MD SB244

Transfers responsibility for supporting local government vulnerability and cyber assessments from the Cyber Preparedness Unit (Maryland Department of Emergency Management) to the Office of Security Management (Department of Information Technology)

Expands the Office of Security Management's authority to address cybersecurity threats that are "affecting or potentially affecting" network-connected entities, not just threats directly "caused by" those entities

Requires the Secretary of Information Technology to implement (not just develop) information technology policies and the statewide cybersecurity strategy

Creates a new separate annual budget report due by the third Wednesday in January analyzing cybersecurity spending relative to overall IT spending for the prior 3 years, with recommendations for funding changes

Removes the requirement for malware and ransomware detection training from the Cyber Preparedness Unit's online training database responsibilities