTSTANDIN G BOND ISSUES FOR IN FORMATION
TECHNOLOGY AND CYBER SECURITY–RELATED STATE GOVERNMENT
INFRASTRUCTURE PROJE CTS.
(E) BEFORE EACH ISSUANCE OF BONDS TO FINANCE INFORMATION
TECHNOLOGY AND CYBER SECURITY–RELATED STATE GOVERNMENT
INFRASTRUCTURE PROJE CTS, THE AUTHORITY SHALL OBTAI N THE APPROVAL OF
THE BOARD OF PUBLIC WORKS OF THE AGGREGAT E AMOUNT OF THE PROPOSED
BOND ISSUE.
(F) FOR FISCAL YEAR 2024 AND EACH FISCAL YEAR THEREAFTER , UNTIL
THE BONDS THAT HAVE BEEN ISSUED TO FINAN CE INFORMATION TECHN OLOGY AND
CYBERSECURITY –RELATED STATE GOVERNMENT INFR ASTRUCTURE PROJECTS ARE
NO LONGER OUTSTANDIN G AND UNPAID, THE GOVERNOR SHALL INCLUD E IN THE
ANNUAL BUDGET BILL A N APPROPRIATION TO T HE INFORMATION TECHNOLOGY
AND CYBERSECURITY INFRASTRUCTURE FUND IN AN AMOUNT SUF FICIENT TO
COVER THE PROJECTED DEBT SERVICE REQUIRE MENTS FOR THE UPCOMI NG FISCAL
YEAR.
10–657.5.
(A) IN THIS SECTION , “FUND” MEANS THE INFORMATION TECHNOLOGY
AND CYBERSECURITY INFRASTRUCTURE FUND.
(B) THERE IS AN INFORMATION TECHNOLOGY AND CYBERSECURITY
INFRASTRUCTURE FUND.
(C) (1) THE FUND IS A SPECIAL , NONLAPSING FUND THAT IS NOT
SUBJECT TO § 7–302 OF THE STATE FINANCE AND PROCUREMENT ARTICLE AND
THAT SHALL BE AVAILA BLE IN PERPETUITY TO IMPLEMENT THIS SUBTI TLE
RELATED TO UPGRADES TO INFORMATION TECHN OLOGY AND
CYBERSECURITY –RELATED STATE GOVERNMENT INFR ASTRUCTURE .
(2) THE AUTHORITY SHALL:
(I) USE THE FUND AS A REVOLVING F UND FOR CARRYING OUT
THE PROVISIONS OF TH IS SUBTITLE RELATED TO UPGRADES TO INFOR MATION
TECHNOLOGY AND CYBER SECURITY–RELATED STATE GOVERNMENT
INFRASTRUCTURE ; AND LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 9 –
(II) PAY ANY AND ALL EXPE NSES FROM THE FUND THAT ARE
INCURRED BY THE AUTHORITY OR THE DEPARTMENT OF INFORMATION
TECHNOLOGY RELATED TO UPGRADES TO INFORMAT ION TECHNOLOGY AND
CYBERSECURITY –RELATED STATE GOVERNMENT INFR ASTRUCTURE .
(D) THE FUND CONSISTS OF :
(1) FUNDS APPROPRIATED F OR DEPOSIT TO THE FUND;
(2) PROCEEDS FROM THE SA LE OF BONDS RELATED TO UPGRADES TO
INFORMATION TECHNOLO GY AND CYBERSECURITY –RELATED STATE GOVERNMENT
INFRASTRUCTURE PROJE CTS;
(3) REVENUES COLLECTED O R RECEIVED FROM ANY SOURCE UNDER
THIS SUBTITLE RELATE D TO UPGRADES TO INFORMATION TECHNOLO GY AND
CYBERSECURITY –RELATED STATE GOVERNMENT INFR ASTRUCTURE PROJECTS ;
(4) INTEREST EARNINGS ; AND
(5) ANY ADDITIONAL MONEY MADE AVAILABLE FROM ANY PUBLIC OR
PRIVATE SOURCE FOR T HE PURPOSES ESTABLIS HED FOR THE FUND.
(E) (1) THE STATE TREASURER SHALL INVES T THE MONEY OF THE FUND
IN THE SAME MANNER A S OTHER STATE FUNDS.
