MD HB235

Transfers responsibility for local government vulnerability and cyber assessments from the Cyber Preparedness Unit (Maryland Department of Emergency Management) to the Office of Security Management (Department of Information Technology)

Expands the Office of Security Management's authority to address cybersecurity threats that are "affecting or potentially affecting" state network entities, not just threats "caused by" those entities

Requires a new annual report by the third Wednesday of January on state cybersecurity expenditures relative to overall IT spending for the prior 3 years, with budget recommendations for improving preparedness

Adds explicit "implementing" responsibility to the Secretary of Information Technology's duties for IT policies and statewide cybersecurity strategy

Removes requirement for annual report to include 3-year analysis of cybersecurity spending relative to IT spending (moved to separate January report) and removes training on malware/ransomware detection from Cyber Preparedness Unit duties