Gov. Larry Hogan (R) has named Maryland’s first statewide chief information security officer, part of an effort to boost defenses against cybersecurity threats.
John Evans, who had served as the chief information security officer for the state Department of Information Technology since October, will lead the newly created Office of Security Management and chair the Maryland Cybersecurity Coordinating Council, a panel made up of nearly a dozen agency heads.
The council will create a strategy to implement cybersecurity initiatives, identify cybersecurity risks and respond to bad actors. Hogan signed an executive order Tuesday authorizing the new entities and the new position.
The effort comes as Baltimore continues to fend off a powerful ransomware attack that has nearly paralyzed the city government for the past month, and as government agencies across the country and around the world work to protect computer networks and databases from ever-more-sophisticated outside interference.
According to the National Conference of State Legislatures, at least 15 states have created a state chief information security officer position through statute. Other states, like Maryland, developed it through executive order or agency action.
Patrick Mulford, a spokesman for the state Department of Information Technology, said the changes were “not driven by a particular incident. We need to have one centralized approach to cybersecurity for the state . . . one person to set the tone for where we are headed as a state to secure citizens’ data.”
Before joining the Department of Information Technology, Evans worked as the chief information security officer for the state Department of Human Services. His new position takes effect immediately, according to the executive order. He will make $147,802 a year.