(2) ANY INVESTMENT EARNIN GS SHALL BE CREDITED TO THE FUND.
(3) NO PART OF THE FUND MAY REVERT OR BE CREDITED TO THE
GENERAL FUND OF THE STATE OR ANY SPECIAL FUND OF THE STATE.
Article – State Finance and Procurement
3A–101.
(a) In this title the following words have the meanings indicated.
(b) “CLOUD COMPUTING SERVICE” MEANS A SERVICE THAT ENABLES
ON–DEMAND SELF –SERVICE NETWORK ACCE SS TO A SHARED POOL OF
CONFIGURABLE COMPUTE R RESOURCES , INCLUDING DATA STORA GE, ANALYTICS,
COMMERCE , STREAMING, E–MAIL, DOCUMENT SHARING , AND DOCUMENT EDITING .
(C) “Department” means the Department of Information Technology.
Ch. 243 2022 LAWS OF MARYLAND
– 10 –
[(c)] (D) “Secretary” means the Secretary of Information Technology.
[(d)] (E) “Telecommunication” means the transmission of information, images,
pictures, voice, or data by radio, video, or other electronic or impulse means.
[(e)] (F) “Unit of State government” means an agency or unit of the Executive
Branch of State government.
3A–303.
(a) The Secretary is responsible for carrying out the following duties:
(7) advising and consulting with the Legislative and Judicial branches of
State government regarding a cybersecurity strategy; [and]
(8) in consultation with the Attorney General, developing guidance on
consistent cybersecurity strategies for counties, municipal corporations, school systems,
and all other political subdivisions of the State; AND
(9) UPGRADING INFORMATIO N TECHNOLOGY AND
CYBERSECURITY –RELATED STATE GOVERNMENT INFR ASTRUCTURE ; AND
(10) ANNUALLY EVALUATING :
(I) THE FEASIBILITY OF U NITS OF STATE GOVERNMENT
PROVIDING PUBLIC SER VICES USING ARTIFICI AL INTELLIGENCE , MACHINE
LEARNING, COMMERCIAL CLOUD COM PUTING SERVICES , DEVICE–AS–A–SERVICE
PROCUREMENT MODELS , AND OTHER EMERGING T ECHNOLOGIES ; AND
(II) THE DEVELOPMENT OF D ATA ANALYTICS CAP ABILITIES TO
ENABLE DATA–DRIVEN POLICYMAKING BY UNITS OF STATE GOVERNMENT .
3A–315.
(A) (1) IN THIS SECTION THE F OLLOWING WORDS HAVE THE MEANINGS
INDICATED.
(2) “CITIZEN ADVOCACY GROU P” MEANS AN ORGANIZATIO N WHOSE
MISSION IS TO PROVID E SUPPORT FOR INFORMATION TECHNOLO GY AND
CYBERSECURITY POLICI ES.
(3) (2) “COMMISSION” MEANS THE STATEWIDE REPORTING
FRAMEWORK AND MODERNIZE MARYLAND OVERSIGHT COMMISSION.
LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 11 –
(4) (3) “CRITICAL SYSTEM ” MEANS AN INFORMATION
TECHNOLOGY OR CYBERS ECURITY SYSTEM THAT IS SEVERELY OUTDATED , AS
DETERMINED BY THE DEPARTMENT .
(B) THERE IS A STATEWIDE REPORTING FRAMEWORK AND AN
INDEPENDENT MODERNIZE MARYLAND OVERSIGHT COMMISSION IN THE
DEPARTMENT .
(C) THE PURPOSE OF THE COMMISSION IS TO:
(1) ENSURE THE CONFIDENT IALITY, INTEGRITY, AND AVAILABILITY
OF INFORMATION HELD BY THE STATE CONCERNING STATE RESIDENTS ; AND
(2) DETERMINE ADVISE THE SECRETARY AND STATE CHIEF
INFORMATION SECURITY OFFICER ON:
(I) THE APPROPRIATE INFO RMATION TECHNOLOGY AND
CYBERSECURITY INVEST MENTS AND UPGRADES ;
(II) THE FUNDING SOURCES FOR THE APPROPRIATE
INFORMATION TECHNOLO GY AND CYBERSECURITY UPGRADES; AND
(III) FUTURE MECHANISMS FO R THE PROCUREMENT OF
APPROPRIATE INFORMAT ION TECHNOLOGY AND C YBERSECURITY UPGRADES,
INCLUDING WAYS TO IN CREASE THE EFFICIENC Y OF PROCUREMENTS MA DE FOR
INFORMATION TECHNOLO GY AND CYBERSECURITY UPGRADES.
