Please ensure Javascript is enabled for purposes of website accessibility

Md. cybersecurity council urges more state investment to combat attacks


The Maryland Cybersecurity Activities Council Report said the state has to invest more in technology infrastructure.

Maryland has made progress in improving its cybersecurity environment but must do more to invest as cyberattacks increase, the first full report by the state’s cybersecurity council said.

Coming on the heels of Russia’s cyberattack on the U.S. election and multiple widespread ransomware attacks this year, among other high-profile cyberattacks, the Maryland Cybersecurity Activities Council Report said the state has to invest more in technology infrastructure.

“One of the council’s new concerns is the rate at which the state government is investing in its core cybersecurity capabilities,” the report said. “State governments and their agencies hold volumes of personal data and business information, provide services, and play a critical role in responding to emergencies.”

Attorney General Brian E. Frosh chaired the 50-member panel, which was charged with assessing the cybersecurity risk of critical infrastructure in Maryland, including adoption of the National Institute of Standards and Technology (NIST) cybersecurity framework.

Critical infrastructure includes the electrical grid, banks, trains and port facilities, public and private water treatment and supply plants and hospitals. Other important sectors at risk of cyberattacks included information technology and communications.

After releasing initial recommendations last year, the biennial report reflected the first two years of the council’s look at cybersecurity in Maryland. The report found that the recommendations had the most impact in improving consumer protections and creating a best practices portal for agencies and business.

It specifically cited two laws passed by the state legislature this year based on the work of the council. One law required businesses to protect the information of former employees and the other allows consumers to freeze their credit after a data breach without being charged a fee.

But while those actions were implemented, they represent just two of 17 recommendations the panel made last year. The council also made nine new recommendations this year.

As part of the report, the council found that the state should encourage more collaboration between different cybersecurity group and agencies at the local, state and regional levels.

One of those efforts could include the creation of a state cyber first responder force, run out of the Maryland National Guard and the Maryland Emergency Management Agency. The force would respond to cyber emergencies the same way the state would respond to natural disasters or other emergencies.

The council also included a subcommittee to focus on economic development around the cybersecurity business in Maryland. Because of the state’s proximity to the federal government and the National Security Agency’s Fort Meade headquarters, the state attracts many cybersecurity jobs.

The report included some recommendations to improve the economic climate for those agencies and companies. The main recommendation was to improve state support for cybersecurity business accelerators.

By the time the next report is issued in two years, the council will also consider changes to the state’s Investment Tax Credit, incentives to give Maryland an edge in recruiting skilled professionals into the state and incentives for firms to take on student interns to accelerate their security clearance process.


To purchase a reprint of this article, contact