The bills, among several dozen the governor put his signature on during one of the final bill-signing ceremonies of the 2022 legislative session, follow a string of costly high-profile ransomware and other cyberattacks that temporarily crippled Maryland governmental bodies .
A 2019 ransomware attack in Baltimore devastated the city government’s system for weeks and cost millions of dollars. In 2020, paychecks and class schedules were among systems compromised in an attack on Baltimore County Public Schools. An attack on the Maryland Department of Health last December left daily COVID-19 statistics go unreported just as the omicron variant began spreading in the state.
Senate President Bill Ferguson, a Baltimore Democrat, said the record investments now will help protect “against disruptive cyberattacks by Russia or any other of our international adversaries.”
Hogan, in brief remarks before taking photos and handing out pens amid a parade of constituents and legislators, said the cybersecurity bills “further strengthen Maryland’s standing as the cyber capital of America.”
It was the third ceremonial bill-signing for the hundreds of pieces of legislation the Democrat-controlled General Assembly passed during this year’s 90-day session. Hogan, a Republican in his final year as governor, had already signed — or had vetoes overturned — for many of the year’s landmark new laws, such as expanding abortion access, the creation of a statewide paid medical and family leave program and strengthening climate change goals.
Other bills finalized with Hogan’s signature Thursday include those establishing a program to help nurses and nurse support staff repay education loans, creating a fund to fight pediatric cancer, prohibiting the removal of historic trees identified in what are known as “old-growth forests,” and expressing solidarity with Ukraine against Russia.
The cyber measures make permanent some aspects of an executive order Hogan signed in 2019 while providing additional resources and rules to aid county and state governments, school systems and local health departments against digital attacks.
A law focusing on those entities will fund a new Cyber Preparedness Unit within the Maryland Department of Emergency Management. It will be equipped with a budget of about $455,000 and a staff of five people to work with local governments. Another $6.1 million will go toward software and filling 40 new positions like cyber policy and strategy planners, analysts and incident responders within the Department of Information Technology, according to an analysis of the bill.
State government entities, meanwhile, will get more attention by being required to conduct cybersecurity assessments every two years, costing an estimated $10 million for each round.
The state’s chief information security officer, a position created by the 2019 executive order, will become an official role appointed by the governor and approved by the state Senate to handle cybersecurity incidents and create policy, including guidelines about when incidents are disclosed publicly.
Other new entities in the laws include a Local Cybersecurity Support Fund to assist local governments with funding for cybersecurity, and an oversight commission to provide a longer-term “strategic road map.” One of the laws will require public and private water or sewer systems that serve at least 10,000 people and receive state funding to assess their vulnerability to attacks and develop cybersecurity plans.
“These are bills that really got into the weeds, and it really matters that we do this well,” Ferguson said.
Environmentalists, meanwhile, helped introduce and pass the anti-logging measure this year to prevent the destruction of old-growth forests — woodland that has never been altered by humans.
Less than one-tenth of 1% of the state’s 2.8 million acres of forested land remains in that condition, yet it lacks the same protections as larger areas designated as state forest or wildland. The new law will offer protections for old-growth forests as small as five acres on state conservation land.
The signing of the loan program for nurses came on International Nurses Day. The program’s funding will be determined by a stakeholder group established by the law. It is intended to support the workforce of nurses — along with support staff like certified nursing assistants and medical technicians — whose numbers have dwindled under the stresses of the pandemic.
Finally, the establishment of a Maryland Pediatric Cancer Fund within the Maryland Department of Health will devote $5 million for pediatric cancer research, distributed through grants to physicians, hospitals, laboratories or educational institutions.
© 2022 Baltimore Sun. Distributed by Tribune Content Agency, LLC.