(D) THE COMMISSION CONSISTS O F THE FOLLOWING MEMB ERS:
(1) THE SECRETARY;
(2) THE STATE CHIEF INFORMATION SECURITY OFFICER;
(3) THE STATE TREASURER;
(4) THE COCHAIRS OF THE JOINT COMMITTEE ON CYBERSECURITY ,
INFORMATION TECHNOLOGY , AND BIOTECHNOLOGY ;
(5) (3) THREE CHIEF INFORMAT ION SECURITY OFFICER S
REPRESENTING DIFFERE NT UNITS OF STATE GOVERNMENT , APPOINTED BY THE
GOVERNOR;
Ch. 243 2022 LAWS OF MARYLAND
– 12 –
(6) (4) FOUR ONE INFORMATION TECHNOLO GY EXPERTS IN
MODERNIZATION EXPERT WITH EXPERIENCE IN THE PRIVATE SECTOR , APPOINTED
BY THE GOVERNOR;
(7) (5) ONE REPRESENTATIVE F ROM THE MARYLAND CHAMBER OF
COMMERCE WITH KNOWLEDGE OF CY BERSECURITY ISSUES;
(8) (6) TWO REPRESENTATIVES FROM CITIZEN ADVOCACY GRO UPS
IN THE STATE, APPOINTED BY THE GOVERNOR; INDIVIDUALS WHO ARE END USERS
OF STATE INFORMATION TEC HNOLOGY SYSTEMS , ONE APPOINTED BY THE
PRESIDENT OF THE SENATE AND ONE APPOIN TED BY THE SPEAKER OF THE HOUSE
APPOINTED BY THE GOVERNOR;
(9) (7) ONE CHIEF INFORMATIO N SECURITY OFFICER F ROM THE
PRIVATE SECTOR WHO H AS COMPLETED INFORMA TION TECHNOLOGY AND
CYBERSECURITY UPGRAD ES FOR A BUSINESS WI TH OVER 100 INFORMATION
TECHNOLOGY SYSTEMS , APPOINTED BY THE GOVERNOR; AND
(10) (8) ONE CHIEF INFORMATIO N SECURITY OFFICER F ROM THE
EDUCATION SECTOR WHO HAS COMPLETED INFORM ATION TECHNOLOGY AND
CYBERSECURITY UPGRAD ES FOR AN EDUCATIONA L INSTITUTION WITH O VER 100
INFORMATION TECHNOLO GY SYSTEMS, APPOINTED BY THE GOVERNOR.
(7) ONE REPRESENTATIVE F ROM THE CYBERSECURITY ASSOCIATION
OF MARYLAND; AND
(8) ONE INDIVIDUAL WHO I S EITHER AN INSTRUCT OR OR A
PROFESSIONAL IN THE ACADEMIC FIELD OF CY BERSECURITY AT A COL LEGE OR
UNIVERSITY IN THE STATE, APPOINTED BY THE GOVERNOR.
(E) THE COCHAIRS OF THE JOINT COMMITTEE ON CYBERSECURITY ,
INFORMATION TECHNOLOGY , AND BIOTECHNOLOGY SHALL S ERVE AS ADVISORY ,
NONVOTING MEMBERS OF THE COMMISSION.
