SB 601 (Crossover) Cybersecurity - Standards and Compliance - Alterations

BILL: SB 601

TITLE: Cybersecurity - Standards and Compliance - Alterations

DATE: April 02, 2026

POSITION: Letter of Information

COMMITTEE: House Government, Labor & Elections Committee

CONTACT: Mary Pat Fannon, Executive Director, PSSAM

The Public School Superintendents’ Association of Maryland (PSSAM), on behalf of all twenty-four public school superintendents, provides this letter of information on SB 601. 

This bill requires each local school system to (1) designate a point of contact for cybersecurity-related communications and to comply with cybersecurity standards adopted by the Department of Information Technology (DoIT) and (2) beginning in fiscal 2027, comply with the State minimum cybersecurity standards established by DoIT and conduct a cybersecurity maturity assessment every two years. The bill also requires DoIT to annually review and, if necessary, update the State minimum cybersecurity standards and, on request, advise local school systems on specified cybersecurity issues. The bill takes effect July 1, 2026.

(source: https://mgaleg.maryland.gov/2026RS/fnotes/bil_0001/sb0601.pdf)

PSSAM shares the General Assembly’s commitment to strengthening cybersecurity protections across school systems. Protecting sensitive student and staff data and safeguarding school system networks are essential responsibilities for local education agencies (LEAs). Many of these activities already occur in partnership with State agencies, and superintendents recognize the importance of maintaining strong cybersecurity practices. 

At the same time, superintendents must balance significant fiscal and operational responsibilities within constrained local budgets. Cybersecurity investments are ongoing and complex, requiring continual upgrades to technology infrastructure, security monitoring, staff training, and system protections. Local school systems have indicated that meeting the requirements outlined in the bill may require substantial new expenditures and operational adjustments.

Several local school systems have already identified potential implementation challenges. Montgomery County Public Schools and St. Mary’s County Public Schools anticipate the need for additional staff and technology upgrades to meet the bill’s requirements. Prince George’s County Public Schools estimates needing more than $2 million for significant technology upgrades, both hardware and software. Wicomico County Public Schools has also advised that, depending on the timeframe for implementation, the requirements could be overly burdensome or difficult to meet in the short term.

The Department of Legislative Services has noted that the actual cost for school systems will depend in part on the regularly updated cybersecurity standards ultimately adopted by DoIT and the level of technical assistance provided to local systems. Until these standards are defined, the scope of compliance obligations and the corresponding financial impact remain uncertain. While local school systems may designate a point of contact for cybersecurity-related correspondence using existing resources, the broader requirements of meeting evolving cybersecurity standards may require additional personnel, infrastructure upgrades, and ongoing investments.

Maryland’s superintendents remain committed to working with State partners to strengthen cybersecurity across public education systems. As the General Assembly considers this legislation, careful attention to implementation timelines, flexibility in compliance processes, and the availability of technical and financial support will be essential to ensuring that school systems can meet cybersecurity expectations in a sustainable way. Without these considerations, LEAs may be placed in the difficult position of absorbing significant new costs while continuing to meet their core responsibility of providing high-quality educational services to Maryland’s students.

PSSAM appreciates the opportunity to provide this letter of information on SB 601 and welcomes continued discussion with the sponsors and the committee.e on how best to support this critical workforce.