Read the full stored bill text
EXPLANATION: CAPITALS INDICATE MATTER ADDED TO EXISTING LAW.
[Brackets] indicate matter deleted from existing law.
Underlining indicates amendments to bill.
Strike out indicates matter stricken from the bill by amendment or deleted from the law by
amendment.
*hb1239*
HOUSE BILL 1239
E4 6lr2743
CF SB 825
By: Delegates Kaiser, Kaufman, Qi, Simmons, and Watson
Introduced and read first time: February 11, 2026
Assigned to: Government, Labor, and Elections
Committee Report: Favorable with amendments
House action: Adopted
Read second time: March 7, 2026
CHAPTER ______
AN ACT concerning 1
Public Safety – Critical Infrastructure Protection 2
FOR the purpose of establishing the Critical Infrastructure Protection Branch in the 3
Maryland Coordination and Analysis Center; requiring the Department of 4
Emergency Management, in consultation with the Center, to take certain action in 5
response to an attack on the State’s critical infrastructure; requiring the Department 6
of Information Technology to allow the owner or operator of critical infrastructure to 7
become a member of the Maryland Information Sharing and Analysis Center and 8
provide certain cybersecurity reporting stan dards to the owner or operator; and 9
generally relating to critical infrastructure protection. 10
BY adding to 11
Article – Public Safety 12
Section 14–1401 through 14–1404 to be under the new subtitle “Subtitle 14. Critical 13
Infrastructure” 14
Annotated Code of Maryland 15
(2022 Replacement Volume and 2025 Supplement) 16
Preamble 17
WHEREAS, It is the government’s responsibility to plan and provide for public 18
safety, protection of public and private institutions and infrastructure, and continuity of 19
governance; and 20
2 HOUSE BILL 1239
WHEREAS, Critical infrastructure forms the backbone of Maryland’s economy, 1
public safety, and quality of life and any disruption to these systems poses a direct threat 2
to the health, safety, and welfare of Maryland residents and visitors; and 3
WHEREAS, Ef fective protection of critical infrastructure requires coordinated 4
planning, information sharing, and preparedness among State and local governments, 5
private sector owners and operators, federal partners, and regional stakeholders to identify 6
vulnerabilities, mitigate risks, and respond rapidly to emerging threats; and 7
WHEREAS, Maryland’s proximity to the nation’s capital, its many points of entry 8
into the United States, and the multitude of high –profile targets in the 9
Washington–Baltimore region require homeland security to be a top priority of the 10
Governor; now, therefore, 11
SECTION 1. BE IT ENACTED BY THE GENERAL ASSEMBLY OF MARYLAND, 12
That the Laws of Maryland read as follows: 13
Article – Public Safety 14
SUBTITLE 14. CRITICAL INFRASTRUCTURE. 15
14–1401. 16
(A) IN THIS SUBTITLE THE FOLLOWING WORDS HAVE THE MEANINGS 17
INDICATED. 18
(B) “BRANCH” MEANS THE CRITICAL INFRASTRUCTURE PROTECTION 19
BRANCH. 20
(C) “CENTER” MEANS THE MARYLAND COORDINATION AND ANALYSIS 21
CENTER. 22
(D) (1) “CRITICAL INFRASTRUCTU RE” MEANS ASSET S, SYSTEMS, AND 23
NETWORKS, WHETHER PHYSICAL OR VIRTUAL, CONSIDERED BY THE U.S. 24
DEPARTMENT OF HOMELAND SECURITY TO BE SO VIT AL TO THE UNITED STATES 25
THAT THEIR INCAPACIT ATION OR DESTRUCTION WOULD HAVE A DEBILIT ATING 26
EFFECT ON ONE OR MORE OF THE FOLLOWING: 27
(I) SECURITY; 28
(II) NATIONAL ECONOMIC SECURITY; 29
(III) NATIONAL PUBLIC HEALTH; OR 30
(IV) SAFETY. 31
HOUSE BILL 1239 3
(2) “CRITICAL INFRASTRUCTU RE” INCLUDES A HOSPITAL OR 1
HEALTH CARE FACILITY. 2
(E) “EXECUTIVE DIRECTOR” MEANS THE EXECUTIVE DIRECTOR OF THE 3
MARYLAND COORDINATION AND ANALYSIS CENTER. 4
14–1402. 5
THERE IS A CRITICAL INFRASTRUCTURE PROTECTION BRANCH IN THE 6
MARYLAND COORDINATION AND ANALYSIS CENTER. 7
14–1403. 8
(A) THE EXECUTIVE DIRECTOR SHALL APPOINT A CHIEF CRITICAL 9
INFRASTRUCTURE OFFICER FOR THE BRANCH. 10
(B) THE CHIEF CRITICAL INFRASTRUCTURE OFFICER SHALL: 11
