ORS 276A.555
Oregon Cybersecurity Center of Excellence

  • purpose
  • operating agreement
  • strategic plan
  • biennial report

(1)

The Oregon Cybersecurity Center of Excellence is established at Portland State University. The center shall operate under the joint direction and control of Portland State University, Oregon State University and the University of Oregon. A director shall be appointed to oversee the center pursuant to procedures set forth in the charter developed and adopted under subsection (5) of this section.

(2)

The purpose of the center is to supplement the activities of the State Chief Information Officer regarding cybersecurity in this state by coordinating, funding or providing:

(a)

Awareness, education and training about cybersecurity and cybersecurity-related issues for public, private and nonprofit sectors;

(b)

Cybersecurity workforce development programs in coordination with:

(A)

Public universities listed in ORS 352.002 (Public universities);

(B)

Community colleges operated under ORS chapter 341; and

(C)

Science, technology, engineering and mathematics and career and technical education programs;

(c)

Research about cybersecurity education and training methodologies;

(d)

Research and development of cybersecurity technologies, tools, policies and processes; and

(e)

Cybersecurity-related goods and services to Oregon public bodies, with priority given to local governments, regional governments, special districts, education service districts, school districts and libraries.

(3)

The center shall:

(a)

Serve as the statewide advisory body to the Legislative Assembly, Governor and State Chief Information Officer on cybersecurity and cybersecurity-related issues for local governments, regional governments, special districts, education service districts, school districts and libraries.

(b)

Provide to public, private and nonprofit sectors in this state information and recommend best practices concerning cybersecurity, cyber resilience and recovery measures, including legal, insurance and other topics.

(c)

Coordinate the sharing of information related to cybersecurity threats, risks, warnings and incidents, and promote public awareness and shared, real-time situational awareness among public, private and nonprofit sector entities.

(d)

Provide cybersecurity assessment, scanning and analysis, monitoring and incident response services to public bodies, with priority given to public bodies with the greatest need for services, including local governments, regional governments, special districts, education service districts, school districts and libraries.

(e)

Collaborate with public bodies to coordinate cybersecurity efforts with ongoing information technology modernization and resilience projects.

(f)

Identify and participate in appropriate federal, multistate, regional, state, local or private sector programs and efforts that support or complement the center’s purpose.

(g)

Pursue and leverage federal sources of cybersecurity and cyber resilience funding to achieve state goals related to cybersecurity and cyber resilience.

(h)

Manage and award funds distributed to the center for cybersecurity and cyber resilience initiatives.

(i)

Encourage the development of Oregon’s cybersecurity workforce by, at a minimum:

(A)

Identifying gaps and needs in workforce programs.

(B)

Fostering the growth and development of cybersecurity workforce development programs and career and technical education in school districts, community colleges operated under ORS chapter 341, and public universities listed in ORS 352.002 (Public universities).

(C)

Assisting in curriculum review and standardization and providing recommendations to improve programs.

(D)

Fostering industry involvement in internships, mentorship and apprenticeship programs and experiential learning programs.

(E)

Building awareness of industry and career opportunities to recruit students into cyber-related educational tracks.

(4)

Intentionally left blank —Ed.

(a)

Portland State University, Oregon State University and the University of Oregon shall enter into an operating agreement for administering the center, including the provision of administrative and staff support and facilities.

(b)

A public university listed in ORS 352.002 (Public universities), or a community college operated under ORS chapter 341, not listed in paragraph (a) of this subsection may join the operating agreement and provide administrative and staff support and facilities. The process for joining the operating agreement shall be described in the operating agreement or the charter developed under subsection (5) of this section.

(5)

Portland State University, Oregon State University and the University of Oregon, in consultation with the Oregon Cybersecurity Advisory Council, shall develop and adopt a charter to serve as the governing document for the center. The charter must contain provisions regarding the center’s operations, budget and any funds administered by the center and the procedures for appointing the director to oversee the center. Portland State University, Oregon State University and the University of Oregon shall annually review and, as necessary, update the charter.

(6)

The center shall, in consultation with the council:

(a)

Develop and update every four years a strategic plan, including goals and objectives, for the center.

