ORS 276A.326
Oregon Cybersecurity Advisory Council


(1)

The Oregon Cybersecurity Advisory Council is established within the office of Enterprise Information Services. The council consists of nine voting members appointed by the State Chief Information Officer in consultation with the Governor. A majority of the council’s voting members must be representatives of cyber-related industries in Oregon. The voting members of the council must include at least one representative of post-secondary institutions of education and one representative of public law enforcement agencies in Oregon.

(2)

The State Chief Information Officer may appoint nonvoting members to the council from:

(a)

The Department of Justice;

(b)

The office of the Secretary of State;

(c)

The Oregon Department of Emergency Management;

(d)

The Department of Consumer and Business Services;

(e)

The Higher Education Coordinating Commission;

(f)

The State Workforce and Talent Development Board;

(g)

The Employment Department;

(h)

The Oregon Business Development Department; or

(i)

Any local, county, state, regional, tribal or federal government partner.

(3)

The State Chief Information Officer shall provide administrative and staff support and facilities as necessary for the council to carry out the purposes set forth in this section.

(4)

The purposes of the council are to:

(a)

Serve as the statewide advisory body to the State Chief Information Officer on cybersecurity.

(b)

Provide a statewide forum for discussing and resolving cybersecurity issues.

(c)

Provide information and recommend best practices concerning cybersecurity and resilience measures to public and private entities.

(d)

Coordinate cybersecurity information sharing and promote shared and real-time situational awareness between the public and private sectors in this state.

(e)

Encourage the development of the cybersecurity workforce through measures including, but not limited to, competitions aimed at building workforce skills, disseminating best practices, facilitating cybersecurity research and encouraging industry investment and partnership with post-secondary institutions of education and other career readiness programs.

(5)

The council may adopt rules necessary for the operation of the council.

(6)

Intentionally left blank —Ed.

(a)

A majority of the voting members of the council constitutes a quorum for the transaction of business.

(b)

Official action by the council requires the approval of a majority of the voting members of the council.

(7)

The State Chief Information Officer shall appoint one member of the council to serve as chairperson and one member of the council to serve as vice chairperson.

(8)

Intentionally left blank —Ed.

(a)

The term of office of each voting member of the council is four years, but a member serves at the pleasure of the State Chief Information Officer.

(b)

Before the expiration of the term of a voting member, the State Chief Information Officer, in consultation with the Governor, shall appoint a successor whose term begins on July 1 following the appointment. A voting member is eligible for reappointment.

(c)

A nonvoting member’s term of office is two years. A nonvoting member is eligible for reappointment.

(d)

If there is a vacancy for any cause, the State Chief Information Officer, in consultation with the Governor, shall make an appointment to become immediately effective for the unexpired term.

(9)

The council shall meet at times and places specified by the call of the chairperson or a majority of the voting members of the council.

(10)

Members of the council who are not members of the Legislative Assembly are not entitled to compensation, but the State Chief Information Officer may reimburse a member of the council for actual and necessary travel and other expenses incurred in performing the member’s official duties, in the manner and amounts provided for in ORS 292.495 (Compensation and expenses of members of state boards and commissions), from funds appropriated to the State Chief Information Officer for purposes of the council.

(11)

All agencies of state government, as defined in ORS 174.111 (“State government” defined), are directed to assist the council in the performance of the council’s duties and, to the extent permitted by laws relating to confidentiality, shall furnish information and advice the council considers necessary to perform the council’s duties. [2017 c.513 §3; 2021 c.17 §4; 2021 c.539 §29]
Note: The amendments to 276A.326 (Oregon Cybersecurity Advisory Council) by section 29, chapter 539, Oregon Laws 2021, become operative July 1, 2022. See section 155, chapter 539, Oregon Laws 2021. The text that is operative until July 1, 2022, including amendments by section 4, chapter 17, Oregon Laws 2021, is set forth for the user’s convenience.
276A.326 (Oregon Cybersecurity Advisory Council). (1) The Oregon Cybersecurity Advisory Council is established within the office of Enterprise Information Services. The council consists of nine voting members appointed by the State Chief Information Officer in consultation with the Governor. A majority of the council’s voting members must be representatives of cyber-related industries in Oregon. The voting members of the council must include at least one representative of post-secondary institutions of education and one representative of public law enforcement agencies in Oregon.

(2)

The State Chief Information Officer may appoint nonvoting members to the council from:

(a)

The Department of Justice;

(b)

The office of the Secretary of State;

(c)

The Office of Emergency Management;

(d)

The Department of Consumer and Business Services;

(e)

The Higher Education Coordinating Commission;

(f)

The State Workforce and Talent Development Board;

(g)

The Employment Department;

(h)

The Oregon Business Development Department; or

(i)

Any local, county, state, regional, tribal or federal government partner.

(3)

The State Chief Information Officer shall provide administrative and staff support and facilities as necessary for the council to carry out the purposes set forth in this section.

