REMARKS AS PREPARED
November 20, 2017
Good morning. I’m Governor Kate Brown and it is my honor to proclaim today as Oregon Day of Cyber.
I want to thank Congresswoman Bonamici for your leadership on this vitally important matter. As a member of the House Committee on Technology, Congresswoman Bonamici is a fierce advocate for additional resources to bolster cybersecurity nationally. Thank you for your leadership.
In an era when we rely on integrated information technology and online data systems, cybersecurity is imperative. Here in Oregon, I also appreciate the efforts spearheaded by the Technology Association of Oregon and Oregon Institute of Technology.
At a core level, cybersecurity is about trust. Oregonians expect institutions and government to use technology to improve customer service, while ensuring their data is secure and subject to consistent protections.
I take this charge to heart, and I’d like to share my personal experience with a cyber-breach and how it has shaped my approach to Oregon’s response.
During my time as Oregon’s Secretary of State, I received news that the state campaign finance and business registry websites had been hacked. These websites were fairly new, developed to make reporting campaign expenses and accessing services for small businesses easier than ever.
In just a couple of moments, work the entire state – and my office - was very proud of had been compromised. Political candidates and small businesses felt they could no longer trust sharing their personal information with the state.
Among other things, the hackers accessed bank account numbers of political candidates throughout Oregon. We immediately shut down the websites and began a full investigation with law enforcement. However, we soon found out the hackers, possibly from China or North Korea, had been in our database a week before we even knew about it.
Obviously today, these threats are even more serious and more concerning than ever. However, I should also note that despite the website hack during my time as Secretary of State, the integrity of our elections system has been upheld.
And this past summer, Secretary Richardson reaffirmed that Oregon’s voting system has not been compromised by hackers.
Moreover, I’m happy to report that Oregon continues to make meaningful progress to address system deficiencies and increase our IT security posture.
Last year, I took important steps to begin modernizing and improving cybersecurity in Oregon. Through an executive order, I directed Oregon’s Chief Information Officer, Alex Pettit, to overhaul that state’s information systems to bolster security and defend against cyber attacks.
And this September, I signed into law SB 90 that establishes the Cybersecurity Advisory Council. This new council is tasked with developing a shared vision of a Cybersecurity Center of Excellence.
This work will be done in collaboration with Oregon’s cyber-related industry, private sector security experts, and educational institutions, as well as law enforcement agencies and local governments throughout the state.
My goal is to bring together companies like Intel and Hewlett Packard with state and federal agencies, and Oregon State University to do more than just upgrade state systems. We must build tools that the public can put their confidence in, even when doing something as simple as buying a fishing license.
Oregon has also been fortunate to be one of the five states selected to participate in the National Governors Association policy academy on enhancing state cyber security. The academy has been of great benefit to our team and I look forward to sharing lessons learned with my colleagues and their states.
Thank you for the opportunity to share my perspective on the role cyber security plays to earn the public’s confidence and I look forward to officially proclaiming today as the Oregon Day of Cyber.