Maryland 2025 Regular Session

Maryland House Bill HB376 Compare Versions

Version 1 (Old)

Version 2 (New)

Old	New		Differences
1	1
2	2
3	3		EXPLANATION: CAPITALS INDICATE MAT TER ADDED TO EXISTIN G LAW.
4	4		[Brackets] indicate matter deleted from existing law.
5	5		Underlining indicates amendments to bill.
6	6		Strike out indicates matter stricken from the bill by amendment or deleted from the law by
7	7		amendment.
8		-	Italics indicate opposite chamber/conference committee amendments.
9	8		hb0376
10	9
11	10		HOUSE BILL 376
12		-	P1, S2 (5lr1418)
13		-	ENROLLED BILL
14		-	— Health and Government Operations/Education, Energy, and the Environment —
15		-	Introduced by Chair, Health and Government Operations Committee
16		-
17		-	Read and Examined by Proofreaders:
18		-
19		-	_______________________________________________
20		-	Proofreader.
21		-	_______________________________________________
22		-	Proofreader.
23		-
24		-	Sealed with the Great Seal and presented to the Governor, for his approv al this
25		-
26		-	_______ day of _______________ at ________________________ o’clock, ________M.
27		-
28		-	______________________________________________
29		-	Speaker.
	11	+	P1, S2 5lr1418
	12	+	CF SB 294
	13	+	By: Chair, Health and Government Operations Committee
	14	+	Introduced and read first time: January 16, 2025
	15	+	Assigned to: Health and Government Operations
	16	+	Committee Report: Favorable with amendments
	17	+	House action: Adopted
	18	+	Read second time: February 22, 2025
30	19
31	20		CHAPTER ______
32	21
33	22		AN ACT concerning 1
34	23
35	24		Maryland Cybersecurity Council – Membership – Alterations 2
36	25
37	26		FOR the purpose of altering the membership, selection of the membership, and chair of the 3
38		-	Maryland Cybersecurity Council; selection of the membership and chair of the 4
39		-	Maryland Cybersecurity Council; requiring the Council, working with certain 5
40		-	entities, to assess and address cybersecurity threats and associated risks from 6
41		-	artificial intelligence and quantum computing; and generally relating to the 7
42		-	Maryland Cybersecurity Council membership. 8
	27	+	Maryland Cybersecurity Council; and generally relating to Maryland Cybersecurity 4
	28	+	Council membership. 5
43	29
44		-	BY repealing and reenacting, without amendments, 9
45		-	Article – State Government 10
46		-	Section 9–2901(b) 11
47		-	Annotated Code of Maryland 12
48		-	(2021 Replacement Volume and 2024 Supplement) 13
49		-	2 HOUSE BILL 376
50		-
51		-
52		-	BY repealing and reenacting, with amendments, 1
53		-	Article – State Government 2
54		-	Section 9–2901(c) and (f), (f), and (j) 3
55		-	Annotated Code of Maryland 4
56		-	(2021 Replacement Volume and 2024 Supplement) 5
57		-
58		-	BY repealing 6
	30	+	BY repealing and reenacting, without amendments, 6
59	31		Article – State Government 7
60		-	Section 9–2901(g) 8
	32	+	Section 9–2901(b) 8
61	33		Annotated Code of Maryland 9
62	34		(2021 Replacement Volume and 2024 Supplement) 10
63	35
64		-	BY ~~adding to~~ 11
	36	+	BY repealing and reenacting, with amendments, 11
65	37		Article – State Government 12
66		-	Section 9–2901(g) 13
	38	+	Section 9–2901(c) and (f) 13
67	39		Annotated Code of Maryland 14
68	40		(2021 Replacement Volume and 2024 Supplement) 15
69	41
70		-	SECTION 1. BE IT ENACTED BY THE GENERAL ASSEMBLY OF MARYLAND, 16
71		-	That the Laws of Maryland read as follows: 17
	42	+	BY repealing 16
	43	+	Article – State Government 17
	44	+	Section 9–2901(g) 18
	45	+	Annotated Code of Maryland 19
	46	+	(2021 Replacement Volume and 2024 Supplement) 20
72	47
73		-	~~Article – State Government 18~~