(E) (F) THE COMMISSION SHALL :
(1) DEVELOP ADVISE THE SECRETARY ON A STRATEGIC ROADMAP
WITH A TIMELINE AND BUDGET THAT WILL :
(I) REQUIRE THE UPDATES AND INVESTMENTS OF C RITICAL
INFORMATION TECHNOLO GY AND CYBERSECURITY SYSTEMS IDENTIFIED BY THE
COMMISSION IN THE FIR ST RECOMMENDATIONS R EPORTED UNDER PARAGR APH (2)
OF THIS SUBSECTION TO BE COMPLETED ON O R BEFORE DECEMBER 31, 2025; AND LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 13 –
(II) REQUIRE ALL UPDATES AND INVESTMENTS OF
INFORMATION TECHNOLO GY AND CYBERSECURITY TO BE MADE ON OR BEF ORE
DECEMBER 31, 2030;
(2) MAKE PERIODIC RECOMM ENDATIONS ON INVESTM ENTS IN STATE
INFORMATION TECHNOLO GY STRUCTURES BASED ON THE ASSESSMENTS
COMPLETED IN ACCORDA NCE WITH THE FRAMEWO RK DEVELOPED IN § 3A–316 OF
THIS SUBTITLE; AND
(3) REVIEW AND PROVIDE R ECOMMENDATIONS ON TH E
DEPARTMENT’S BASIC SECURITY STA NDARDS FOR USE OF TH E NETWORK
ESTABLISHED UNDER § 3A–404(B) OF THIS TITLE; AND
(3) (4) EACH YEAR, IN ACCORDANCE WITH § 2–1257 OF THE STATE
GOVERNMENT ARTICLE, REPORT ITS FINDINGS AND RECOMMENDATIONS TO THE
SENATE BUDGET AND TAXATION COMMITTEE, THE SENATE EDUCATION, HEALTH,
AND ENVIRONMENTAL AFFAIRS COMMITTEE, THE HOUSE APPROPRIATIONS
COMMITTEE, THE HOUSE HEALTH AND GOVERNMENT OPERATIONS COMMITTEE,
AND THE JOINT COMMITTEE ON CYBERSECURITY , INFORMATION TECHNOLOGY ,
AND BIOTECHNOLOGY .
(G) THE REPORT SUBMITTED UNDER SUBSECTION (F)(4) OF THIS SECTION
MAY NOT CONTAIN INFO RMATION ABOUT THE SE CURITY OF AN INFORMATION
SYSTEM.
3A–316.
(A) THIS SECTION DOES NOT APPLY TO:
(1) THE MARYLAND PORT ADMINISTRATION ;
(2) THE UNIVERSITY SYSTEM OF MARYLAND;
(3) ST. MARY’S COLLEGE OF MARYLAND;
(4) MORGAN STATE UNIVERSITY;
(5) THE MARYLAND STADIUM AUTHORITY;
(6) BALTIMORE CITY COMMUNITY COLLEGE; OR
(7) THE STATE BOARD OF ELECTIONS.;
Ch. 243 2022 LAWS OF MARYLAND
– 14 –
(8) THE OFFICE OF THE ATTORNEY GENERAL;
(9) THE COMPTROLLER ; OR
(10) THE STATE TREASURER.
(A) (B) (1) THE DEPARTMENT SHALL HIRE AN INDEPENDENT
CONTRACTOR CONTRACTORS TO:
(I) DEVELOP A FRAMEWORK FOR INVESTMENTS IN
TECHNOLOGY ; AND
(II) AT LEAST ONCE EVERY 3 2 YEARS, IN ACCORDANCE WITH
THE FRAMEWORK , ANNUALLY ASSESS THE CYBERSECU RITY AND INFORMATION
TECHNOLOGY SYSTEMS I N EACH UNIT OF STATE GOVERNMENT .
(2) THE FRAMEWORK SHALL I NCLUDE THE FOLLOWING CRITERIA:
(I) SECURITY RISKS TO TH E SYSTEM;
(II) SYSTEM PERFORMANCE ;
(III) THE SYSTEM ’S DEPENDENCE ON OTHE R INFORMATION
TECHNOLOGY OR CYBERS ECURITY SYSTEMS AND DATA;
(IV) THE SYSTEM ’S ABILITY TO CREATE AN EFFICIENT AND
SEAMLESS EXPERIENCE FOR USERS;
(V) THE SYSTEM ’S EFFECTIVENESS IN A CHIEVING UNIT
OBJECTIVES;
(VI) THE SYSTEM’S EFFECTIVENESS IN M EETING THE NEEDS OF
CITIZENS AND CUSTOME RS;
(VII) THE COSTS TO MAINTAIN AN D OPERATE THE SYSTEM ;
(VIII) THE SPEED OF GOVERNM ENT RESPONSE TIME ;
(IX) THE EFFECTIVENESS OF THE SYSTEM IN REGARD TO THE
UNIT’S OBJECTIVES;
(X) IMPROVEMENTS TO THE UNIT’S RELATIVE AUDIT FIN DINGS
ATTRIBUTABLE TO THE SYSTEM; AND
LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 15 –
(XI) AN ASSESSMENT OF THE SYSTEM USING THE NATIONAL
INSTITUTE OF STANDARDS AND TECHNOLOGY CYBERSECURITY FRAMEWORK .
