Maryland Governor Larry Hogan on June 18 announced the appointment of John Evans as the state’s first CISO.
On the same day, Hogan signed the Maryland Cyber Defense Initiative Executive Order, which established the CISO position and created the Office of Security Management and the Maryland Cybersecurity Coordinating Council. The CISO will lead the Office of Security Management, which will be part of the Department of Information Technology. The office will be tasked with updating the Maryland Cybersecurity Manual to ensure state agencies and offices are working together to defend against cyberattacks.
The Office of Security Management and the council will work together to strengthen the state’s cybersecurity posture. Specifically, the council will develop recommendations to help the state government both identify and respond to cybersecurity risks, as well as recover from successful cyberattacks.
“In today’s world of emerging cyber threats, it is crucial that we work in unity to improve the processes and procedures designed to protect Marylanders and to manage and minimize the consequences of cyber events,” Hogan said on June 18. “The steps we are taking today are about ensuring that Maryland’s infrastructure and citizens are as safe as possible from cyberattacks.”
Evans stressed the importance of bringing Maryland’s security policies in line with security standards in both Federal and state and local governments.
“It is essential that the state’s overall cybersecurity strategy and policy are in alignment with best practices and the latest federal standards and guidelines, such as the Federal Information Security Modernization Act (FISMA) and the National Institute of Standards and Technology (NIST) guidelines,” said Evans.