Maryland § 9-2707

Maryland Statutes

§ 9-2707

Maryland § 9-2707

Article genEnvironment

Title9

This text of Maryland § 9-2707 is published on Counsel Stack Legal Research, covering Maryland primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Md. Code Ann., Environment § 9-2707 (2026).

Text

(a)Each community water system and community sewerage system shall report, in accordance with the process established under subsection (b) of this section, a cybersecurity incident, including an attack on an information technology system or operational technology system being used by the community water system or community sewerage system provider, to the State Security Operations Center in the Department of Information Technology.

(b)(1) The State Chief Information Security Officer, in consultation with the Department, shall establish a process for community water system providers, community sewerage system providers, and other members of the water and wastewater sector to report cybersecurity incidents.

(2)The reporting process shall specify:

(i)

Free access — add to your briefcase to read the full text and ask questions with AI

(a) Each community water system and community sewerage system shall report, in accordance with the process established under subsection (b) of this section, a cybersecurity incident, including an attack on an information technology system or operational technology system being used by the community water system or community sewerage system provider, to the State Security Operations Center in the Department of Information Technology.

(b) (1) The State Chief Information Security Officer, in consultation with the Department, shall establish a process for community water system providers, community sewerage system providers, and other members of the water and wastewater sector to report cybersecurity incidents.

(2) The reporting process shall specify:

(i) The circumstances under which an incident must be reported;

(ii) The manner in which an entity must report an incident; and

(iii) The time period within which an entity must report an incident.

(c) The State Security Operations Center shall immediately notify the Department and the other appropriate State and local government agencies of a cybersecurity incident reported under this section.

(d) (1) On or before January 1, 2027, and each year thereafter, the Office of Security Management in the Department of Information Technology shall publish a report that describes the number and type of incidents reported by community water systems and community sewerage systems in the preceding calendar year.

(2) The report required under this subsection may not identify the impacted community water systems or community sewerage systems.

Nearby Sections

15

§ 9-1001

§ 9-1002

§ 9-1003

§ 9-1006

§ 9-1007

§ 9-1008

§ 9-1009

§ 9-101

§ 9-1010

§ 9-1011

§ 9-1012

§ 9-1013

§ 9-1014

§ 9-1015

§ 9-1016

View on official source ↗

Cite This Page — Counsel Stack

Bluebook (online)

Maryland § 9-2707, Counsel Stack Legal Research, https://law.counselstack.com/statute/md/gen/9-2707.