(B) (C) EACH UNIT SHALL PROMP TLY PROVIDE THE CONTRACTOR A
CONTRACTOR EMPLOYED UNDER SUBSECTION (B) OF THIS SECTION WITH THE
INFORMATION NECESSAR Y TO PERFORM THE ASS ESSMENTS.
(C) (D) (1) EACH YEAR, THE EVERY 3 2 YEARS, A CONTRACTOR SHALL
PROVIDE THE RESULTS OF THE ASSESSMENTS T O:
(I) THE STATEWIDE REPORTING FRAMEWORK AND
OVERSIGHT MODERNIZE MARYLAND COMMISSION ESTABLISHE D UNDER § 3A–315
OF THIS SUBTITLE; AND
(II) IN ACCORDANCE WITH § 2–1257 OF THE STATE
GOVERNMENT ARTICLE, THE SENATE BUDGET AND TAXATION COMMITTEE, THE
SENATE EDUCATION, HEALTH, AND ENVIRONMENTAL AFFAIRS COMMITTEE, AND
THE HOUSE HEALTH AND GOVERNMENT OPERATIONS COMMITTEE.
(2) THE REPORT SUBMITTED UNDER PARAGRAPH (1)(II) OF THIS
SUBSECTION MAY NOT C ONTAIN INFORMATION A BOUT THE SECURITY OF AN
INFORMATION SYSTEM .
(D) (E) THE DEPARTMENT MAY USE FUNDS AVAILABLE FROM THE
ISSUANCE OF BONDS IN ACCORDANCE WITH § 10–650.1 OF THE ECONOMIC
DEVELOPMENT ARTICLE TO PAY FOR TH E INDEPENDENT CONTRA CTOR REQUIRED
UNDER MULTIPLE CONTRACTORS AT A TIME TO MEET TH E REQUIREMENTS OF THIS
SECTION.
3A–317.
(A) THE DEPARTMENT SHALL CONS ULT WITH THE MARYLAND STADIUM
AUTHORITY REGARDING THE ISS UANCE OF BONDS FOR U PGRADES TO
INFORMATION TECHNOLO GY AND CYBERSECURITY –RELATED STATE GOVERNMENT
INFRASTRUCTURE IN AC CORDANCE WITH § 10–650.1 OF THE ECONOMIC
DEVELOPMENT ARTICLE.
(B) THE DEPARTMENT MAY USE TH E PROCEEDS FROM BOND S ISSUED FOR
UPGRADES TO INFORMAT ION TECHNOLOGY AND C YBERSECURITY –RELATED STATE
GOVERNMENT INFRASTRU CTURE UNDER § 10–650.1 OF THE ECONOMIC
DEVELOPMENT ARTICLE ONLY FOR PROJ ECTS THAT RELATE TO RESEARCH INTO ,
ACQUISITION OF , INSTALLATION OF , MAINTENANCE OF , AND RELATED EXPENSES
FOR UPGRADES TO INFO RMATION TECHNOLOGY A ND CYBERSECURITY –RELATED
STATE GOVERNMENT INFR ASTRUCTURE . Ch. 243 2022 LAWS OF MARYLAND
– 16 –
(A) (1) IN THIS SECTION THE F OLLOWING WORDS HAVE THE MEANINGS
INDICATED.
(2) “FUND” MEANS THE LOCAL CYBERSECURITY SUPPORT FUND.
(3) “LOCAL GOVERNMENT ” INCLUDES LOCAL SCHOO L SYSTEMS,
LOCAL SCHOOL BOARDS , AND LOCAL HEALTH DEP ARTMENTS.
(B) (1) THERE IS A LOCAL CYBERSECURITY SUPPORT FUND.
