Maryland Moves to Standardize, Centralize Cyberdefenses

The Office of Security Management was created Tuesday through executive order. State CISO John Evans will lead the new office within the Department of Information Technology and oversee consolidation of cyberdefenses.

by / June 18, 2019
Shutterstock

A little over a month after a ransomware attack devastated the city of Baltimore, Maryland officials have launched a new cybersecurity initiative designed to bolster defenses against cyberattacks while also implementing more consistent security measures for state data.

The Maryland Cyber Defense Initiative was created Tuesday through an executive order signed by Gov. Larry Hogan, and seeks to centralize the state’s cybersecurity operations while also standardizing executive agencies’ approach to cyberdefense. 

The order creates the Office of Security Management, which will operate from inside the state’s Department of Information Technology. Helming this new office will be John Evans, the state's chief information security officer (SCISO). The new role will see Evans working to implement all cybersecurity policy for executive-level agencies. 

Patrick Mulford, director of communications for the Department of Information Technology, said that Evans responsibilities and oversight will be enlarged from his previous position. 

“The office will be made up of John and his staff and in essence they will oversee all of the cybersecurity activities of departments, agencies and units inside of the executive branch,” said Mulford, speaking with Government Technology. “Basically, the main difference between John’s old role and his new role is that he used to only oversee the Department of Information Technology as SCISO, and now he will be working with all of the other CISOs to make sure that all of the state of Maryland departments and units are following the same standards and guidelines.”  

The order also creates a Maryland Cybersecurity Coordinating Council, which will be responsible for giving advice on strategy and implementation to SCISO, and will be made up of state officials or a senior staff official from a number of executive offices, including the Director of the Governor's Office of Homeland Security, the Secretary of Budget and Management, the Superintendent of State Police and others. 

The officials associated with the initiative will also be in charge of updating the Maryland Cybersecurity Manual, which will serve as an agency guide for standardized defense. 

“In today’s world of emerging cyberthreats, it is crucial that we work in unity to improve the processes and procedures designed to protect Marylanders and to manage and minimize the consequences of cyber events,” said Hogan, in a press release. “The steps we are taking today are about ensuring that Maryland’s infrastructure and citizens are as safe as possible from cyberattacks.”

Mulford said that the new policies and office don’t necessarily have a direct correlation to the recent ransomware attack in Baltimore. 

“It really doesn’t have to do with any single incident,” Mulford said. “We’ve actually been working on it for some time now. We’re just really trying to centralize our cybersecurity efforts with one position in one entity. ... Sometimes there’s overlapping things and diverging approaches, and we just all want to get on one same page,” he said. 

Lucas Ropek Staff Writer

Lucas Ropek is a staff writer for Government Technology. He has worked as a newspaper reporter and writer in Massachusetts and New York. He received his Bachelor's degree in English from Kenyon College in Ohio. He lives in Northern California.

Platforms & Programs