(b)

Develop and submit a report on the center’s strategic goals and objectives, operations and funding requests for continued operations and funds administered by the center, to the Governor and to the appropriate committees of the Legislative Assembly, in the manner required by ORS 192.245 (Form of report to legislature), by February 1 of each odd-numbered year. The report must identify any grants, donations, gifts or other forms of conveyances of land, money, real or personal property or other valuable thing made to the state or the center for carrying out the purposes of the center.

(c)

Provide a statewide forum for discussing and resolving cybersecurity issues.

(7)

Intentionally left blank —Ed.

(a)

All agencies of state government are directed to assist the center in the performance of the center’s duties and, to the extent permitted by laws relating to confidentiality, shall furnish information and advice the center considers necessary to perform the center’s duties.

(b)

As used in this subsection, “state government” has the meaning given that term in ORS 174.111 (“State government” defined), except that “state government” does not include the Secretary of State or State Treasurer. [2023 c.489 §7 (enacted in lieu of 276A.329)]

Source: Section 276A.555 — Oregon Cybersecurity Center of Excellence; purpose; operating agreement; strategic plan; biennial report, https://www.­oregonlegislature.­gov/bills_laws/ors/ors276A.­html (accessed May 26, 2025).

276A.200
Legislative findings on information resources 276A.203
State Chief Information Officer 276A.206
Oversight of state information and telecommunications technology by State Chief Information Officer 276A.209
State Information Technology Operating Fund 276A.223
Requirement that state agency or public corporation obtain quality management services when implementing information technology initiative 276A.230
Definitions 276A.233
Information technology portfolio-based management 276A.236
Enterprise information resources management 276A.239
Portfolio-based management of information technology resources for Secretary of State 276A.242
Portfolio-based management of information technology resources for State Treasurer 276A.250
Definitions 276A.253
Oregon transparency website 276A.256
Reports of tax expenditures connected to economic development 276A.259
Transparency Oregon Advisory Commission 276A.262
Transparency Oregon Advisory Commission Fund 276A.270
Definitions 276A.273
Electronic Government Portal Advisory Board 276A.276
Ability to offer government services through portal 276A.300
Information systems security in executive department 276A.303
Information systems security for Secretary of State, State Treasurer and Attorney General 276A.306
Information security incidents and assessments 276A.323
State agency coordination 276A.332
Authority of State Chief Information Officer to enter into agreements 276A.335
Moneys from federal government and other sources 276A.340
Definitions 276A.342
State agencies prohibited from using covered products 276A.344
Policies and standards 276A.346
Secretary of State prohibited from using covered products 276A.348
State Treasurer prohibited from using covered products 276A.350
Definitions 276A.353
Chief Data Officer 276A.356
Open data standard 276A.359
Technical standards manual 276A.362
Release of publishable data on web portal 276A.365
Information management by state agencies 276A.368
Purpose of data 276A.371
Obligations of state agency under public records law 276A.374
Application to Secretary of State and State Treasurer 276A.400
Policy 276A.403
Coordination of telecommunications systems 276A.406
Acquisition of broadband and communications services 276A.409
Use of agency travel and transportation funds for telecommunications services 276A.412
Contracts for telecommunications equipment and services not to exceed 10 years 276A.415
Agreements to fund or acquire telecommunications equipment and services 276A.418
Public contracts for broadband Internet access service 276A.421
Provision of broadband services that compete with services of private telecommunications provider 276A.424
Connecting Oregon Schools Fund 276A.500
Definitions 276A.503
Oregon Geographic Information Council 276A.506
Powers of council 276A.509
Public body duty to share geospatial framework data with council 276A.512
Oregon Geographic Information Council Fund 276A.515
State geographic information officer 276A.550
Definitions 276A.555
Oregon Cybersecurity Center of Excellence 276A.560
Oregon Cybersecurity Advisory Council 276A.565
Oregon Cybersecurity Center of Excellence Operating Fund 276A.570
Oregon Cybersecurity Workforce Development Fund 276A.575
Oregon Cybersecurity Grant Program Fund

Current through early 2026

§ 276A.555. Or. Cybersecurity Ctr. of Excellence's source at oregon​.gov