Bill > SB825

This bill establishes a new Critical Infrastructure Protection Branch within the Maryland Coordination and Analysis Center (MCAC), which is a hub for analyzing threats and sharing information. The bill defines "critical infrastructure" as vital physical or virtual assets and systems, such as those for security, economic stability, public health, and safety, including hospitals and healthcare facilities. The new branch will be led by a Chief Critical Infrastructure Officer responsible for administering the branch, directing statewide security efforts, and coordinating with various government offices, industry partners, and other stakeholders. The branch will identify threats, prioritize critical infrastructure assets by assessing their vulnerability to cyber and physical attacks, and support these assets by connecting them to resources for assessments, identifying funding for vulnerability remediation, and fostering shared learning. The Department of Emergency Management will coordinate response efforts to cascading impacts from attacks on critical infrastructure, while the Department of Information Technology will allow critical infrastructure owners and operators to join the Maryland Information Sharing and Analysis Center (MISA) and will provide them with cybersecurity reporting standards. The bill also clarifies that it does not override existing cybersecurity regulations.