Counties Support Local Cybersecurity Training, Oppose State Mandated Training

On March 2, MACo Policy Associate Drew Jabin submitted testimony in opposition to SB 873 – Department of Information Technology – State and Local Government Employees and Contractors – Cybersecurity Training. This bill would place a detailed mandate on county governments to carry out new state policy and implement State-mandated cybersecurity training programs.

From the MACo Testimony:

County governments are established and complex employers and entities – and are not truly in need of the degree of hands-on requirements that SB 873 envisions. As a rule, MACo resists state policies that result in costly or burdensome local implementation. SB 873 overrides local autonomy on how best to implement cybersecurity training programs.

Counties all currently have thorough local cybersecurity training and are already meeting the spirit of this legislation. While counties do not oppose the general intention of the State providing cybersecurity guidance and best practices, SB 873 concerningly lacks any hint of local input. Most of Maryland’s jurisdictions use the program “KnowB4” for cybersecurity training – which could be mandated to change as the state Department of Information Technology, in coordination with the Maryland Cybersecurity Council, is tasked with determining what programs will fill the 20 slots allotted under this bill without appropriate deference to what tools are already successful locally.

Again, MACo does not oppose the idea of increased cybersecurity training, but SB 873 oversteps the boundaries of local autonomy and does not allow for any county input in the process.

Follow MACo’s advocacy efforts during the 2021 legislative session on MACo’s Legislative Tracking Database.