Gov. Larry Hogan signed an executive order Tuesday designed to strengthen the state's defenses against cyber attacks, appointing a single official with responsibility for computer security at all state agencies.
The order creates the post of Maryland Chief Information Security Officer, who will lead a security management office in the state’s IT department and chair a council that will coordinate cyber security efforts among state agencies.
“In today’s world of emerging cyber threats, it is crucial that we work in unity to improve the processes and procedures designed to protect Marylanders and to manage and minimize the consequences of cyber events,” Hogan said in a statement.
“The steps we are taking today are about ensuring that Maryland’s infrastructure and citizens are as safe as possible from cyber attacks.”
Hogan’s announcement is focused on protecting state government networks. He named John Evans as the first state CISO. Evans currently serves as director of statewide security services in the state’s IT department, which has a $4 million budget.
Maryland Policy & Politics
The Republican governor’s office said the order was being worked on before ransomware brought computer systems in Baltimore to a standstill in early May, but the assault on the city’s computers highlighted the risks governmental computer networks face. Evans has said the city initially rebuffed help from the state for about a week because the two governments didn’t have a close working relationship.
Evans’ statewide security services office will be transformed into the new security management office, but a spokesman for the IT department said the new position will have expanded responsibility for security across government agencies.
In his new role, Evans will report directly to the secretary of the IT department, Michael G. Leahy.
Leahy said the steps announced by Hogan will help ensure consistency in the how the state protects residents’ data.
“This initiative allows the state to maintain and constantly improve and adapt plans to combat rapidly emerging cyber threats and to implement cybersecurity plans effectively and efficiently,” Leahy said in a statement.
Evans also will lead the Maryland Cybersecurity Coordinating Council, which must meet every quarter under Hogan’s order. State secretaries will send representatives to discuss security and consult with outside experts.
In 2015, the Democrat-controlled General Assembly created the Maryland Cybersecurity Council, which is led by Democratic Attorney General Brian Frosh. While the new coordinating committee will focus on protecting state government systems, the older council has a wider set of responsibilities, including finding ways to protect sensitive infrastructure.