(1) ADMINISTER AND OPERATE THE BRANCH, IN ACCORDANCE WITH 12
THIS SUBTITLE; 13
(2) IMPLEMENT THE PROVISIONS OF THIS SUBTITLE; 14
(3) DIRECT CRITICAL INFRASTRUCTURE SECURITY EFFORTS ACROSS 15
THE STATE; 16
(4) COORDINATE WITH: 17
(I) THE DIRECTOR OF THE GOVERNOR’S OFFICE OF 18
HOMELAND SECURITY; 19
(II) CRITICAL INFRASTRUCTURE INDUSTRY, LOCAL, AND 20
FEDERAL COUNTERPART ORGANIZATIONS; AND 21
(III) THE NATIONAL GUARD; 22
(III) (IV) THE DEPARTMENT OF INFORMATION TECHNOLOGY; 23
AND 24
(V) OTHER KEY STAKEHOLDE RS IDENTIFIED BY THE CHIEF 25
CRITICAL INFRASTRUCTURE OFFICER; AND 26
4 HOUSE BILL 1239
(5) (I) ENGAGE WITH CRITICAL INFRASTRUCTURE PROVIDERS ON 1
VOLUNTARY CYBER AND PHYSICAL ASSESSMENTS; AND 2
(II) PROVIDE CRITICAL INF RASTRUCTURE PROVIDER S WITH 3
BEST PRACTICES FOR SECURITY AND THE RESULTS OF VOLUNTARY ASSESSMENTS; 4
AND 5
(6) ADVISE THE GOVERNOR AND THE DIRECTOR OF THE 6
GOVERNOR’S OFFICE OF HOMELAND SECURITY ON CRITICAL INFRASTRUCTURE 7
SECURITY ISSUES. 8
14–1404. 9
(A) THE BRANCH SHALL: 10
(1) IDENTIFY CURRENT AND POTENTIAL THREATS TO THE STATE’S 11
CRITICAL INFRASTRUCTURE; 12
(2) PRIORITIZE THE STATE’S CRITICAL INFRASTRUCTURE ASSETS BY: 13
(I) IN COORDINATION WITH THE DEPARTMENT OF 14
INFORMATION TECHNOLOGY, THE OFFICE OF SECURITY MANAGEMENT, AND THE 15
PUBLIC SERVICE COMMISSION, DETERMINING THE THREAT LEVEL TO THE STATE’S 16
CRITICAL INFRASTRUCTURE, FOCUSING ON FOREIGN ACTORS, DOMESTIC ACTORS, 17
AND INSIDER THREATS; 18
(II) DETERMINING THE IMPA CTS TO THE STATE’S CRITICAL 19
INFRASTRUCTURE IN THE CASE OF A CYBERSECURITY OR PHYSICAL ATTACK; 20
(III) UNDERSTANDING THE EFFECT THAT THE COMPRO MISE OF 21
ONE ASPECT OF CRITIC AL INFRASTRUCTURE MA Y HAVE ON ANOTHER AS PECT OF 22
CRITICAL INFRASTRUCTURE; 23
(IV) ENGAGING AND COORDIN ATING WITH CRITICAL 24
INFRASTRUCTURE SECTOR LEADERS, MILITARY LEADERS, AND OTHER RELEVA NT 25
STAKEHOLDERS; 26
(V) IDENTIFYING THE STATE’S CRITICAL INFRASTRU CTURE 27
OPERATIONAL TECHNOLOGY SYSTEMS; AND 28
(VI) STRENGTHENING SUPPORTING THE STATE’S CRITICAL 29
INFRASTRUCTURE PRIORITY ASSETS BY: 30
HOUSE BILL 1239 5
1. CONNECTING PRIORITY ASSETS TO RESOURCES FOR 1
CONDUCTING INTEGRATE D ASSESSMENTS OF THE STATE’S CRITICAL 2
INFRASTRUCTURE TO DE TECT AND DOCUMENT VU LNERABILITIES AND 3
OPERATIONAL DEPENDENCIES; 4
2. SUPPORTING IDENTIFYING TECHNICA L AND GRANT 5
OPPORTUNITIES TO SUPPORT REMEDIATION OF IDENTIFIED VULNERABILITIES; AND 6
3. ASSISTING IN THE COM PLETION OF VULNERABI LITY 7
REMEDIATION; AND ESTABLISHING MECHANISMS TO SUPPORT SHARE D LEARNING 8
AND BEST PRACTICES BETWEEN DIFFERENT CRITICAL INFRASTRUCTURE ASSETS. 9
4. IMPLEMENTING OPERATI ONAL TECHNOLOGY 10
ARCHITECTURE MONITORING THROUG H THE MARYLAND INFORMATION SHARING 11
AND ANALYSIS CENTER. 12
(B) THE DEPARTMENT OF EMERGENCY MANAGEMENT, IN CONSULTATION 13
WITH THE CENTER, SHALL COORDINATE CON SEQUENCE MANAGEMENT EFFORTS 14
AND RESPOND TO CASCADING IMPACTS OF AN ATTACK ON THE STATE’S CRITICAL 15
INFRASTRUCTURE, IN ACCORDANCE WITH THIS TITLE. 16
(C) THE DEPARTMENT OF INFORMATION TECHNOLOGY, IN CONSULTATION 17
WITH THE CENTER, SHALL: 18
(1) ALLOW THE OWNER OR O PERATOR OF CRITICAL 19
INFRASTRUCTURE TO BE COME A MEMBER OF THE MARYLAND INFORMATION 20
SHARING AND ANALYSIS CENTER; AND 21
(2) PROVIDE UP–TO–DATE CYBERSECURITY REPORTING STANDARDS 22
TO AN OWNER OR OPERATOR OF CRITICAL INFRASTRUCTURE; AND 23
(3) DIRECT CRITICAL INFR ASTRUCTURE CYBERSECU RITY EFFORTS 24
ACROSS THE UNITS OF STATE GOVERNMENT. 25
SECTION 2. AND BE IT FURTHER ENACTED, That it is the intent of the General 26
Assembly that nothing in this Act shall be interpreted to supersede, abrogate, modify, limit, 27
or otherwise affect any cybersecurity regulation, requirement, or authority that is currently 28
in effect and that applies to critical infrastructure entities that are under federal, State, or 29
sector–specific regulatory frameworks. 30
SECTION 2. 3. AND BE IT FURTHER ENACTED, That this Act shall take effect 31
July 1, 2026. 32