New cybersecurity guidance coming to Maryland localities

New cybersecurity guidance coming to Maryland localities

Image by vicky gharat from Pixabay

By A.R. CABRAL
Capital News Service

ANNAPOLIS, Md. — A new law that strives to enhance cybersecurity in Maryland for local governments and small organizations will go into effect Friday.

The law aims to promote cybersecurity oversight and advisement between the secretary of information technology, the attorney general, and the legislative and judicial branches of government for offices and agencies of state government, according to the bill, SB049.

“Maryland is going to be proactive,” said Sen. Susan Lee, D-Montgomery. “We can’t drop the ball, especially with technology advancing so quickly these days.”

The bill, modeled after 2019 legislation in North Dakota, promotes greater cybersecurity awareness for local municipalities. Understanding malicious software like ransomware can help protect local organizations before a cyber attack instead of addressing the problem after the fact, according to Lee.

The cybersecurity bill comes on the heels of a ransomware attack that struck the Baltimore City government in May 2019. This cyberattack was followed by a devastating ransom attack that hit Baltimore County Public Schools in November 2020.

The Baltimore City ransomware attack affected a network of about 7,000 users and disrupted city services, according to a press release from the mayor’s office.

The Baltimore County Public Schools ransomware event compromised a wide range of systems, from paychecks to class schedules but the school system was able to continue operations a week after the attack, according to Charles Herndon, a spokesman for Baltimore County Public Schools.

In a ransomware attack, a captor holds a person or organization’s files hostage through encryption. The easiest way to decrypt the data is to pay the captor what they want.

Baltimore County Public Schools declined to answer how much the ransom was and whether or not the school system paid the ransom, according to Herndon.

Another bill, SB623, which Lee also sponsored, prohibits the use of ransomware, with the intent to disrupt or impair, in the state of Maryland and will also go into effect Oct. 1. She explained that this type of bill is one of the first of its kind.

“The two (cybersecurity) bills go hand-in-hand,” said Lee. “A lot of the ransomware attacks have been on localities and on city governments, on hospitals and critical infrastructures. At least we are taking a first step in addressing these cyberattacks against our localities.”

Chip Stewart, state chief information security officer for the department of information technology, said people and organizations need to focus on cybersecurity. He cites the events of the past year and a half as evidence that anyone can be a target.

“I certainly encourage counties and municipalities to use the provisions, mentioned in SB049, to get help from us,” Stewart told Capital News Service. “We are here to help.”

One of the ways Maryland’s Department of Information Technology provides help to localities is with the department’s security manual. In it, readers can find how Maryland agencies seek to best protect their digital information, according to the manual.

Joe Carrigan, a senior security engineer at Johns Hopkins University, believes the bill gives a local municipality a greater opportunity for cybersecurity protection moving forward.

“The only thing (small organizations) can do is engage with a security consultant and that costs them something.
“Here with this new law, now they have a resource that they can go to and say, ‘Hey what do we do?’” Carrigan said.

About The Author

Capital News Service

kdenny12@umd.edu

Capital News Service is a student-powered news organization run by the University of Maryland Philip Merrill College of Journalism. For 26 years, we have provided deeply reported, award-winning coverage of issues of import to Marylanders. With bureaus in College Park, Annapolis and Washington run by professional journalists with decades of experience, we deliver news in multiple formats via partner news organizations, a destination Web site, a nightly on-air television newscast and affiliated social media channels (including Twitter and Facebook). We provide breaking news coverage, in-depth investigative and enterprise journalism, and serve as a laboratory for students to test and develop innovative new methods of reporting and telling stories. By providing a true newsroom experience to our students, we send them into the job market with real-world skills and the ability to shape the future of journalism. Only Merrill’s most motivated students are accepted into the Capital News Service program, and they go on to land internships and jobs at the nation’s finest news organizations: The New York Times, the Washington Post, CNN, the Associated Press, Politico, the Chicago Tribune, the Los Angeles Times, ProPublica, National Geographic, NBC News, The Dallas Morning News, the Washington City Paper, Washingtonian magazine, Money magazine, the Wall Street Journal and more.

Leave a reply

Your email address will not be published. Required fields are marked *

Support Our Work!

We depend on your support. A generous gift in any amount helps us continue to bring you this service.

MarylandReporter.com Podcast

Poll

Should schools mandate the COVID-19 vaccine if FDA approves it?

Subscribe to Our Newsletter

Facebook