Working together to reduce the risk of a data breach

State and local governments must prepare for the worst


Across the U.S., more than 94 million citizens' records, under the care of government agencies, are estimated to have been lost or breached since 2009. Multiply this figure by $194, which is the average cost per compromised record for organizations in the United States, according to the Ponemon Institute's Annual Study, and the numbers become astronomical: nearly $18.2 billion dollars' worth of damage.

In Oregon, a 2016 breach at the relatively obscure Construction Contractors Board compromised the log-in credentials for the Oregon Department of Transportation and several local governments. As this example shows, in an age of increasingly subtle and stealthy cyber attacks, state and local governments must prepare for the worst.

The extraordinary amount of personal data collected by public entities makes them attractive targets for cybercriminals and hacktivists, and they face risks from simple human error and disgruntled employees. Unfortunately, the cybersecurity posture of governments is typically lower than commercial enterprises.

The Cyber Oregon initiative is an effort to help government organizations across the state get access to the information and resources they need to safeguard citizens’ data – from undertaking risk assessments, increasing stakeholder collaboration and investing in cybersecurity talent.


Stay current with the fast-changing cyber world.


Find what you need to stay safe online.


Make connections in the cyber community.


Be more secure online with these tips.

Spotlight Profile

Alex Pettit

Alex Z. Pettit, PhD, CIO, State of Oregon

Alex Z. Pettit serves as the chief information officer (CIO) for the State of Oregon where he is responsible for all of the state agencies’ information and telecommunications systems. He was appointed to his position by Governor Kate Brown in January 2014.

Since his appointment as State CIO, Dr. Pettit has worked to implement HB 3099 (2015), a law that permanently reassigned responsibility for IT service delivery at the state data center and designated the State CIO as an independent official, directly responsible to the Governor as the primary advisor on statewide IT policy and operations.

Among other provisions, the bill also codified an incremental funding and development process for IT projects over $1 million and provided a delegation of authority over enterprise IT and telecommunications projects. Additionally, Dr. Pettit served as the interim CIO for Cover Oregon following its failed launch and directed the successful transition of the state to the federal health exchange.

Prior to joining the State of Oregon, Dr. Pettit served as the first CIO for the State of Oklahoma from 2010 until December 2013. As the CIO for Oklahoma, Dr. Pettit developed a comprehensive and measurable framework defining, delivering and supporting the activities of the 132 agencies for the State.

Dr. Pettit completed his Ph.D. in Information Science from the University of North Texas, where his dissertation focused on the study or requirements analysis within software development practices.

Previously, Dr. Pettit held other IT leadership positions within public, private and higher education institutions, including: vice president at Marsh McLennan Risk Consulting; chief technology officer for the City of Denton, Texas; and senior manager at Ernst & Young. He also developed and tested disaster recovery plans during the renovation of the Tom Watkin Jr. data center at Brown University and served as a consultant for the U.S. Environmental Protection Agency.

CIO of Oregon

“Cybersecurity is a shared responsibility among both the public and private sector. State agencies, local governments, educational institutions and Oregon’s private sector can’t afford to go it alone. The risks are too great.”

Alex Pettit

Education / Government / Individuals / News / Nonprofit / Small Business

News Roundup: My kingdom for cyber insurance

Brian Edwards, News Editor / June 11, 2018
Cybersecurity / Education / Government / Individuals / News / Nonprofit / Small Business

News Roundup: Investors take stock in the cybersecurity industry

Education / Government / Individuals / News / Nonprofit / Small Business

News Roundup: Will U.S. elections be secure?

Cybersecurity / Education / Government / Individuals / News / Nonprofit / Small Business

CyberSecurity 2028: By Default, By Design

Government Resources

Governor Kate Brown’s Executive Order 16-13, “Unifying Cyber Security in Oregon” (EO 16-13) and SB 90 (2017) represent a fundamental shift in how the state of Oregon approaches IT security. The Enterprise Security Office (ESO) is responsible for enterprise security policy, security monitoring of the state network, enterprise incident response, and enterprise security architecture, as well as dissemination of security training, policy, and best practices across state government.

Other resources

MS-ISAC (Multi-State Information Sharing & Analysis Center)
A focal point for cyber threat prevention, protection, response and recovery.

FBI Cyber Investigations
Information and resources from the FBI on fighting cyber crime.

NASCIO (National Association of State Chief Information Officers)
Resources on cybersecurity awareness and more.

Stop. Think. Connect.
Cybersecurity information from the U.S. Department of Homeland Security.

Cybersecurity information from the U.S. Computer Emergency Readiness Team

Upcoming Events

  1. Portland Cybersecurity Conference 2018

    June 28
  2. NW CYBER CAMP 2018

    July 16 - July 20
  3. Cyber Oregon Cybersecurity Summit (Invite Only)

    July 19 @ 3:00 pm - 5:00 pm
  4. Black Hat USA 2018

    August 4 - August 9
  5. DEF CON 26

    August 9 - August 12

Help for government staff

Here are some tried and true tips for government workers to help prevent cyber attacks.

1. Lock and password protect all personal and agency-owned devices including

smartphones, laptops, and tablets. This includes locking your computer when you step away from your desk at work. You may not always know the people walking around your office and what their intentions are. Encrypt data and use two-factor authentication where possible.

2. Regularly scan your computer for viruses and spyware and keep your software up to date.

3. Dispose of sensitive information properly and according to your organization’s policies.

4. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.

5. Take advantage of cybersecurity training offered by your department or agency.

6. Conceal your work badge and identification when outside of your office building,
especially when out in public or when using public transportation.


Contact Us

[email protected]