ORS 276A.560
Oregon Cybersecurity Advisory Council

(1)

The Oregon Cybersecurity Advisory Council is established within the Oregon Cybersecurity Center of Excellence. The council consists of 21 members appointed as follows:

(a)

The Governor, after consultation with the State Chief Information Officer and the director of the Oregon Cybersecurity Center of Excellence or the director’s designee, shall appoint 15 voting members.

(b)

The Speaker of the House of Representatives shall appoint one nonvoting member who is a member of the House of Representatives.

(c)

The President of the Senate shall appoint one nonvoting member who is a member of the Senate.

(d)

The Secretary of State shall appoint one ex officio, nonvoting member to represent the Secretary of State.

(e)

The State Treasurer shall appoint one ex officio, nonvoting member to represent the State Treasurer.

(f)

The Attorney General shall appoint one ex officio, nonvoting member to represent the Attorney General.

(g)

The Director of the Oregon Department of Emergency Management shall appoint one ex officio, nonvoting member to represent the Oregon Department of Emergency Management.

(2)

Intentionally left blank —Ed.

(a)

The voting members of the council shall consist of:

(A)

One member who represents Indian tribes, as defined in ORS 97.740 (Definitions for ORS 97.740 to 97.760);

(B)

One member who represents the Association of Oregon Counties;

(C)

One member who represents the League of Oregon Cities;

(D)

One member who represents the Special Districts Association of Oregon;

(E)

One member who represents regional governments;

(F)

One member who represents the Oregon Association of Education Service Districts;

(G)

One member who represents the Oregon School Boards Association;

(H)

One member who represents the Coalition of Oregon School Administrators;

(I)

One member who represents public universities listed in ORS 352.002 (Public universities);

(J)

One member who represents community colleges;

(K)

One member who represents the office of Enterprise Information Services;

(L)

One member who represents a critical infrastructure sector in Oregon as defined by the Cybersecurity and Infrastructure Security Agency of the United States Department of Homeland Security;

(M)

One member who represents cyber-related industries in Oregon;

(N)

One member who represents a public sector information technology association in Oregon; and

(O)

One member who represents a private sector information technology or telecommunications association in Oregon.

(b)

A majority of the council’s voting members must be geographically diverse representatives of public universities listed in ORS 352.002 (Public universities), local governments, regional governments, special districts, education service districts, school districts or libraries.

(3)

The council shall elect one voting member of the council to serve as chairperson and one voting member of the council to serve as vice chairperson.

(4)

Intentionally left blank —Ed.

(a)

A majority of the voting members of the council constitutes a quorum for the transaction of business.

(b)

Official action by the council requires the approval of a majority of the voting members of the council.

(5)

Intentionally left blank —Ed.

(a)

The term of office of each voting member of the council is four years, but a member serves at the pleasure of the Governor.

(b)

Before the expiration of the term of a voting member, the Governor, after consultation with the State Chief Information Officer and the director of Oregon Cybersecurity Center of Excellence or the director’s designee, shall appoint a successor whose term begins on July 1 following the appointment. A voting member is eligible for reappointment.

(c)

If there is a vacancy for any cause, the Governor, after consultation with the State Chief Information Officer and the director of Oregon Cybersecurity Center of Excellence or the director’s designee, shall make an appointment to become immediately effective for the unexpired term.

(6)

The nonvoting legislative members of the council shall serve two-year terms and are eligible for reappointment.

(7)

The council shall meet at times and places specified by the call of the chairperson or a majority of the voting members of the council.

(8)

Members of the council who are not members of the Legislative Assembly are not entitled to compensation, but the Oregon Cybersecurity Center of Excellence may reimburse a member of the council who is not a member of the Legislative Assembly for actual and necessary travel and other expenses incurred in performing the member’s official duties, in the manner and amounts provided for in ORS 292.495 (Compensation and expenses of members of state boards and commissions), from funds appropriated to the Higher Education Coordinating Commission for purposes of the council.

(9)

Members of the council who are members of the Legislative Assembly are entitled to compensation and expense reimbursement as provided in ORS 171.072 (Salary of members and presiding officers).

(10)

The council may:

(a)

Adopt rules, policies and procedures necessary for the operation of the council.

