Oregon Cybersecurity Advisory Council Drives Mission to Improve Digital Security for all Oregonians

The Oregon Cybersecurity Advisory Council (OCAC) has been busy. If I had to put one word on the past 18 months, I would say, “relationships.” From our initial meeting in September of 2017 though today, the OCAC has met with cybersecurity companies, industry experts, higher education institutions, and high school students interested in cybersecurity.

Our foundational meetings in late 2017 led to the establishment of our mission and vision statements:

Our mission: To build tangible solutions to protect the digital lives of all Oregonians.

Our Vision: We believe cybersecurity is a shared responsibility and must be accessible to all.

The OCAC is not simply about cybersecurity for big business. We are for small business, nonprofits, educational institutions, and the individual Oregonian. Each one conducts business as well as their lives online. We believe every Oregonian’s information is valuable and should be protected. Every Oregonian should be informed and educated about how to protect their digital information online.

The Cybersecurity Advisory Council was established through Senate Bill 90 (SB 90) and signed into law in the summer of 2017 by Governor Kate Brown. The OCAC members were appointed by the Oregon State Chief Information Security Officer (OSCIO) and began meeting in September of 2017. The OCAC was established with five primary purposes.

1. Serve as the statewide advisory body to the State Chief Information Officer on cybersecurity.
2. Provide a statewide forum for discussing and resolving cybersecurity issues.
3. Provide information and recommend best practices concerning cybersecurity and resilience measures to public and private entities.
4. Coordinate cybersecurity information sharing and promote shared and real-time situational awareness between the public and private sectors in this state.
5. Encourage the development of the cybersecurity work­force through measures including, but not limited to, competitions aimed at building workforce skills, dissemi­nating best practices, facilitating cybersecurity research and encouraging industry investment and partnership with post-secondary institutions of education and other career readiness programs.

Additionally, the acting OSCIO in September of 2017, requested that the OCAC develop an establishment plan for the Cybersecurity Center of Excellence (CCoE) as mandated by SB 90.

The CCoE Establishment Plan was built from a foundational Oregon Cybersecurity Needs Assessment conducted by the Portland State University Center for Public Service which voiced the needs and concerns of many Oregonians from small business owners in rural Oregon to IT professionals in highly regulated industry in Portland. The survey and small focus groups were developed to understand the needs of a variety of groups in Oregon from across a variety of areas within the state. In March, the OCAC presented the CCoE establishment plan to the Joint Legislative Committee on Information Management and Technology.

The OCAC has embraced all five of the mandates by SB90 and has begun to build on these requirements. While the OCAC spent most of the year building relationships and establishing a foundation to work from, we did accomplish many tasks and delivered a CCoE Establishment Plan on time. As you review the OCAC Annual Report, you will find three pages of names, organizations, and privately held companies who have contributed in many ways to the vision and direction of the OCAC.

So, where do we go from here? That is a big question, and a very important one as the OCAC begins to grow and build up on our foundation. First, OCAC will continue to grow in our relationship with the OSCIO and our support in being an advisory body to the State of Oregon. The council is not simply nine voting members, but a compilation of many non-voting members and many more extended workgroup members with a variety of skills as cybersecurity practitioners.

Second, we believe that workforce development is THE key to the future. The research from the Needs Assessment performed by the PSU CPS team indicates a significant workforce shortage in experts and workers in the cybersecurity field. This is not simply an issue in Oregon but a nationwide issue. Partnering with K-12 education, secondary education, and retraining programs is a critical component to developing a strong cybersecurity workforce for the future. This is accomplished through programs such as NW Cyber Camp and partnering with secondary educational institutions such as OSU and Mt. Hood Community College and their cybersecurity education programs.

Finally, we believe that continuing to develop a Cybersecurity Center of Excellence in the state of Oregon is beneficial for ALL Oregonians. Providing a central place for small business and individual Oregonians move towards is highly beneficial for all. CyberOregon.com is a great resource, but what if we also had a central location for the needs of those who did not know where to turn for hands-on help with cybersecurity issues? Our goal is never to compete with private industry, but to provide hub where private industry can work with public service to meet the needs of those most vulnerable in Oregon.

If you find yourself interested in how you can support the council, I encourage you to reach out. There are three ways you can be involved:

1. Sponsorships: You can become a sponsor of the Oregon Cybersecurity Advisory Council (OCAC), CyberOregon, and the Cyber Oregon Summits.
2. Join the Conversation: You can attend the Cyber Oregon Summits and other cybersecurity events in the state.  
3. Legislative: You can contact your state representative and senators to voice your interest in seeing the CCoE plan develop and move forward with additional legislative funding and action on cybersecurity for the state of Oregon.