Governor Kate Brown’s Executive Order 16-13, “Unifying Cyber Security in Oregon” (EO 16-13) and SB 90 (2017) represent a fundamental shift in how the state of Oregon approaches IT security. At a core level, IT security is about trust—as public servants and custodians of public data, we owe Oregonians a duty to protect their personal information. Regardless of agency mission or size, Oregonians rightfully expect their government to use technology to improve customer service while ensuring those systems are secure and that personal information is subject to consistent protections.
The Enterprise Security Office (ESO) vision will be “unifying cybersecurity to improve customer service for Oregonians while ensuring those systems are secure, resilient and ready for the future." In working to realize this vision, the ESO has identified four focus areas informed by the implementation of EO 16-13, including i) proactive, holistic risk management; ii) open empowered culture of security; iii) resilient it architecture; and iv) rapid detection, response, and recovery (outlined in the ESO strategic house below).
At the same time, Oregon requires a long-term multi-sector cyber strategy that leverages the private-sector expertise of Oregon's cyber-related industries, enables information sharing, anticipates cyber disruptions and builds capacity across the state and with our local government partners and school districts. SB 90 (2017) and the Cyber Oregon initiative seek to enhance Oregon's cybersecurity through three additional measures, including:
- Establishment of the Oregon Cybersecurity Advisory Council to enhance information sharing and cyber workforce development;
- Enabling planning for development of a public-private Cybersecurity Center of Excellence; and
- Enabling Oregon to compete for cyber grant funding and engage in cross-sector cyber initiatives through public-private partnerships.