For immediate release:
June 18, 2019
Contact: Patrick Mulford
patrick.mulford@maryland.gov
410-697-9495
Annapolis, MD—In an effort to further strengthen Maryland’s cybersecurity infrastructure, Governor Larry Hogan signed Executive Order 01.01.2019.07 creating the position of Maryland Chief Information Security Officer (SCISO), establishing the Office of Security Management and the Maryland Cybersecurity Coordinating Council (MCCC). These three entities will be the driving force behind the Maryland Cyber Defense Initiative, which will strengthen the state’s cybersecurity posture while also solidifying its ability to manage and minimize the consequences of a cybersecurity incident.
“Security of Marylanders is at the forefront of our administration’s efforts on a day-to-day basis. In today’s world of emerging cyber threats, it is crucial that we work in unity to improve the processes and procedures designed to protect Marylanders and to manage and minimize the consequences of cyber events,” said Governor Hogan. “The steps we are taking today are about ensuring that Maryland’s infrastructure and citizens are as safe as possible from cyber attacks.”
The Maryland Chief Information Security Officer will lead the Office of Security Management. The office, located within the Department of Information Technology, is responsible for the direction, coordination, and implementation of the overall cybersecurity strategy and policy for all state agencies in the Executive Branch. The SCISO and Office of Security Management will also lead the efforts of updating and disseminating the Maryland Cybersecurity Manual which will serve to direct and harmonize efforts among multiple organizations working towards unified cybersecurity goals.
“It is essential that the state’s overall cybersecurity strategy and policy are in alignment with best practices and the latest federal standards and guidelines, such as the Federal Information Security Modernization Act (FISMA) and the National Institute of Standards and Technology (NIST) guidelines,” said John Evans, Maryland’s Chief Information Security Officer.
The MCCC will provide policy-level guidance regarding the implementation of the cybersecurity program as well as work alongside internal and external stakeholders to provide recommendations to build and sustain the capabilities necessary for the state to identify, protect, detect, respond, and recover from cybersecurity-related risk. The MCCC will be comprised of state officials representing numerous agencies and departments throughout the state.
“Governor Hogan is once again showing that he is willing to do whatever it takes to keep Marylanders secure in all aspects of our lives. A centralized statewide cybersecurity structure is necessary to ensure that state government agencies are managing systems and data in a consistent and secure manner. This initiative allows the state to maintain and constantly improve and adapt plans to combat rapidly emerging cyber threats and to implement cybersecurity plans effectively and efficiently,” said Michael G. Leahy, Secretary of the Maryland Department of Information Technology.
To view a copy of the Executive Order, please click here.