	48	+	BY adding to 21 2 HOUSE BILL 376
74	49
75		-	9–2901. 19
76	50
77		-	(b) There is a Maryland Cybersecurity Council. 20
	51	+	Article – State Government 1
	52	+	Section 9–2901(g) 2
	53	+	Annotated Code of Maryland 3
	54	+	(2021 Replacement Volume and 2024 Supplement) 4
78	55
79		-	(c) The Council consists of the following members: 21
	56	+	SECTION 1. BE IT ENACTED BY THE GENERAL ASSEMBLY OF MARYLAND, 5
	57	+	That the Laws of Maryland read as follows: 6
80	58
81		-	~~(1) the Attorney General,~~ ~~or the Attorney General’s designee; 22~~
	59	+	Article – State Government 7
82	60
83		-	~~(2) the Secretary of Information Technology, or the Secretary’s designee; 23~~
	61	+	9–2901. 8
84	62
85		-	(3) ~~the Secretary of State Police,~~ ~~or the Secretary’s designee; 24~~
	63	+	(b) There is a Maryland Cybersecurity Council. 9
86	64
87		-	(4) the ~~Secretary~~ of ~~Commerce, or~~ the ~~Secretary’s designee;~~ 25
	65	+	(c) The Council consists of the following members: 10
88	66
89		-	(5) the ~~Adjutant~~ General, or the ~~Adjutant~~ General’s designee; 26
	67	+	(1) the Attorney General, or the Attorney General’s designee; 11
90	68
91		-	(6) the State Administrator of Elections, or the State Administrator’s 27
92		-	designee; 28
	69	+	(2) the Secretary of Information Technology, or the Secretary’s designee; 12
93	70
94		-	(7) the Executive Director of the Governor’s Office of Homeland Security, 29
95		-	or the Executive Director’s designee; 30
	71	+	(3) the Secretary of State Police, or the Secretary’s designee; 13
96	72
97		-	(8) the Director of the Maryland Coordination and Analysis Center, or the 31
98		-	Director’s designee; 32 HOUSE BILL 376 3
	73	+	(4) the Secretary of Commerce, or the Secretary’s designee; 14
	74	+
	75	+	(5) the Adjutant General, or the Adjutant General’s designee; 15
	76	+
	77	+	(6) the State Administrator of Elections, or the State Administrator’s 16
	78	+	designee; 17
	79	+
	80	+	(7) the Executive Director of the Governor’s Office of Homeland Security, 18
	81	+	or the Executive Director’s designee; 19
	82	+
	83	+	(8) the Director of the Maryland Coordination and Analysis Center, or the 20
	84	+	Director’s designee; 21
	85	+
	86	+	(9) the Secretary of Emergency Management, or the Secretary’s designee; 22
	87	+
	88	+	(10) the Chief Executive Officer of the Maryland Technology Development 23
	89	+	Corporation, or the Chief Executive Officer’s designee; 24
	90	+
	91	+	(11) the Chair of the Tech Council of Maryland, or the Chair’s designee; 25
	92	+
	93	+	(12) THE EXECUTIVE DIRECTOR OF THE CYBERSECURITY 26
	94	+	ASSOCIATION, INC., OR THE EXECUTIVE DIRECTOR’S DESIGNEE; 27
	95	+
	96	+	(12) (13) the President of the Fort Meade Alliance, or the President’s 28
	97	+	designee; 29 HOUSE BILL 376 3
99	98
100	99
101	100
102		-	(9) the Secretary of Emergency Management, or the Secretary’s designee; 1
	101	+	(13) (14) the President of the Army Alliance, or the President’s designee; 1
	102	+	and 2
103	103
104		-	(10) THE ~~PEOPLE’S COUNSEL,~~ OR THE ~~DESIGNEE OF T HE PEOPLE’S 2~~
105		-	~~COUNSEL; 3~~
	104	+	(14) (15) the following members appointed by the [Attorney General] 3
	105	+	GOVERNOR: 4
106	106
107		-	(11) the ~~Chief Executive Officer of the Maryland Technology Development 4~~
108		-	~~Corporation~~, or ~~the Chief Executive Officer’s designee~~; 5
	107	+	(i) five representatives of cybersecurity companies located in the 5
	108	+	State, with at least three representing cybersecurity companies with 50 or fewer employees; 6
109	109
110		-	(11) ~~(12) the Chair of the Tech Council of Maryland,~~ or ~~the Chair’s 6~~
111		-	~~designee~~; 7