(b)

Establish subcommittees, advisory committees or other work groups necessary to assist the council in performing its duties.

(c)

Appoint additional nonvoting members to the council.

(11)

All agencies of state government, as defined in ORS 174.111 (“State government” defined), are directed to assist the council in the performance of the council’s duties and, to the extent permitted by laws relating to confidentiality, shall furnish information and advice the council considers necessary to perform the council’s duties. [2023 c.489 §3 (enacted in lieu of 276A.326)]
Note: Section 4, chapter 489, Oregon Laws 2023, provides:
Sec. 4. Notwithstanding the term of office specified in section 3 of this 2023 Act [276A.560 (Oregon Cybersecurity Advisory Council)], of the voting members appointed to the Oregon Cybersecurity Advisory Council under section 3 of this 2023 Act:

(1)

One-third shall serve for a term ending July 1, 2025.

(2)

One-third shall serve for a term ending July 1, 2026.

(3)

The remaining voting members shall serve for a term ending July 1, 2027. [2023 c.489 §4]

Source: Section 276A.560 — Oregon Cybersecurity Advisory Council, https://www.­oregonlegislature.­gov/bills_laws/ors/ors276A.­html (accessed May 26, 2025).

276A.200
Legislative findings on information resources 276A.203
State Chief Information Officer 276A.206
Oversight of state information and telecommunications technology by State Chief Information Officer 276A.209
State Information Technology Operating Fund 276A.223
Requirement that state agency or public corporation obtain quality management services when implementing information technology initiative 276A.230
Definitions 276A.233
Information technology portfolio-based management 276A.236
Enterprise information resources management 276A.239
Portfolio-based management of information technology resources for Secretary of State 276A.242
Portfolio-based management of information technology resources for State Treasurer 276A.250
Definitions 276A.253
Oregon transparency website 276A.256
Reports of tax expenditures connected to economic development 276A.259
Transparency Oregon Advisory Commission 276A.262
Transparency Oregon Advisory Commission Fund 276A.270
Definitions 276A.273
Electronic Government Portal Advisory Board 276A.276
Ability to offer government services through portal 276A.300
Information systems security in executive department 276A.303
Information systems security for Secretary of State, State Treasurer and Attorney General 276A.306
Information security incidents and assessments 276A.323
State agency coordination 276A.332
Authority of State Chief Information Officer to enter into agreements 276A.335
Moneys from federal government and other sources 276A.340
Definitions 276A.342
State agencies prohibited from using covered products 276A.344
Policies and standards 276A.346
Secretary of State prohibited from using covered products 276A.348
State Treasurer prohibited from using covered products 276A.350
Definitions 276A.353
Chief Data Officer 276A.356
Open data standard 276A.359
Technical standards manual 276A.362
Release of publishable data on web portal 276A.365
Information management by state agencies 276A.368
Purpose of data 276A.371
Obligations of state agency under public records law 276A.374
Application to Secretary of State and State Treasurer 276A.400
Policy 276A.403
Coordination of telecommunications systems 276A.406
Acquisition of broadband and communications services 276A.409
Use of agency travel and transportation funds for telecommunications services 276A.412
Contracts for telecommunications equipment and services not to exceed 10 years 276A.415
Agreements to fund or acquire telecommunications equipment and services 276A.418
Public contracts for broadband Internet access service 276A.421
Provision of broadband services that compete with services of private telecommunications provider 276A.424
Connecting Oregon Schools Fund 276A.500
Definitions 276A.503
Oregon Geographic Information Council 276A.506
Powers of council 276A.509
Public body duty to share geospatial framework data with council 276A.512
Oregon Geographic Information Council Fund 276A.515
State geographic information officer 276A.550
Definitions 276A.555
Oregon Cybersecurity Center of Excellence 276A.560
Oregon Cybersecurity Advisory Council 276A.565
Oregon Cybersecurity Center of Excellence Operating Fund 276A.570
Oregon Cybersecurity Workforce Development Fund 276A.575
Oregon Cybersecurity Grant Program Fund

Current through early 2026

§ 276A.560. Or. Cybersecurity Advisory Council's source at oregon​.gov