ORS 276A.329
Oregon Cybersecurity Center of Excellence


The State Chief Information Officer shall develop a plan for the establishment of an Oregon Cybersecurity Center of Excellence. The State Chief Information Officer shall submit the plan to an appropriate committee or interim committee of the Legislative Assembly no later than January 1, 2019. The plan must identify any grants, donations, gifts or other form of conveyance of land, money, real or personal property or other valuable thing made to the state from any source that is expected to support the establishment and continued operation of the center. The plan must also include a description of the actions, timelines, budget and positions or contractor resources required for the center to:

(1)

Coordinate information sharing related to cybersecurity risks, warnings and incidents.

(2)

Provide support regarding cybersecurity incident response and cybercrime investigations.

(3)

Serve as an Information Sharing and Analysis Organization pursuant to 6 U.S.C. 133 et seq., and as a liaison with the National Cybersecurity and Communications Integration Center within the United States Department of Homeland Security, other federal agencies and other public and private sector entities on issues relating to cybersecurity.

(4)

Identify and participate in appropriate federal, multistate or private sector programs and efforts that support or complement the center’s cybersecurity mission.

(5)

Receive and appropriately disseminate relevant cybersecurity threat information from appropriate sources, including the federal government, law enforcement agencies, public utilities and private industry.

(6)

Draft and biennially update an Oregon Cybersecurity Strategy and a Cyber Disruption Response Plan to be submitted to the Governor and an appropriate committee or interim committee of the Legislative Assembly. The plan must:

(a)

Detail the steps that the state should take to increase the resiliency of its operations in preparation for, and during the response to, a cyber disruption event;

(b)

Address high-risk cybersecurity for the state’s critical infrastructure, including a review of information security technologies currently in place to determine if current policies are sufficient to prevent the compromise or unauthorized disclosure of critical or sensitive government information inside and outside the firewall of state agencies, and develop plans to better identify, protect from, detect, respond to and recover from significant cyber threats;

(c)

Establish a process to regularly conduct risk-based assessments of the cybersecurity risk profile, including infrastructure and activities within this state;

(d)

Provide recommendations related to securing networks, systems and data, including interoperability, standardized plans and procedures, evolving threats and best practices to prevent the unauthorized access, theft, alteration or destruction of data held by the state;

(e)

Include the recommended content and timelines for conducting cybersecurity awareness training for state agencies and the dissemination of educational materials to the public and private sectors in this state through the center;

(f)

Identify opportunities to educate the public on ways to prevent cybersecurity attacks and protect the public’s personal information;

(g)

Include strategies for collaboration with the private sector and educational institutions through the center and other venues to identify and implement cybersecurity best practices; and

(h)

Establish data breach reporting and notification requirements in coordination with the Department of Consumer and Business Services. [2017 c.513 §4]

Source: Section 276A.329 — Oregon Cybersecurity Center of Excellence, https://www.­oregonlegislature.­gov/bills_laws/ors/ors276A.­html.

276A.200
Legislative findings on information resources
276A.203
State Chief Information Officer
276A.206
Oversight of state information and telecommunications technology by State Chief Information Officer
276A.209
State Information Technology Operating Fund
276A.223
Requirement that state agency or public corporation obtain quality management services when implementing information technology initiative
276A.230
Definitions
276A.233
Information technology portfolio-based management
276A.236
Enterprise information resources management
276A.239
Portfolio-based management of information technology resources for Secretary of State
276A.242
Portfolio-based management of information technology resources for State Treasurer
276A.250
Definitions
276A.253
Oregon transparency website
276A.256
Reports of tax expenditures connected to economic development
276A.259
Transparency Oregon Advisory Commission
276A.262
Transparency Oregon Advisory Commission Fund
276A.270
Definitions
276A.273
Electronic Government Portal Advisory Board
276A.276
Ability to offer government services through portal
276A.300
Information systems security in executive department
276A.303
Information systems security for Secretary of State, State Treasurer and Attorney General
276A.306
Information security incidents and assessments
276A.323
State agency coordination
276A.326
Oregon Cybersecurity Advisory Council
276A.329
Oregon Cybersecurity Center of Excellence
276A.332
Authority of State Chief Information Officer to enter into agreements
276A.335
Moneys from federal government and other sources
276A.350
Definitions
276A.353
Chief Data Officer
276A.356
Open data standard
276A.359
Technical standards manual
276A.362
Release of publishable data on web portal
276A.365
Information management by state agencies
276A.368
Purpose of data
276A.371
Obligations of state agency under public records law
276A.374
Application to Secretary of State and State Treasurer
276A.400
Policy
276A.403
Coordination of telecommunications systems
276A.406
Acquisition of broadband and communications services
276A.409
Use of agency travel and transportation funds for telecommunications services
276A.412
Contracts for telecommunications equipment and services not to exceed 10 years
276A.415
Agreements to fund or acquire telecommunications equipment and services
276A.418
Public contracts for broadband Internet access service
276A.421
Provision of broadband services that compete with services of private telecommunications provider
276A.424
Connecting Oregon Schools Fund
276A.500
Definitions
276A.503
Oregon Geographic Information Council
276A.506
Powers of council
276A.509
Public body duty to share geospatial framework data with council
276A.512
Oregon Geographic Information Council Fund
276A.515
State geographic information officer
Green check means up to date. Up to date