	110	+	(ii) four representatives from statewide or regional business 7
	111	+	associations; 8
112	112
113		-	(12) ~~THE EXECUTIVE DIRECTOR~~ OF ~~THE CYBERSECURITY 8~~
114		-	~~ASSOCIATION, INC., OR~~ THE ~~EXECUTIVE DIRECTOR’S DESIGNEE~~; 9
	113	+	(iii) up to ten representatives from institutions of higher education 9
	114	+	located in the State; 10
115	115
116		-	(12) (13) the President of the Fort Meade Alliance, or the President’s 10
117		-	designee; 11
	116	+	(iv) one representative of a crime victims organization; 11
118	117
119		-	(13) (14) the President of the Army Alliance, or the President’s designee; 12
120		-	and 13
	118	+	(v) four representatives from industries that may be susceptible to 12
	119	+	attacks on cybersecurity, including at least one representative of a bank, whether or not 13
	120	+	State–chartered, that has a branch in the State; 14
121	121
122		-	(14) (15~~) the following members appointed by the [Attorney General] 14~~
123		-	~~GOVERNOR: 15~~
	122	+	(vi) two representatives of organizations that have expertise in 15
	123	+	electronic health care records; and 16
124	124
125		-	(i) five FOUR representatives of cybersecurity companies located in 16
126		-	the State, with at least three representing cybersecurity companies with 50 or fewer 17
127		-	employees, DESIGNATED BY THE CYBERSECURITY ASSOCIATION OF MARYLAND; 18
	125	+	(vii) any other stakeholder that the [Attorney General] GOVERNOR 17
	126	+	determines appropriate. 18
128	127
129		-	(ii) ~~four representatives from statewide or regional business~~ 19
130		-	~~associations;~~ 20
	128	+	(f) The [Attorney General] GOVERNOR also shall invite, as appropriate, the 19
	129	+	following representatives of federal agencies to serve on the Council: 20
131	130
132		-	(16) THE CHIEF EXECUTIVE OFFICER OF THE MARYLAND CHAMBER OF 21
133		-	COMMERCE, OR THE CHIEF EXECUTIVE OFFICER’S DESIGNEE; 22
	131	+	(1) the Director of the National Security Agency, or the Director’s designee; 21
134	132
135		-	(17) THE EXECUTIVE DIRECTOR OF THE CYBERSECURITY 23
136		-	ASSOCIATION OF MARYLAND, OR THE EXECUTIVE DIRECTOR’S DESIGNEE; 24
	133	+	(2) the Secretary of Homeland Security, or the Secretary’s designee; 22
137	134
138		-	(iii) (18) up to ten NINE representatives from institutions of higher 25
139		-	education located in the State WITH EXPERTISE IN CY BERSECURITY, WITH AT LEAST 26
140		-	FOUR REPRESENTATIVES WITH EXPERTISE IN AR TIFICIAL INTELLIGENC E AND 27
141		-	QUANTUM COMPUTING , INCLUDING: 28
	135	+	(3) the Director of the Defense Information Systems Agency, or the 23
	136	+	Director’s designee; 24
142	137
143		-	(I) THE PRESIDENT, OR THE PRESIDENT’S DESIGNEE, OF: 29
	138	+	(4) the Director of the Intelligence Advanced Research Projects Activity, or 25
	139	+	the Director’s designee; and 26
144	140
145		-	1. BOWIE STATE UNIVERSITY; 30 4 HOUSE BILL 376
	141	+	(5) any other federal agency that the Attorney General determines 27
	142	+	appropriate. 28
	143	+
	144	+	[(g) The Attorney General, or the Attorney General’s designee, shall chair the 29
	145	+	Council.] 30 4 HOUSE BILL 376
146	146
147	147
148	148
149		-	2. JOHNS HOPKINS UNIVERSITY; 1
	149	+	(G) BEGINNING OCTOBER 1, 2025, AND EVERY 2 YEARS THEREAFTER , THE 1
	150	+	COUNCIL SHALL ELECT A CHAIR FROM AMONG THE MEMBERS OF THE COUNCIL. 2
150	151
151		-	3. MORGAN STATE UNIVERSITY; 2
152		-
153		-	4. THE UNIVERSITY OF MARYLAND, BALTIMORE 3
154		-	CAMPUS; 4
155		-
156		-	5. THE UNIVERSITY OF MARYLAND, BALTIMORE 5
157		-	COUNTY; AND 6
158		-
159		-	6. THE UNIVERSITY OF MARYLAND, COLLEGE PARK 7
160		-	CAMPUS; 8
161		-
