IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Oregon Cybersecurity Center of Excellence to Launch in October

The center will provide cybersecurity services to local government agencies, build a talent pipeline with high school and higher ed training options, and more.

computer science class,Teacher,Giving,Computer,Science,Lecture,To,Diverse,Multiethnic,Group,Of
Shutterstock
Oregon is getting a new Cybersecurity Center of Excellence — fulfilling a goal proponents have pursued for years.

The center comes after the governor signed a bill that will bring three major universities together to get the center up and running, at least at some capacity, by Oct 1.

The center of excellence (COE) is intended to supplement the state CIO’s work, per the bill. It’s tasked with responsibilities like developing the state’s cyber workforce, conducting research and development, coordinating information sharing and pursuing federal cyber funding. It will also provide cybersecurity services to local governments, libraries and school districts, and it will advise the governor, CIO and Legislature on cyber matters.

Portland State University (PSU) will host the center and operate it jointly with Oregon State University (OSU) and the University of Oregon. While the bill calls for a sweeping array of cybersecurity initiatives, the center’s first efforts will likely focus on building a community of stakeholders and on workforce development.

The universities also aren’t starting from scratch.

With the bill’s passage, “we’re very excited to be able to formally do a lot of these things we were already doing at some level, but without a lot of resources,” said Rakesh Bobba, an associate professor at OSU’s School of Electrical Engineering and Computer Science.

Expanding OSU’s existing Research and Teaching Security Operations Center (ORTSOC) will be one essential piece, said Birol Yeşilada, who is expected to become director of the cyber COE. Yeşilada is a PSU professor, endowed chair and former director of its Hatfield Cybersecurity and Cyber Defense Policy Center. He is now stepping down from his various responsibilities to focus full time on the cyber COE.

Bobba said the ORTSOC gives students hands-on training while providing cyber services like network intrusion monitoring to a few entities, including a small city and a nonprofit. State funding provided under the new legislation — along with monies from other sources — will allow the teams to scale up and serve more entities. Even so, Bobba expects the ORTSOC will need to start charging a small fee for its cyber services, to become “self-sustaining.” The ORTSOC also must prioritize helping entities that have IT staff and are able to work with them to receive services.

Other education institutions are involved in the COE, too, beyond the three lead universities. The new legislation also contributes funding toward various cyber programs, including cyber degree and certification programs at a few higher education institutions as well as the NW Cyber Camp, which serves high school students and has often had to rely on an unsteady stream of private donations.

Bobba said there have been ongoing efforts to better align cyber curriculums across higher ed institutions and to make the landscape easier for students to navigate. The state funding paves the way to advancing some of these goals, including creating a single website where Oregon students interested in cyber can view the available program options in the state.

Still, the designated monies don’t address all the COE’s needs, which is perhaps unsurprising in a year when the Legislature considered bills with collective funding asks that far outstripped the budget. Bobba said financial constraints necessitated axing a measure from the final legislation that would’ve required the COE to update the Legislature every two years with a report about the cybersecurity resilience of non-state public entities. But Yeşilada said that’s an important activity he hopes can be achieved later. He also said the center received less than half of the requested operations funding and expects to return to the Legislature midyear for additional requests.

To raise public cyber awareness, Yeşilada said the center intends to hold online discussions with expert speakers, and it will also convene regularly with stakeholders to discuss gaps and needs. One key role of the center will be to foster a community of stakeholders that reaches beyond state government, and which can work together to address cyber problems as well as support each other should they suffer a cyber attack, Bobba said.

The community voice will also come via a to-be-formed Cybersecurity Advisory Council. A previous version of such a council had fallen inactive and this will relaunch and expand, Bobba said. The new advisory council will include 15 governor-appointed voting members reflecting tribes, counties, education service districts and others, as well as six nonvoting members appointed by other state officials.

Plenty of practical work lies ahead before the COE’s October launch. The team needs to establish an operating agreement among the universities and a charter for the center and hire and appoint to fill key administrative positions. Yeşilada’s confirmation to the top post — anticipated, but unfulfilled as of Monday — is another key step and will allow the state to transfer over files to him.
Jule Pattison-Gordon is a senior staff writer for Governing and former senior staff writer for Government Technology, where she'd specialized in cybersecurity. Jule also previously wrote for PYMNTS and The Bay State Banner and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.