Cybersecurity - Critical Infrastructure and Public Service Companies (Critical Infrastructure Security Act of 2022)
The bill amends existing regulatory frameworks to include cybersecurity standards that public service companies must adhere to. This includes adopting best practices such as implementing 'zero trust' principles, which require constant evaluation of trust states within their systems. Additionally, it necessitates the protection of personally identifiable information for customers and employees, determining the need for security protocols in contracts with third-party technology providers. The Maryland Public Service Commission will also have its duties expanded to encompass responsibilities related to cybersecurity.
Senate Bill 810, titled the Critical Infrastructure Security Act of 2022, focuses on enhancing cybersecurity practices within critical infrastructure and public service companies. This bill empowers the Department of Emergency Management to take necessary actions to reduce risks associated with disasters that could impact critical infrastructure in the state, which includes electric grids, gas supply, and public water systems. A new Critical Infrastructure Cybersecurity Grant Program will be established to fund cybersecurity improvements for these utilities, leveraging various funds from federal, state, and local sources.
Notable points of contention surrounding SB810 center on the potential costs and logistics of implementing the required cybersecurity measures. Critics may argue that the financial burden of compliance could be high for smaller public service companies, potentially leading to increased utility rates. Additionally, discussions may arise regarding the adequacy of the grant program in meeting the cybersecurity needs of critical infrastructure while ensuring public safety and reliability. There are concerns about how quickly these regulations will be enforced and whether all public service companies can meet the new standards effectively.