(2) THE PURPOSE OF THE FUND IS TO:
(I) PROVIDE FINANCIAL AS SISTANCE TO LOCAL GO VERNMENTS
TO IMPROVE CYBERSECURIT Y PREPAREDNESS , INCLUDING:
1. UPDATING CURRENT DEV ICES AND NETWORKS WI TH
THE MOST UP–TO–DATE CYBERSECURITY P ROTECTIONS;
2. SUPPORTING THE PURCH ASE OF NEW HARDWARE ,
SOFTWARE, DEVICES, AND FIREWALLS TO IMP ROVE CYBERSECURITY
PREPAREDNESS ;
3. RECRUITING AND HIRIN G INFORMATION
TECHNOLOGY STAFF FOC USED ON CYBERSECURIT Y; AND
4. PAYING OUTSIDE VENDO RS FOR CYBERSECURITY
STAFF TRAINING ; AND
(II) ASSIST LOCAL GOVERNM ENTS APPLYING FOR FE DERAL
CYBERSECURITY PREPAR EDNESS GRANTS.
(3) THE SECRETARY SHALL ADMIN ISTER THE FUND.
(4) (I) THE FUND IS A SPECIAL, NONLAPSING FUND THAT IS NOT
SUBJECT TO § 7–302 OF THE STATE FINANCE AND PROCUREMENT ARTICLE.
(II) THE STATE TREASURER SHALL HOLD THE FUND
SEPARATELY, AND THE COMPTROLLER SHALL ACC OUNT FOR THE FUND.
(5) THE FUND CONSISTS OF :
(I) MONEY APPROPRIATED I N THE STATE BUDGET TO THE
FUND; LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 17 –
(II) INTEREST EARNINGS ; AND
(III) ANY OTHER MONEY FROM ANY OTHER SOURCE ACC EPTED
FOR THE BENEFIT OF T HE FUND.
(6) THE FUND MAY BE USED ONLY :
(I) TO PROVIDE FINANCIAL ASSISTANCE TO LOCAL
GOVERNMENTS TO IMPRO VE CYBERSECURITY PRE PAREDNESS, INCLUDING:
1. UPDATING CURRENT DEV ICES AND NETWORKS WI TH
THE MOST UP–TO–DATE CYBERSECURITY P ROTECTIONS;
2. SUPPORTIN G THE PURCHASE OF NE W HARDWARE ,
SOFTWARE, DEVICES, AND FIREWALLS TO IMP ROVE CYBERSECURITY
PREPAREDNESS ;
3. RECRUITING AND HIRIN G INFORMATION
TECHNOLOGY STAFF FOC USED ON CYBERSECURIT Y; AND
4. PAYING OUTSIDE VENDO RS FOR CYBERSECURITY
STAFF TRAINING ;
(II) TO ASSIST LOCAL GOVE RNMENTS APPLYING FOR FEDERAL
CYBERSECURITY PREPAR EDNESS GRANTS ; AND
(III) FOR ADMINISTRATIVE E XPENSES ASSOCIATED W ITH
PROVIDING THE ASSIST ANCE DESCRIBED UNDER ITEM (I) OF THIS PARAGRAPH .
(7) (I) THE STATE TREASURER SHALL INVES T THE MONEY OF THE
FUND IN THE SAME MANN ER AS OTHER STATE MONEY MAY BE IN VESTED.
(II) ANY INTEREST EARNINGS OF THE FUND SHALL BE
CREDITED TO THE FUND.
(8) EXPENDITURES FROM THE FUND MA Y BE MADE ONLY IN
ACCORDANCE WITH THE STATE BUDGET .
(C) TO BE ELIGIBLE TO REC EIVE ASSISTANCE FROM THE FUND, A LOCAL
GOVERNMENT SHALL UND ERGO A CYBERSECURITY PREPAREDNESS ASSESSM ENT
PROVIDED BY THE DEPARTMENT AT A COST TO THE LOCAL GOVERNM ENT THAT
DOES NOT EXCEED THE COST TO THE DEPARTMENT OF PROVIDI NG THE
ASSESSMENT . Ch. 243 2022 LAWS OF MARYLAND
– 18 –
6–226.
(a) (2) (i) Notwithstanding any other provision of law, and unless
inconsistent with a federal law, grant agreement, or other federal requirement or with the
terms of a gift or settlement agreement, net interest on all State money allocated by the
State Treasurer under this section to special funds or accounts, and otherwise entitled to
receive interest earnings, as accounted for by the Comptroller, shall accrue to the General
Fund of the State.
(ii) The provisions of subparagraph (i) of this paragraph do not apply
to the following funds:
144. the Health Equity Resource Community Reserve Fund;
[and]
145. the Access to Counsel in Evictions Special Fund; AND
146. THE INFORMATION TECHNOLOGY AND LOCAL
CYBERSECURITY INFRASTRUCTURE SUPPORT FUND.
