With the 2021 Legislative Session rapidly approaching, MACo is profiling some major issues that stand to gather attention in the General Assembly’s work. Here, we preview potential actions surrounding Cybersecurity & IT.
Globally cyber attacks are on the rise. This month, the Maryland Department of Health fell victim to a cyberattack from which they are still recovering. In recent years both Baltimore County Public School and Baltimore City were targeted by criminals, causing significant disruption of services to residents. And there are countless other examples.
The issue papers mention that during the 2021 legislative session:
…the State reformed the responsibilities of DoIT. Chapter 218 of 2021 requires the Secretary of Information Technology to consult with the Attorney General to oversee a consistent cybersecurity strategy specifically for the Executive Branch. Additionally, Chapter 683 of 2021 establishes the Center for Cybersecurity at the University of Maryland, Baltimore County in order to provide research and support for cybersecurity-related activities. Chapter 425 of 2021 expands the list of network-related prohibited acts on a broad array of computer networks in the State. Chapter 425 prohibits a person from performing acts, including exceeding authorized network access and distributing valid access codes to unauthorized persons, on public school or health care facility networks with the intent to impair network functioning.
We anticipate that the upcoming 2022 legislative session will be hot for cybersecurity. With billions of dollars coming into the state from the federal infrastructure package and the state currently experiencing a multi-billion dollar surplus, now is the time to invest. In 2018 the Maryland Cybersecurity Council said updates to the state’s cybersecurity capabilities would require an upfront investment of nearly $30 million and a roughly $14 – $15 million per year after that. Recent recommendations from the Department of Legislative Services put that figure closer to $150 million, just three years later. Cyber threats are not going away, and 2022 represents an opportunity to act before the situation gets worse.