(4)

The purposes of the council are to:

(a)

Serve as the statewide advisory body to the State Chief Information Officer on cybersecurity.

(b)

Provide a statewide forum for discussing and resolving cybersecurity issues.

(c)

Provide information and recommend best practices concerning cybersecurity and resilience measures to public and private entities.

(d)

Coordinate cybersecurity information sharing and promote shared and real-time situational awareness between the public and private sectors in this state.

(e)

Encourage the development of the cybersecurity workforce through measures including, but not limited to, competitions aimed at building workforce skills, disseminating best practices, facilitating cybersecurity research and encouraging industry investment and partnership with post-secondary institutions of education and other career readiness programs.

(5)

The council may adopt rules necessary for the operation of the council.

(6)

Intentionally left blank —Ed.

(a)

A majority of the voting members of the council constitutes a quorum for the transaction of business.

(b)

Official action by the council requires the approval of a majority of the voting members of the council.

(7)

The State Chief Information Officer shall appoint one member of the council to serve as chairperson and one member of the council to serve as vice chairperson.

(8)

Intentionally left blank —Ed.

(a)

The term of office of each voting member of the council is four years, but a member serves at the pleasure of the State Chief Information Officer.

(b)

Before the expiration of the term of a voting member, the State Chief Information Officer, in consultation with the Governor, shall appoint a successor whose term begins on July 1 following the appointment. A voting member is eligible for reappointment.

(c)

A nonvoting member’s term of office is two years. A nonvoting member is eligible for reappointment.

(d)

If there is a vacancy for any cause, the State Chief Information Officer, in consultation with the Governor, shall make an appointment to become immediately effective for the unexpired term.

(9)

The council shall meet at times and places specified by the call of the chairperson or a majority of the voting members of the council.

(10)

Members of the council who are not members of the Legislative Assembly are not entitled to compensation, but the State Chief Information Officer may reimburse a member of the council for actual and necessary travel and other expenses incurred in performing the member’s official duties, in the manner and amounts provided for in ORS 292.495 (Compensation and expenses of members of state boards and commissions), from funds appropriated to the State Chief Information Officer for purposes of the council.

(11)

All agencies of state government, as defined in ORS 174.111 (“State government” defined), are directed to assist the council in the performance of the council’s duties and, to the extent permitted by laws relating to confidentiality, shall furnish information and advice the council considers necessary to perform the council’s duties.

Source: Section 276A.326 — Oregon Cybersecurity Advisory Council, https://www.­oregonlegislature.­gov/bills_laws/ors/ors276A.­html.

276A.200
Legislative findings on information resources
276A.203
State Chief Information Officer
276A.206
Oversight of state information and telecommunications technology by State Chief Information Officer
276A.209
State Information Technology Operating Fund
276A.223
Requirement that state agency or public corporation obtain quality management services when implementing information technology initiative
276A.230
Definitions
276A.233
Information technology portfolio-based management
276A.236
Enterprise information resources management
276A.239
Portfolio-based management of information technology resources for Secretary of State
276A.242
Portfolio-based management of information technology resources for State Treasurer
276A.250
Definitions
276A.253
Oregon transparency website
276A.256
Reports of tax expenditures connected to economic development
276A.259
Transparency Oregon Advisory Commission
276A.262
Transparency Oregon Advisory Commission Fund
276A.270
Definitions
276A.273
Electronic Government Portal Advisory Board
276A.276
Ability to offer government services through portal
276A.300
Information systems security in executive department
276A.303
Information systems security for Secretary of State, State Treasurer and Attorney General
276A.306
Information security incidents and assessments
276A.323
State agency coordination
276A.326
Oregon Cybersecurity Advisory Council
276A.329
Oregon Cybersecurity Center of Excellence
276A.332
Authority of State Chief Information Officer to enter into agreements
276A.335
Moneys from federal government and other sources
276A.350
Definitions
276A.353
Chief Data Officer
276A.356
Open data standard
276A.359
Technical standards manual
276A.362
Release of publishable data on web portal
276A.365
Information management by state agencies
276A.368
Purpose of data
276A.371
Obligations of state agency under public records law
276A.374
Application to Secretary of State and State Treasurer
276A.400
Policy
276A.403
Coordination of telecommunications systems
276A.406
Acquisition of broadband and communications services
276A.409
Use of agency travel and transportation funds for telecommunications services
276A.412
Contracts for telecommunications equipment and services not to exceed 10 years
276A.415
Agreements to fund or acquire telecommunications equipment and services
276A.418
Public contracts for broadband Internet access service
276A.421
Provision of broadband services that compete with services of private telecommunications provider
276A.424
Connecting Oregon Schools Fund
276A.500
Definitions
276A.503
Oregon Geographic Information Council
276A.506
Powers of council
276A.509
Public body duty to share geospatial framework data with council
276A.512
Oregon Geographic Information Council Fund
276A.515
State geographic information officer
Green check means up to date. Up to date