Public Safety - Critical Infrastructure Protection

EXPLANATION: CAPITALS INDICATE MATTER ADDED TO EXISTING LAW.
[Brackets] indicate matter deleted from existing law.
Underlining indicates amendments to bill.
Strike out indicates matter stricken from the bill by amendment or deleted from the law by
amendment.
*sb0825*

SENATE BILL 825
E4 6lr2098
CF HB 1239
By: Senator Hester Senators Hester, Attar, Brooks, Carozza, Kagan, and
Simonaire
Introduced and read first time: February 6, 2026
Assigned to: Education, Energy, and the Environment
Committee Report: Favorable with amendments
Senate action: Adopted
Read second time: March 4, 2026

CHAPTER ______

AN ACT concerning 1

Public Safety – Critical Infrastructure Protection 2

FOR the purpose of establishing the Critical Infrastructure Protection Branch in the 3
Maryland Coordination and Analysis Center; requiring the Department of 4
Emergency Management, in consultation with the Center, to take certain action in 5
response to an attack on the State’s critical infrastructure; requiring the Department 6
of Information Technology to allow the owner or operator of critical infrastructure to 7
become a member of the Maryland Information Sharing and Analysis Center and 8
provide cer tain cybersecurity reporting standards to the owner or operator; and 9
generally relating to critical infrastructure protection. 10

BY adding to 11
Article – Public Safety 12
Section 14–1401 through 14–1404 to be under the new subtitle “Subtitle 14. Critical 13
Infrastructure” 14
Annotated Code of Maryland 15
(2022 Replacement Volume and 2025 Supplement) 16

Preamble 17

WHEREAS, It is the government’s responsibility to plan and provide for public 18
safety, protection of public and private institutions and infrastructure, and continuity of 19
governance; and 20

2 SENATE BILL 825

WHEREAS, Critical infrastructure forms the backbone of Maryland’s economy, 1
public safety, and quality of life and any disruption to the se systems poses a direct threat 2
to the health, safety, and welfare of Maryland residents and visitors; and 3

WHEREAS, Effective protection of critical infrastructure requires coordinated 4
planning, information sharing, and preparedness among State and loca l governments, 5
private sector owners and operators, federal partners, and regional stakeholders to identify 6
vulnerabilities, mitigate risks, and respond rapidly to emerging threats; and 7

WHEREAS, Maryland’s proximity to the nation’s capital, its many poin ts of entry 8
into the United States, and the multitude of high –profile targets in the 9
Washington–Baltimore region require homeland security to be a top priority of the 10
Governor; now, therefore, 11

SECTION 1. BE IT ENACTED BY THE GENERAL ASSEMBLY OF MARYLAN D, 12
That the Laws of Maryland read as follows: 13

Article – Public Safety 14

SUBTITLE 14. CRITICAL INFRASTRUCTURE. 15

14–1401. 16

(A) IN THIS SUBTITLE THE FOLLOWING WORDS HAVE THE MEANINGS 17
INDICATED. 18

(B) “BRANCH” MEANS THE CRITICAL INFRASTRUCTURE PROTECTION 19
BRANCH. 20

(C) “CENTER” MEANS THE MARYLAND COORDINATION AND ANALYSIS 21
CENTER. 22

(D) (1) “CRITICAL INFRASTRUCTU RE” MEANS ASSETS , SYSTEMS, AND 23
NETWORKS, WHETHER PHYSICAL OR VIRTUAL, CONSIDERED BY THE U.S. 24
DEPARTMENT OF HOMELAND SECURITY TO BE SO VIT AL TO THE UNITED STATES 25
THAT THEIR INCAPACIT ATION OR DESTRUCTION WOULD HAVE A DEBILIT ATING 26
EFFECT ON ONE OR MORE OF THE FOLLOWING: 27

(I) SECURITY; 28

(II) NATIONAL ECONOMIC SECURITY; 29

(III) NATIONAL PUBLIC HEALTH; OR 30

(IV) SAFETY. 31
SENATE BILL 825 3

(2) “CRITICAL INFRASTRUCTURE” INCLUDES A HOSPITAL OR 1
HEALTH CARE FACILITY. 2

(E) “EXECUTIVE DIRECTOR” MEANS THE EXECUTIVE DIRECTOR OF THE 3
MARYLAND COORDINATION AND ANALYSIS CENTER. 4

14–1402. 5

THERE IS A CRITICAL INFRASTRUCTURE PROTECTION BRANCH IN THE 6
MARYLAND COORDINATION AND ANALYSIS CENTER. 7

14–1403. 8

(A) THE EXECUTIVE DIRECTOR SHALL APPOIN T A CHIEF CRITICAL 9
INFRASTRUCTURE OFFICER FOR THE BRANCH. 10

(B) THE CHIEF CRITICAL INFRASTRUCTURE OFFICER SHALL: 11

(1) ADMINISTER AND OPERATE THE BRANCH, IN ACCORDANCE WITH 12
THIS SUBTITLE; 13

(2) IMPLEMENT THE PROVISIONS OF THIS SUBTITLE; 14

(3) DIRECT CRITICAL INFRASTRUCTURE SECURITY EFFORTS ACROSS 15
THE STATE; 16

(4) COORDINATE WITH: 17

(I) THE DIRECTOR OF THE GOVERNOR’S OFFICE OF 18
HOMELAND SECURITY; 19

(II) CRITICAL INFRASTRUCTURE INDUSTRY, LOCAL, AND 20
FEDERAL COUNTERPART ORGANIZATIONS; AND 21

(III) THE DEPARTMENT OF INFORMATION TECHNOLOGY; 22

(IV) THE NATIONAL GUARD; AND 23

(V) OTHER KEY STAKEHOLDE RS IDENTIFIED BY THE CHIEF 24
CRITICAL INFRASTRUCTURE OFFICER; AND 25

(5) (I) ENGAGE WITH CRITICAL INFRASTRUCTURE PROVIDERS ON 26
4 SENATE BILL 825

VOLUNTARY CYBER AND PHYSICAL ASSESSMENTS; AND 1

(II) PROVIDE CRITICAL INF RASTRUCTURE PROVIDER S WITH 2
BEST PRACTICES FOR SECURITY AND THE RESULTS OF V OLUNTARY ASSESSMENTS; 3
AND 4

