MD SB871

Department of the Environment must coordinate cybersecurity efforts for community water and sewerage systems with the Department of Information Technology and Maryland Department of Emergency Management, including updating regulations to establish minimum cybersecurity standards meeting or exceeding federal CISA cross-sector performance goals

Community water and sewerage systems serving over 3,300 customers must adopt cybersecurity standards, commit to a zero-trust approach, and conduct third-party maturity assessments of their cybersecurity programs by July 1, 2026, and every 2 years thereafter

All community water and sewerage system providers must appoint a primary cybersecurity point of contact, attend annual cybersecurity training, and report cyber incidents to the State Security Operations Center

Public records related to the security of operational technology and critical infrastructure, including water and sewerage system records, are exempt from public inspection

Department of the Environment must report to the General Assembly on water system compliance and implementation progress by July 1, 2026, and every 2 years thereafter; act takes effect October 1, 2025