(a) In consultation with the Maryland Cybersecurity Council established under § 9–2901 of the State Government Article, the Board shall establish cybersecurity standards for public safety answering points based on national industry and 9–1–1 system trade association best practices, including standards concerning response protocols in the event of a cybersecurity attack on a public safety answering point.
(b) At least once each year on a date determined by the Board and in advance of submitting a request for or receiving any money from the 9–1–1 Trust Fund, the director of each public safety answering point shall examine the cybersecurity of the public safety answering point to determine whether the cybersecurity defenses employed by the public safety answering point satisfy the standards established by the Board under subsection (a) of this section and submit to the Board a report detailing the results of that exercise.
(c) If a director of a public safety answering point fails to submit a report required under subsection (b) of this section, the Board may not authorize any money from the 9–1–1 Trust Fund to be paid to a county serviced by the public safety answering point until that report has been submitted.