§ 9-2702
217 words·~1 min read·
/md/environment/9-2702A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
§9–2702.
The Department shall:
(1)In coordination with the Department of Information Technology and the Maryland Department of Emergency Management, coordinate cybersecurity efforts within community water systems and community sewerage systems;
(2)Include cybersecurity awareness components for all new and renewing operator and superintendent certifications under Title 12 of this article; and
(3)In consultation with the Department of Information Technology:
(i)Update regulations governing community water systems and community sewerage systems to:
1. Include comprehensive sections regarding cybersecurity standards for water and wastewater treatment facilities; and
2. Require community water system and community sewerage system providers to report cyber incidents consistent with Department of Information Technology guidance in accordance with § 9–2707(b) of this subtitle;
(ii)Promulgate minimum cybersecurity standards for established community water systems and community sewerage systems that meet or exceed the federal Cybersecurity and Infrastructure Security Agency’s cross–sector cybersecurity performance goals;
(iii)Require community water systems and community sewerage systems to plan for disruptions of service due to cyber incidents, including ransomware attacks and other events resulting in root–level compromise;
(iv)Establish a list of approved cybersecurity training programs for staff responsible for maintaining or operating water and wastewater facilities; and
(v)Implement measures to protect the active certified operators list maintained on the Department’s website while ensuring legitimate access for necessary purposes.