MD SB825

Establishes a Critical Infrastructure Protection Branch within the Maryland Coordination and Analysis Center, led by a Chief Critical Infrastructure Officer appointed by the Executive Director

Requires the Branch to identify threats to critical infrastructure, assess vulnerabilities from foreign actors, domestic actors, and insider threats, and conduct integrated security assessments in coordination with the Department of Information Technology, Office of Security Management, and Public Service Commission

Defines critical infrastructure as physical or virtual assets, systems, and networks deemed vital by the U.S. Department of Homeland Security, explicitly including hospitals and health care facilities

Requires the Department of Emergency Management to coordinate consequence management and response efforts following attacks on critical infrastructure

Mandates the Department of Information Technology to allow critical infrastructure owners and operators to join the Maryland Information Sharing and Analysis Center and receive current cybersecurity reporting standards

Takes effect July 1, 2026