(a) There is a Maryland Cybersecurity Coordinating Council.
Membership
(b)(1) The Council consists of the following members:
(i) the secretary of each of the principal departments listed in § 8-201 of the State Government Article, or a secretary's designee;
(ii) the State Chief Information Security Officer;
(iii) the Adjutant General of the Maryland National Guard, or the Adjutant General's designee;
(iv) the Superintendent of State Police, or the Superintendent's designee;
(v) the Director of the Governor's Office of Homeland Security, or the Director's designee;
(vi) the Executive Director of the Department of Legislative Services, or the Executive Director's designee;
(vii) one representative of the Administrative Office of the Courts;
(viii) the Chancellor of the University System of Maryland, or the Chancellor's designee; and
(ix) any other stakeholder that the State Chief Information Security Officer deems appropriate.
(2) If a designee serves on the Council in place of an official listed in paragraph (1) of this subsection, the designee shall report information from the Council meetings and other communications to the official.
Nonvoting members
(c) In addition to the members listed under subsection (b) of this section, the following representatives may serve as nonvoting members of the Council:
(1) one member of the Senate of Maryland, appointed by the President of the Senate;
(2) one member of the House of Delegates, appointed by the Speaker of the House; and
(3) one representative of the judiciary, appointed by the Chief Justice of the Supreme Court of Maryland.
Chair
(d) The chair of the Council is the State Chief Information Security Officer.
Meetings
(e) The Council shall meet at least quarterly at the request of the chair.
Duties
(f) The Council shall:
(1) provide advice and recommendations to the State Chief Information Security Officer regarding:
(i) the strategy and implementation of cybersecurity initiatives and recommendations; and
(ii) building and sustaining the capability of the State to identify and mitigate cybersecurity risk and respond to and recover from cybersecurity-related incidents.
(2) use the analysis compiled by the Office under § 3.5-2A-04(e)(1)(ii) of this subtitle to prioritize cybersecurity risk across the Executive Branch of State government and make corresponding recommendations for security investments in the Governor's annual budget.
Consultation
(g) In carrying out the duties of the Council, the Council shall consult with outside experts, including experts in the private sector, government agencies, and institutions of higher education.
Credits
Added by Acts 2022, c. 242, § 2, eff. July 1, 2022. Amended by Acts 2022, c. 135, § 5; Acts 2023, c. 49, § 6.
MD Code, State Finance and Procurement, § 3.5-2A-05, MD STATE FIN & PROC § 3.5-2A-05
Current through legislation effective through May 9, 2024, from the 2024 Regular Session of the General Assembly. Some statute sections may be more current, see credits for details.