(6) ADVISE THE GOVERNOR AND THE DIRECTOR OF THE 5
GOVERNOR’S OFFICE OF HOMELAND SECURITY ON CRITICAL INFRASTRUCTURE 6
SECURITY ISSUES. 7

14–1404. 8

(A) THE BRANCH SHALL: 9

(1) IDENTIFY CURRE NT AND POTENTIAL THR EATS TO THE STATE’S 10
CRITICAL INFRASTRUCTURE; 11

(2) PRIORITIZE THE STATE’S CRITICAL INFRASTRUCTURE ASSETS BY: 12

(I) IN COORDINATION WITH THE DEPARTMENT OF 13
INFORMATION TECHNOLOGY, THE OFFICE OF SECURITY MANAGEMENT, AND THE 14
PUBLIC SERVICE COMMISSION, DETERMINING THE THREAT LEVEL TO THE STATE’S 15
CRITICAL INFRASTRUCTURE, FOCUSING ON FOREIGN ACTORS, DOMESTIC ACTORS, 16
AND INSIDER THREATS; 17

(II) DETERMINING THE IMPA CTS TO THE STATE’S CRITICAL 18
INFRASTRUCTURE IN THE CASE OF A CYBERSECURITY OR PHYSICAL ATTACK; 19

(III) UNDERSTANDING THE EFFECT THAT THE COMPRO MISE OF 20
ONE ASPECT OF CRITIC AL INFRASTRUCTURE MA Y HAVE ON ANOTHER AS PECT OF 21
CRITICAL INFRASTRUCTURE; 22

(IV) ENGAGING AND COORDIN ATING WITH CRITICAL 23
INFRASTRUCTURE SECTOR LEADERS, MILITARY LEADERS, AND OTHER RELEVANT 24
STAKEHOLDERS; 25

(V) IDENTIFYING THE STATE’S CRITICAL INFRASTRU CTURE 26
OPERATIONAL TECHNOLOGY SYSTEMS; AND 27

(VI) STRENGTHENING SUPPORTING THE STATE’S CRITICAL 28
INFRASTRUCTURE PRIORITY ASSETS BY: 29

1. CONNECTING PRIORITY ASSETS TO RESOURCES FOR 30
SENATE BILL 825 5

CONDUCTING INTEGRATE D ASSESSMENTS OF THE STATE’S CRITICAL 1
INFRASTRUCTURE TO DE TECT AND DOCUMENT VU LNERABILITIES AN D 2
OPERATIONAL DEPENDENCIES; 3

2. SUPPORTING IDENTIFYING TECHNICA L AND GRANT 4
OPPORTUNITIES TO SUPPORT REMEDIATION OF IDENTIFIED VULNERABILITIES; AND 5

3. ASSISTING IN THE COM PLETION OF VULNERABI LITY 6
REMEDIATION; AND ESTABLISHING MECHANISMS TO SUPPORT SHARED LEARNING 7
AND BEST PRACTICES BETWEEN DIFFERENT CRITICAL INFRASTRUCTURE ASSETS. 8

4. IMPLEMENTING OPERATI ONAL TECHNOLOGY 9
ARCHITECTURE MONITORING THROUGH THE MARYLAND INFORMATION SHARING 10
AND ANALYSIS CENTER. 11

(B) THE DEPARTMENT OF EMERGENCY MANAGEMENT, IN CONSULTATION 12
WITH THE CENTER, SHALL COORDINATE CON SEQUENCE MANAGEMENT EFFORTS 13
AND RESPOND TO CASCADING IMPACTS OF AN ATTACK ON THE STATE’S CRITICAL 14
INFRASTRUCTURE, IN ACCORDANCE WITH THIS TITLE. 15

(C) THE DEPARTMENT OF INFORMATION TECHNOLOGY, IN CONSULTATION 16
WITH THE CENTER, SHALL: 17

(1) ALLOW THE OWNER OR O PERATOR OF CRITICAL 18
INFRASTRUCTURE TO BE COME A MEMBER OF THE MARYLAND INFORMATION 19
SHARING AND ANALYSIS CENTER; AND 20

(2) PROVIDE UP–TO–DATE CYBERSECURITY REPORTING STANDARDS 21
TO AN OWNER OR OPERATOR OF CRITICAL INFRASTRUCTURE; AND 22

(3) DIRECT CRITICAL INFR ASTRUCTURE CYBERSECU RITY EFFORTS 23
ACROSS THE UNITS OF STATE GOVERNMENT. 24

SECTION 2. AND BE IT FURTHER ENACTED, That it is the intent of the General 25
Assembly that nothing in this Act shall be interpreted to supersede, abrogate, modify, limit, 26
or otherwise affect any cybersecurity regulation, requirement, or authority that is currently 27
in effect and that applies to critical infrastructure entities that are under federal, State, or 28
sector–specific regulatory frameworks.. 29

SECTION 2. 3. AND BE IT FURTHER ENACTED, That this Act shall take effect 30
July 1, 2026. 31