11–101.
(a) In this Division II the following words have the meanings indicated unless:
(1) the context clearly requires a different meaning; or
(2) a different definition is provided for a particular title or provision.
(m) “Primary procurement units” means:
(1) the State Treasurer;
(2) the Department of General Services;
(3) the Department of Transportation;
(4) the University System of Maryland;
(5) the Maryland Port Commission;
(6) the Morgan State University; [and]
(7) the St. Mary’s College of Maryland; AND
LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 19 –
(8) THE DEPARTMENT OF INFORMATION TECHNOLOGY .
12–101.
(a) This section does not apply to:
(1) capital expenditures by the Department of Transportation or the
Maryland Transportation Authority, in connection with State roads, bridges, or highways,
as provided in § 12–202 of this title; OR
(2) PROCUREMENTS BY THE DEPARTMENT OF INFORMATION
TECHNOLOGY GENERAL SERVICES FOR THE PURPOSE OF MODERNIZI NG
CYBERSECURITY INFRAS TRUCTURE FOR THE STATE VALUED BELOW $1,000,000.
(b) (1) The Board may control procurement by units.
(2) To implement the provisions of this Division II, the Board may:
(i) set policy;
(ii) adopt regulations, in accordance with Title 10, Subtitle 1 of the
State Government Article; and
(iii) establish internal operational procedures consistent with this
Division II.
(3) The Board shall ensure that the regulations of the primary
procurement units provide for procedures that are consistent with this Division II and Title
13, Subtitle 4 of the State Personnel and Pensions Article and, to the extent the
circumstances of a particular type of procurement or a particular unit do not require
otherwise, are substantially the same.
(4) The Board may delegate any of its authority that it determines to be
appropriate for delegation and may require prior Board approval for specified procurement
actions.
(5) Except as limited by the Maryland Constitution, the Board may
exercise any control authority conferred on a primary procurement unit by this Division II
and, to the extent that its action conflicts with the action of the primary procurement unit,
the action of the Board shall prevail.
(6) The Board shall develop and submit to the General Assembly, in
accordance with § 2–1257 of the State Government Article, an annual report on the
procurement system that includes information on actions necessary to improve effective
broad–based competition in procurement.
Ch. 243 2022 LAWS OF MARYLAND
– 20 –
(C) ON OR BEFORE DECEMBER 1 EACH YEAR, THE DEPARTMENT OF
INFORMATION TECHNOLOGY GENERAL SERVICES SHALL SUBMIT A REPOR T TO THE
BOARD ON PROCUREMENTS MADE UNDER SUBSECTIO N (A)(2) OF THIS SECTION
THAT SHALL INCLUDE F OR EACH PROCUREMENT :
(1) THE PURPOSE OF THE P ROCUREMENT ;
(2) THE NAME OF THE CONT RACTOR;
(3) THE CONTRACT AMOUNT ; AND
(4) THE METHOD OF PROCUR EMENT UTILIZED ;
(5) THE NUMBER OF BIDDER S WHO BID ON THE PRO CUREMENT; AND
(4) (6) THE CONTRACT TERM .
12–107.
