- (1) In coordination with the Department of Information Technology and the Maryland Department of Emergency Management, coordinate cybersecurity efforts within community water systems and community sewerage systems;
- (2) Include cybersecurity awareness components for all new and renewing operator and superintendent certifications under Title 12 of this article; and
(3) In consultation with the Department of Information Technology:
(i) Update regulations governing community water systems and community sewerage systems to:
- 1. Include comprehensive sections regarding cybersecurity standards for water and wastewater treatment facilities; and
- 2. Require community water system and community sewerage system providers to report cyber incidents consistent with Department of Information Technology guidance in accordance with § 9-2707(b) of this subtitle;
- (ii) Promulgate minimum cybersecurity standards for established community water systems and community sewerage systems that meet or exceed the federal Cybersecurity and Infrastructure Security Agency's cross-sector cybersecurity performance goals;
- (iii) Require community water systems and community sewerage systems to plan for disruptions of service due to cyber incidents, including ransomware attacks and other events resulting in root-level compromise;
- (iv) Establish a list of approved cybersecurity training programs for staff responsible for maintaining or operating water and wastewater facilities; and
- (v) Implement measures to protect the active certified operators list maintained on the Department's website while ensuring legitimate access for necessary purposes.
The Department shall:
Added by Acts 2025, c. 495, § 1, eff. Oct. 1, 2025.