MD HB1062

Department of the Environment must coordinate cybersecurity efforts for community water and sewerage systems with the Department of Information Technology and Maryland Department of Emergency Management, including updating regulations to include cybersecurity standards that meet or exceed federal CISA cross-sector performance goals

Community water and sewerage systems serving over 3,300 customers must adopt minimum cybersecurity standards, commit to a zero-trust cybersecurity approach, and conduct maturity assessments of their cybersecurity programs every 2 years starting July 1, 2026

All community water and sewerage system providers must appoint a primary cybersecurity point of contact, attend annual cybersecurity awareness training, and report cybersecurity incidents to the State Security Operations Center

Department of Information Technology must hire an operational technology cybersecurity specialist, allow water/wastewater sector members to join the Maryland Information Sharing and Analysis Center, and develop guidance documents with best practices beyond minimum standards

Public records related to the security of operational technology and critical infrastructure, including community water and sewerage systems, are exempt from public inspection under the Maryland Public Information Act