(b) Subject to the authority of the Board, jurisdiction over procurement is as
follows:
(2) the Department of General Services may:
(i) engage in or control procurement of:
8. construction and construction–related services for State
correctional facilities; AND
9. supplies, materials, and equipment in support of
construction and construction–related services for State correctional facilities in
accordance with this Division II and Title 2 and Title 10, Subtitle 1 of the Correctional
Services Article; AND
10. [information processing equipment and associated
services, as provided in Title 3A, Subtitle 3 of this article; and
11.] telecommunication equipment, systems, or services, as
provided in Title 3A, Subtitle 4 of this article;
(3) the Department of Transportation and the Maryland Transportation
Authority, without the approval of any of the other primary procurement units, may engage
in the procurement of:
LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 21 –
(vi) services for aeronautics related activities, including information
processing services, but excluding banking and financial services under the authority of the
State Treasurer under item (1) of this subsection; [and]
(4) the Maryland Port Commission, without the approval of any of the
other primary procurement units, may engage in the procurement of:
(v) leases of real property for port related activities unless the lease
payments are from the General Fund of the State; AND
(5) THE DEPARTMENT OF INFORMATION TECHNOLOGY GENERAL
SERVICES, WITHOUT THE APPROVAL OF ANY OTHER PRIMARY PROCUREMENT UNIT ,
MAY ENGAGE IN OR CON TROL PROCUREMENT OF :
(I) INFORMATION PROCESSI NG EQUIPMENT , CLOUD
COMPUTING EQUIPMENT , AND ASSOCIATED SERVI CES, AS PROVIDED IN TITLE 3A,
SUBTITLE 3 OF THIS ARTICLE; AND
(II) INFORMATION TECHNOLO GY SYSTEM AND
MODERNIZATION , AS PROVIDED IN TITLE 3A, SUBTITLE 3 OF THIS ARTICLE;
(III) TELECOMMUNICATION EQ UIPMENT, SYSTEMS, OR
SERVICES, AS PROVIDED IN TITLE 3A, SUBTITLE 4 OF THIS ARTICLE; AND
(IV) CYBERSECURITY UPGRAD ES AND MODERNIZATION , AS
PROVIDED IN TITLE 3A, SUBTITLE 3 OF THIS ARTICLE .
15–112.
(a) (1) (i) Except as provided in subparagraph (ii) of this paragraph, this
section applies to State procurement contracts for:
1. construction;
2. INFORMATION PROCESSI NG EQUIPMENT , CLOUD
COMPUTING EQUIPMENT SERVICES, AND ASSOCIATED SERVI CES; AND
3. IN ACCORDANCE WITH TITLE 3A, SUBTITLE 3 OF THIS
ARTICLE, INFORMATION TECHN OLOGY SYSTEM AND CYB ERSECURITY UPGRADES
AND MODERNIZATION .
(b) (3) (i) If a unit is to pay for a contract or a part of a contract using a
unit price methodology, a change order may not be required for work to continue and be
completed beyond the estimated quantities in the contract.
Ch. 243 2022 LAWS OF MARYLAND
– 22 –
(ii) After work is completed, a unit shall:
1. determine the actual quantity used to complete the
contract; and
2. if necessary, issue a final adjustment change order to the
contractor.
(4) AN INDEPEND ENT CONTRACTOR WHO P ERFORMS AN
ASSESSMENT UNDER § 3A–316 OF THIS ARTICLE MAY ISSUE A CHANGE ORDER ON
THE ORIGINAL ASSESSM ENT CONTRACT FOR ANY SUBSEQUENT CYBERSECU RITY
UPGRADES.
SECTION 2. AND BE IT FURTHER ENACTED, That this Act shall take effect July
1, 2022.
SECTION 2. AND BE IT FURTHER ENACTED, That for fiscal year 2023, funds
from the Dedicated Purpose Account may be transferred by budget amendment in
accordance with § 7–310 of the State Finance and Procurement Article to implement this
Act.
SECTION 3. AND BE IT FURTHER ENACTED, That for fiscal year 2024, the
Governor shall include in the annual budget bill an appropriation in an amount that is not
less than 20% of the aggregated amount appropriated for information technology and
cybersecurity resources in the annual budget bill for fiscal year 2023 for the Dedicated
Purpose Account for cybersecurity.
SECTION 4. AND BE IT FURTHER ENACTED, That:
(a) On or before December 1, 2023, a public or private water or sewer system that
serves 10,000 or more users and receives financial assistance from the State shall:
(1) assess its vulnerability to a cyber attack;
(2) if appropriate, develop a cybersecurity plan; and
(3) submit a report to the General Assembly, in accordance with § 2–1257 of
the State Government Article, on the findings of the assessment conducted under this
subsection and any recommendations for statutory changes needed for the system to
appropriately address its cybersecurity.
(b) The Maryland Water Quality Financing Administration may provide financial
assistance to a public water or wastewater system to assess system cybersecurity
vulnerabilities and develop a cybersecurity plan.
LAWRENCE J. HOGAN, JR., Governor Ch. 243
– 23 –
SECTION 4. 5. AND BE IT FURTHER ENACTED, That this Act is an emergency
measure, is necessary for the immediate preservation of the public health or safety, has been
passed by a yea and nay vote supported by three–fifths of all the members elected to each of
the two Houses of the General Assembly, and shall take effect from the date it is enacted.
Approved by the Governor, May 12, 2022.