The Department shall: (1) In coordination with the Department of Information Technology and the Maryland Department of Emergency Management, coordinate cybersecurity efforts within community water systems and community sewerage systems; (2) Include cybersecurity awareness components for all new and renewing operator and superintendent certifications under Title 12 of this article; and (3) In consultation with the Department of Information Technology: (i) Update regulations governing community water systems and community sewerage systems to: 1. Include comprehensive sections regarding cybersecurity standards for water and wastewater treatment facilities; and 2. Require community water system and community sewerage system providers to report cyber incidents consistent with Department of Information Technology guidance in accordance with § 9-2707(b) of this subtitle; (ii) Promulgate minimum cybersecurity standards for established community water systems and community sewerage systems that meet or exceed the federal Cybersecurity and Infrastructure Security Agency's cross-sector cybersecurity performance goals; (iii) Require community water systems and community sewerage systems to plan for disruptions of service due to cyber incidents, including ransomware attacks and other events resulting in root-level compromise; (iv) Establish a list of approved cybersecurity training programs for staff responsible for maintaining or operating water and wastewater facilities; and (v) Implement measures to protect the active certified operators list maintained on the Department's website while ensuring legitimate access for necessary purposes.
‹ Prev All Maryland sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.