(a) This section does not apply to municipal governments. (b) In a manner and frequency established in regulations adopted by the Department, each county government, local school system, and local health department shall: (1) in consultation with the local emergency manager, create or update a cybersecurity preparedness and response plan; and (2) complete a cybersecurity preparedness assessment. (c) The assessment required under paragraph (b)(2) of this section may, in accordance with the preference of each county government, be performed by the Department or by a vendor authorized by the Department. (d) (1) Each local government shall report a cybersecurity incident, including an attack on a State system being used by the local government, to the appropriate local emergency manager and the State Security Operations Center in the Department in accordance with paragraph (2) of this subsection. (2) For the reporting of cybersecurity incidents to local emergency managers under subparagraph (i) of this paragraph, the State Chief Information Security Officer shall determine: (i) the criteria for determining when an incident must be reported; (ii) the manner in which to report; and (iii) the time period within which a report must be made. (3) The State Security Operations Center shall immediately notify the appropriate agencies of a cybersecurity incident reported under this subsection through the State Security Operations Center.
‹ Prev All Maryland sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.