(a)
- (1) In this section the following words have the meanings indicated.
- (2) “Fund” means the Local Cybersecurity Support Fund.
- (3) “Local government” includes local school systems, local school boards, and local health departments.
(b)
- (1) There is a Local Cybersecurity Support Fund.
(2) The purpose of the Fund is to:
(i) provide financial assistance to local governments to improve cybersecurity preparedness, including:
- 1. updating current devices and networks with the most up-to-date cybersecurity protections;
- 2. supporting the purchase of new hardware, software, devices, and firewalls to improve cybersecurity preparedness;
- 3. recruiting and hiring information technology staff focused on cybersecurity;
- 4. paying outside vendors for cybersecurity staff training;
- 5. conducting cybersecurity vulnerability assessments;
- 6. addressing high-risk cybersecurity vulnerabilities identified by vulnerability assessments;
- 7. implementing and maintaining integrators and other similar intelligence sharing infrastructure that enable connection with the Information Sharing and Analysis Center in the Department of Information Technology; and
- 8. supporting the security of local wastewater treatment plants, including bicounty, county, and municipal plants, by acquiring or implementing cybersecurity-related upgrades to the plants; and
- (ii) assist local governments applying for federal cybersecurity preparedness grants.
- (3) The Secretary shall administer the Fund.
(4)
- (i) The Fund is a special, nonlapsing fund that is not subject to § 7-302 of the State Finance and Procurement Article.
- (ii) The State Treasurer shall hold the Fund separately, and the Comptroller shall account for the Fund.
(5) The Fund consists of:
- (i) money appropriated in the State budget to the Fund;
- (ii) interest earnings; and
- (iii) any other money from any other source accepted for the benefit of the Fund.
(6) The Fund may be used only:
(i) to provide financial assistance to local governments to improve cybersecurity preparedness, including:
- 1. updating current devices and networks with the most up-to-date cybersecurity protections;
- 2. supporting the purchase of new hardware, software, devices, and firewalls to improve cybersecurity preparedness;
- 3. recruiting and hiring information technology staff focused on cybersecurity;
- 4. paying outside vendors for cybersecurity staff training;
- 5. conducting cybersecurity vulnerability assessments;
- 6. addressing high-risk cybersecurity vulnerabilities identified by vulnerability assessments;
- 7. implementing or maintaining integrators and other similar intelligence sharing infrastructure that enable connection with the Information Sharing and Analysis Center in the Department of Information Technology; and
- 8. supporting the security of local wastewater treatment plants, including bicounty, county, and municipal plants, by acquiring or implementing cybersecurity-related upgrades to the plants;
- (ii) to assist local governments applying for federal cybersecurity preparedness grants; and
- (iii) for administrative expenses associated with providing the assistance described under item (i) of this paragraph.
(7)
- (i) The State Treasurer shall invest the money of the Fund in the same manner as other State money may be invested.
- (ii) Any interest earnings of the Fund shall be credited to the Fund.
- (8) Expenditures from the Fund may be made only in accordance with the State budget.
(c) To be eligible to receive assistance from the Fund, a local government shall:
- (1) provide proof to the Department of Information Technology that the local government conducted a cybersecurity preparedness assessment in the previous 12 months; or
(2) within 12 months undergo a cybersecurity preparedness assessment provided by, in accordance with the preference of the local government:
- (i) the Department of Information Technology at a cost to the local government that does not exceed the cost to the Department of Information Technology of providing the assessment; or
- (ii) a vendor authorized by the Department of Information Technology to complete cybersecurity preparedness assessments.
Added by Acts 2022, c. 243, § 1, eff. May 12, 2022.