Maryland Governor Larry Hogan signed an executive order designed to bolster the state’s cyber defenses in light of the devastating ransomware attack that recently struck Baltimore by creating several new cybersecurity departments and positions.
The executive order creates the Maryland Cyber Defense Initiative which will manage the state’s ability to handle any consequences of a cybersecurity incident.
Additionally, Logan created the appointed position of state chief information officer. This person, who will report to the state secretary of information technology, will wear several hats. First, the CISO will serve as the department of information technologies CISO while managing the newly created office of security management. In addition the CISO will advise the governor on cybersecurity issues.
The office of security management will be responsible for the direction, coordination and implementation of the state’s overall cybersecurity strategy and policy for the executive branch. The office’s task include creating standards to organize information collected and maintained by each unit of the state government, create guidelines governing the types of information and system systems for each category, security requirements for all information and systems, manage security awareness training, develop data management, governance and specification standards to help reduce risk.
The executive order also created an overarching advisory committee called the Maryland Cybersecurity Coordinating Council that will provide advice and recommendations to the state CISO on cybersecurity strategy and implementation. The council will be chaired by the state CISO, meet at least quarterly and be comprised of eight state officials.