162		-	(II) THE DEAN OF THE UNIVERSITY OF MARYLAND GLOBAL 9
163		-	CAMPUS SCHOOL OF CYBERSECURITY AND INFORMATION TECHNOLOGY , OR THE 10
164		-	DEAN’S DESIGNEE; AND 11
165		-
166		-	(III) TWO ADDITIONAL REPRESENTATIVES DESI GNATED BY THE 12
167		-	CHANCELLOR OF THE UNIVERSITY SYSTEM OF MARYLAND; 13
168		-
169		-	(iv) one representative of a crime victims organization; 14
170		-
171		-	(v) four representatives from industries that may be susceptible to 15
172		-	attacks on cybersecurity, including at least one representative of a bank, whether or not 16
173		-	State–chartered, that has a branch in the State; 17
174		-
175		-	(vi) two representatives of organizations that have expertise in 18
176		-	electronic health care records; and 19
177		-
178		-	(19) THE DIRECTOR OF CASH CAMPAIGN OF MARYLAND, OR THE 20
179		-	DIRECTOR’S DESIGNEE; 21
180		-
181		-	(20) THE EXECUTIVE DIRECTOR OF ECONOMIC ACTION MARYLAND, 22
182		-	OR THE EXECUTIVE DIRECTOR’S DESIGNEE; 23
183		-
184		-	(21) ONE BANK CHIEF INFOR MATION SECURITY OFFI CER, DESIGNATED 24
185		-	BY THE MARYLAND BANKERS ASSOCIATION; 25
186		-
187		-	(22) ONE HOSPITAL CHIEF INFORMATION SECURITY OFFICER, 26
188		-	DESIGNATED BY THE MARYLAND HOSPITAL ASSOCIATION; 27
189		-
190		-	(23) ONE WATER SYSTEMS CH IEF INFORMATION SECU RITY OFFICER 28
191		-	WHO WORKS FOR A WATE R SYSTEM LOCATED IN THE STATE, DESIGNATED BY THE 29
192		-	NATIONAL ASSOCIATION OF WATER COMPANIES; 30 HOUSE BILL 376 5
193		-
194		-
195		-
196		-	(24) ONE ELECTRIC COMPANY CHIEF INFORMATION SE CURITY OFFICER 1
197		-	WHO WORKS IN THE STATE FOR AN ELECTRIC COMPANY SERVING CUST OMERS IN THE 2
198		-	STATE, DESIGNATED BY THE EDISON ELECTRIC INSTITUTE; 3
199		-
200		-	(25) THE EXECUTIVE DIRECTOR OF THE ELECTRONIC PRIVACY 4
201		-	INFORMATION CENTER, OR THE EXECUTIVE DIRECTOR’S DESIGNEE; 5
202		-
203		-	(26) THE EXECUTIVE DIRECTOR OF THE CENTER FOR DEMOCRACY 6
204		-	AND TECHNOLOGY , OR THE EXECUTIVE DIRECTOR’S DESIGNEE; 7
205		-
206		-	(27) THE CHIEF EXECUTIVE OFFICER OF THE TECHNOLOGY 8
207		-	ADVANCEMENT CENTER, OR THE CHIEF EXECUTIVE OFFICER’S DESIGNEE; 9
208		-
209		-	(28) THE DIRECTOR OF THE CENTER FOR GOVERNANCE OF 10
210		-	TECHNOLOGY AND SYSTEMS, OR THE DIRECTOR’S DESIGNEE; AND 11
211		-
212		-	(vii) (29) any other stakeholder that the [Attorney General] 12
213		-	GOVERNOR CHAIR determines appropriate. 13
214		-
215		-	(f) The [Attorney General] GOVERNOR CHAIR also shall invite, as appropriate, 14
216		-	the following representatives of federal agencies to serve on the Council: 15
217		-
218		-	(1) the Director of the National Security Agency, or the Director’s designee; 16
219		-
220		-	(2) the Secretary of Homeland Security, or the Secretary’s designee; 17
221		-
222		-	(3) the Director of the Defense Information Systems Agency, or the 18
223		-	Director’s designee; 19
224		-
225		-	(4) THE DIRECTOR OF THE NATIONAL INSTITUTE FOR SCIENCE AND 20
226		-	TECHNOLOGY , OR THE DIRECTOR’S DESIGNEE; 21
227		-
228		-	(5) the Director of the Intelligence Advanced Research Projects Activity, or 22
229		-	the Director’s designee; and 23
230		-
231		-	(5) (6) any other federal agency that the Attorney General CHAIR 24
232		-	determines appropriate. 25
233		-
234		-	[(g) The Attorney General, or the Attorney General’s designee, shall chair the 26
235		-	Council.] 27
236		-
237		-	(G) (1) BEGINNING SUBJECT TO PARAGRAPH (2) OF THIS SUBSECTION , 28
238		-	BEGINNING OCTOBER 1, 2025, AND EVERY 2 YEARS THEREAFTER , THE COUNCIL 29 6 HOUSE BILL 376
239		-
240		-
241		-	SHALL ELECT A CHAIR AND VICE CHAIR FROM AMONG THE MEMBE RS OF THE 1
242		-	COUNCIL. 2
243		-
