Current through 2024 Regular Session legislation
Section 276A.555 - Oregon Cybersecurity Center of Excellence; purpose; operating agreement; strategic plan; biennial report(1) The Oregon Cybersecurity Center of Excellence is established at Portland State University. The center shall operate under the joint direction and control of Portland State University, Oregon State University and the University of Oregon. A director shall be appointed to oversee the center pursuant to procedures set forth in the charter developed and adopted under subsection (5) of this section.(2) The purpose of the center is to supplement the activities of the State Chief Information Officer regarding cybersecurity in this state by coordinating, funding or providing: (a) Awareness, education and training about cybersecurity and cybersecurity-related issues for public, private and nonprofit sectors;(b) Cybersecurity workforce development programs in coordination with: (A) Public universities listed in ORS 352.002;(B) Community colleges operated under ORS chapter 341; and(C) Science, technology, engineering and mathematics and career and technical education programs;(c) Research about cybersecurity education and training methodologies;(d) Research and development of cybersecurity technologies, tools, policies and processes; and(e) Cybersecurity-related goods and services to Oregon public bodies, with priority given to local governments, regional governments, special districts, education service districts, school districts and libraries.(3) The center shall: (a) Serve as the statewide advisory body to the Legislative Assembly, Governor and State Chief Information Officer on cybersecurity and cybersecurity-related issues for local governments, regional governments, special districts, education service districts, school districts and libraries.(b) Provide to public, private and nonprofit sectors in this state information and recommend best practices concerning cybersecurity, cyber resilience and recovery measures, including legal, insurance and other topics.(c) Coordinate the sharing of information related to cybersecurity threats, risks, warnings and incidents, and promote public awareness and shared, real-time situational awareness among public, private and nonprofit sector entities.(d) Provide cybersecurity assessment, scanning and analysis, monitoring and incident response services to public bodies, with priority given to public bodies with the greatest need for services, including local governments, regional governments, special districts, education service districts, school districts and libraries.(e) Collaborate with public bodies to coordinate cybersecurity efforts with ongoing information technology modernization and resilience projects.(f) Identify and participate in appropriate federal, multistate, regional, state, local or private sector programs and efforts that support or complement the center's purpose.(g) Pursue and leverage federal sources of cybersecurity and cyber resilience funding to achieve state goals related to cybersecurity and cyber resilience.(h) Manage and award funds distributed to the center for cybersecurity and cyber resilience initiatives.(i) Encourage the development of Oregon's cybersecurity workforce by, at a minimum:(A) Identifying gaps and needs in workforce programs.(B) Fostering the growth and development of cybersecurity workforce development programs and career and technical education in school districts, community colleges operated under ORS chapter 341, and public universities listed in ORS 352.002.(C) Assisting in curriculum review and standardization and providing recommendations to improve programs.(D) Fostering industry involvement in internships, mentorship and apprenticeship programs and experiential learning programs.(E) Building awareness of industry and career opportunities to recruit students into cyber-related educational tracks.(4)(a) Portland State University, Oregon State University and the University of Oregon shall enter into an operating agreement for administering the center, including the provision of administrative and staff support and facilities.(b) A public university listed in ORS 352.002, or a community college operated under ORS chapter 341, not listed in paragraph (a) of this subsection may join the operating agreement and provide administrative and staff support and facilities. The process for joining the operating agreement shall be described in the operating agreement or the charter developed under subsection (5) of this section.(5) Portland State University, Oregon State University and the University of Oregon, in consultation with the Oregon Cybersecurity Advisory Council, shall develop and adopt a charter to serve as the governing document for the center. The charter must contain provisions regarding the center's operations, budget and any funds administered by the center and the procedures for appointing the director to oversee the center. Portland State University, Oregon State University and the University of Oregon shall annually review and, as necessary, update the charter.(6) The center shall, in consultation with the council: (a) Develop and update every four years a strategic plan, including goals and objectives, for the center.(b) Develop and submit a report on the center's strategic goals and objectives, operations and funding requests for continued operations and funds administered by the center, to the Governor and to the appropriate committees of the Legislative Assembly, in the manner required by ORS 192.245, by February 1 of each odd-numbered year. The report must identify any grants, donations, gifts or other forms of conveyances of land, money, real or personal property or other valuable thing made to the state or the center for carrying out the purposes of the center.(c) Provide a statewide forum for discussing and resolving cybersecurity issues.(7)(a) All agencies of state government are directed to assist the center in the performance of the center's duties and, to the extent permitted by laws relating to confidentiality, shall furnish information and advice the center considers necessary to perform the center's duties.(b) As used in this subsection, "state government" has the meaning given that term in ORS 174.111, except that "state government" does not include the Secretary of State or State Treasurer. 2023 c. 489, § 7 (enacted in lieu of 276A.329)