Maryland became the latest state on Tuesday to hire a chief information security officer.
At least 15 states have authorized such a position, according to the National Conference of State Legislatures.
Gov. Lawrence J. Hogan Jr. (R) issued an executive order Tuesday establishing a statewide chief information security officer and a new Maryland Cyber Defense Initiative, to strengthen the state’s ability to manage cybersecurity incidents.
“In today’s world of emerging cyber threats, it is crucial that we work in unity to improve the processes and procedures designed to protect Marylanders and to manage and minimize the consequences of cyber events,” Hogan said in an announcement. “The steps we are taking today are about ensuring that Maryland’s infrastructure and citizens are as safe as possible from cyber attacks.”
John Evans, who has served as chief information security officer for the Department of Information Technology, will take on the expanded statewide role.
He will lead the new Office of Security Management and chair the new Maryland Cybersecurity Coordinating Council, a 10-member panel of top executive branch officials including those from the offices of Budget and Management, Maryland Emergency Management Agency, Transportation and Maryland State Police.
Evans and the Office of Security Management will be responsible for directing and implementing the overall cybersecurity strategy for Maryland’s executive branch. The office will establish uniform security standards for information collected by state government agencies.
“It is essential that the state’s overall cybersecurity strategy and policy are in alignment with best practices and the latest federal standards and guidelines, such as the Federal Information Security Modernization Act and the National Institute of Standards and Technology guidelines,” Evans said.
Maryland Secretary of Department of Information Technology Michael G. Leahy, who will oversee the Office of Security Management, said a centralized cybersecurity structure will ensure that agencies are managing systems consistently, allowing the state to rapidly implement cybersecurity plans and respond to emerging cyber threats.
According to the Identity Theft Resource Center, there were 99 government or military data breaches nationwide in 2018, exposing more than 9.9 million records. There were more than 30 breaches for Maryland-based entities in 2018, including at Visit Baltimore, the Caroline County Office of Finance and of Marriott International’s Starwood subsidiaries, where the personal information for at least 383 million travelers was accessed by hackers.
In May, a ransomware attack disabled government computer systems in the city of Baltimore, which is estimated to cost the city more than $18 million in repair costs and deferred revenue.
Evans’ new salary will be $174,802.