244		-	(2) ONE SHALL BE A STATE EMPLOYEE AND ON E SHALL BE A 3
245		-	NON–STATE EMPLOYEE . 4
246		-
247		-	(j) The Council shall work with the National Institute of Standards and 5
248		-	Technology and other federal agencies, private sector businesses, NONPROFITS, and private 6
249		-	cybersecurity experts to ASSESS AND ADDRESS C YBERSECURITY THREATS AND 7
250		-	ASSOCIATED RISKS FRO M ARTIFICIAL INTELLI GENCE AND QUANTUM CO MPUTING TO: 8
251		-
252		-	(1) for critical infrastructure [not covered by federal law or the Executive 9
253		-	Order], review and conduct risk assessments to determine which local infrastructure sectors 10
254		-	are at the greatest risk of cyber attacks and need the most enhanced cybersecurity measures; 11
255		-
256		-	(2) use federal guidance to identify categories of critical infrastructure as 12
257		-	critical cyber infrastructure if cyber damage or unauthorized cyber access to the 13
258		-	infrastructure could reasonably result in catastrophic consequences, including: 14
259		-
260		-	(i) interruption in the provision of energy, water, transportation, 15
261		-	emergency services, food, or other life–sustaining services sufficient to cause a mass casualty 16
262		-	event or mass evacuations; 17
263		-
264		-	(ii) catastrophic economic damage; or 18
265		-
266		-	(iii) severe degradation of State or national security; 19
267		-
268		-	(3) assist infrastructure entities that are not covered by the Executive Order 20
269		-	in complying with federal cybersecurity guidance; 21
270		-
271		-	(4) assist private sector cybersecurity businesses in adopting, adapting, and 22
272		-	implementing the National Institute of Standards and Technology cybersecurity framework 23
273		-	of standards and practices; 24
274		-
275		-	(5) examine inconsistencies between State and federal laws regarding 25
276		-	cybersecurity; 26
277		-
278		-	(6) recommend a comprehensive State strategic plan to ensure a coordinated 27
279		-	and adaptable response to and recovery from cybersecurity attacks; [and] 28
280		-
281		-	(7) ADDRESS SENSITIVE PR IVACY INTERESTS OF STATE RESIDENTS 29
282		-	RELATED TO CYBERSECU RITY AND ASSOCIATED RISKS; 30
283		-
284		-	(8) ADDRESS EMERGING THR EATS POSED BY ARTIFI CIAL 31
285		-	INTELLIGENCE , INCLUDING: 32
286		-	HOUSE BILL 376 7
287		-
288		-
289		-	(I) ADVERSARIAL ARTIFICI AL INTELLIGENCE ; 1
290		-
291		-	(II) CYBER ATTACKS ; 2
292		-
293		-	(III) DEEPFAKE TECHNOLOGIE S; 3
294		-
295		-	(IV) UNETHICAL USE ; AND 4
296		-
297		-	(V) FRAUD; AND 5
298		-
299		-	[(7)] (9) recommend any legislative changes considered necessary by the 6
300		-	Council to address cybersecurity issues. 7
301		-
302		-	SECTION 2. AND BE IT FURTHER ENACTED, That it is the intent of the General 8
303		-	Assembly that the Maryland Cybersecurity Council reviews and adjusts its subcommittee 9
304		-	structure, if necessary, and implements appropriate bylaws of operation consistent with 10
305		-	State law by December 1, 2025. 11
306		-
307		-	SECTION 2. 3. AND BE IT FURTHER ENACTED, That this Act shall take effect 12
308		-	October 1, 2025. 13
	152	+	SECTION 2. AND BE IT FURTHER ENACTED, That this Act shall take effect 3
	153	+	October 1, 2025. 4
309	154
310	155
311	156
312	157
313	158		Approved:
314	159		________________________________________________________________________________
315	160		Governor.
316	161		________________________________________________________________________________
317	162		Speaker of the House of Delegates.
318	163		________________________________________________________________________________
319	164		President of the Senate.