The status of new cybersecurity laws proposed in Maryland

As employers in the private and public sectors adjust to the advent of flexible work over the last two years, they're simultaneously trying to protect their organizations from attackers looking to steal and sell data.

2021 was a year defined by significant cyberattacks that crippled infrastructure and shut down hospitals, schools, and municipal governments. It's the same year the Colonial Pipeline, which supplies gasoline to millions living in the Northeast U.S., was hobbled by a ransomware attack that triggered a gas panic and elevated prices for consumers.

And lawmakers were paying attention—passing dozens of laws in 2022 aimed at training workers, securing government agencies, and funneling money into cybersecurity education programs.

Drata compiled a list of new cybersecurity-related legislation in Maryland through February 2023 based on data collected by the National Conference of State Legislatures.

States that passed the most cybersecurity legislation in the past year:

#1. Maryland - 8 laws enacted

#2. Florida - 4

#3 (tie). Virginia - 3

#3 (tie). Kentucky - 3

Maryland new cybersecurity laws in 2022
- Bills enacted: 8
- Bills failed: 17
- Bills vetoed: 2

MD HB 24
- Description: Alters certain criteria for the Cybersecurity Public Service Scholarship Program, includes increasing the number of years a recipient may hold an award, expanding the qualifying positions for a scholarship recipient to fulfill a work obligation, establishes criteria for part time students to be eligible for the scholarship, hold an award, and fulfill a work obligation, requires the State Department of Education to provide information on the Program to high school students.
- Read more about the bill here

MD HB 1205
- Description: Requires a certain water or sewer system to, on or before a certain date, assess its vulnerability to a cyber attack, develop a cybersecurity plan if appropriate, and submit a certain report to the General Assembly, authorizes the Water Quality Financing Administration to provide financial assistance to a public water or wastewater system to assess system cybersecurity vulnerabilities and develop a cybersecurity plan, establishes the Local Cybersecurity Support Fund as a special, nonlapsing fund.
- Read more about the bill here

MD SB 4
- Description: Alters certain criteria for the Cybersecurity Public Service Scholarship Program, including increasing the number of years a recipient may hold an award, expanding the qualifying positions for a scholarship recipient to fulfill a work obligation, and establishing criteria for part time students to be eligible for the scholarship, hold an award, and fulfill a work obligation, requires the State Department of Education to provide information on the Program to high school students.
- Read more about the bill here

MD SB 207
- Description: Establishes certain cybersecurity standards applicable to insurance carriers, including health maintenance organizations and third party administrators, requires a carrier to take certain actions related to cybersecurity, including developing, implementing, and maintaining a certain information security program, identifying certain threats, and establishing a certain incident response plan, requires a carrier to notify the Insurance Commissioner that a cybersecurity event occurred.
- Read more about the bill here

MD SB 290
- Description: Makes the proposed appropriations contained in the State Budget for the fiscal year ending on specified date, in accordance with Article III, Section 52 of the Maryland Constitution, relates to appropriations and budgetary provisions.
- Read more about the bill here

MD SB 633
- Description: Makes alterations to the 9-1-1 Emergency Telephone System in the State, alters the classification of 9-1-1 specialists, authorizes 9-1-1 specialists to seek certain treatment confidentially, requires the Maryland 9-1-1 Board to establish certain procedures governing vacancies on the Board, alters the Powers and duties of the Board with respect to public safety answering point personnel and cybersecurity standards.
- Read more about the bill here

MD SB 754
- Description: Establishes the Cyber Preparedness Unit in the Maryland Department of Emergency Management, establishes certain responsibilities of the Unit, requires local governments to report certain cybersecurity incidents in a certain manner and under certain circumstances, requires the State Security Operations Center to notify appropriate agencies of a cybersecurity incident in a certain manner, establishes the Cybersecurity Fusion Center in the Maryland Department of Emergency Management.
- Read more about the bill here

MD SB 812
- Description: Establishes the Office of Security Management within the Department of Information Technology and the Maryland Cybersecurity Coordinating Council, centralizes authority and control of the procurement of all information technology for the Executive Branch of State government, exempts meetings of the Council from the Open Meetings Act, requires each unit of the Executive Branch of State government and certain local entities to report certain cybersecurity incidents.
- Read more about the bill here