Maryland House Bill HB1339

The bill imposes new requirements on public service companies, mandating them to adopt cybersecurity best practices, including zero trust principles and the protection of personally identifiable information (PII). It also compels these companies to include specific cybersecurity provisions in contracts with third-party vendors. By doing so, the bill underscores the significance of maintaining stringent security protocols to safeguard both consumer data and critical operational information, thereby aligning utility management with modern cybersecurity expectations.

House Bill 1339, titled the Critical Infrastructure Security Act of 2022, aims to strengthen the cybersecurity framework surrounding critical infrastructure and public service companies in Maryland. The bill designates the Department of Emergency Management as the authority to initiate actions that minimize disaster risks associated with cybersecurity breaches. A key feature of the bill is the establishment of a Critical Infrastructure Cybersecurity Grant Program, which is intended to support enhancements in cybersecurity through various funding sources, thereby allowing critical facilities to implement necessary security measures and technologies.

While the bill supports enhanced cybersecurity measures, there are points of contention among stakeholders regarding the feasibility and implications of the proposed changes. Opponents may argue that the added requirements could lead to increased operational costs for public service companies, potentially impacting service rates for consumers. Moreover, ensuring compliance with new cybersecurity standards might stretch resources—especially for smaller utilities that may struggle with the financial implications of implementing the required changes. Overall, the legislation is positioned as a proactive approach to cybersecurity, yet it raises discussions about economic impacts and the balance between stringent security practices and operational viability.