§14–104.1.

    (a)    (1)    In this section the following words have the meanings indicated.

        (2)    “Community sewerage system” has the meaning stated in § 9–501 of the Environment Article.

        (3)    “Community water system” has the meaning stated in § 9–401 of the Environment Article.

        (4)    “Crisis and emergency risk communication plan” means a plan for communicating during an emergency.

        (5)    “Local government” includes local school systems, local school boards, and local health departments.

        (6)    “Unit” means the Cyber Preparedness Unit.

    (b)    (1)    There is a Cyber Preparedness Unit in the Department.

        (2)    In coordination with the State Chief Information Security Officer, the Unit shall:

            (i)    develop and regularly update an online database of cybersecurity training resources for local government personnel, including technical training resources, cybersecurity continuity of operations templates, and consequence management plans;

            (ii)    assist local governments in the development of cybersecurity preparedness and response plans, including:

                1.    implementing best practices and guidance developed by the State Chief Information Security Officer;

                2.    identifying and acquiring resources to complete appropriate cybersecurity vulnerability assessments; and

                3.    providing guidance to local emergency management organizations for incidents against water and wastewater facilities;

            (iii)    connect local governments to appropriate resources for any other purpose related to cybersecurity preparedness and response;

            (iv)    as necessary and in coordination with the National Guard, local emergency managers, and other State and local entities, conduct regional cybersecurity preparedness exercises;

            (v)    establish regional assistance groups to deliver and coordinate support services to local governments, agencies, or regions; and

            (vi)    develop guidance for crisis and emergency risk communication for local emergency management organizations in the State.

        (3)    The Unit shall support the Office of Security Management in the Department of Information Technology during emergency response efforts.

    (c)    (1)    Each local government shall report a cybersecurity incident, including an attack on a State system being used by the local government, to the appropriate local emergency manager and the State Security Operations Center in the Department of Information Technology and to the Maryland Joint Operations Center in the Department in accordance with paragraph (2) of this subsection.

        (2)    For the reporting of cybersecurity incidents under paragraph (1) of this subsection, the State Chief Information Security Officer shall determine:

            (i)    the criteria for determining when an incident must be reported;

            (ii)    the manner in which to report; and

            (iii)    the time period within which a report must be made.

        (3)    The State Security Operations Center shall immediately notify appropriate agencies of a cybersecurity incident reported under this subsection through the State Security Operations Center.

    (d)    (1)    Five Position Identification Numbers (PINs) shall be created for the purpose of hiring staff to conduct the duties of the Maryland Department of Emergency Management Cybersecurity Preparedness Unit.

        (2)    For fiscal year 2024 and each fiscal year thereafter, the Governor shall include in the annual budget bill an appropriation of at least:

            (i)    $220,335 for 3 PINs for Administrator III positions; and

            (ii)    $137,643 for 2 PINs for Administrator II positions.

    (e)    The Department shall include cybersecurity attack information on the Department’s website.