This might finally be the year for cybersecurity funding at the Legislature. Schools could use the help.
A somewhat obscure legislative committee has been exhaustively working since the start of the session on a bill to invest in local government cybersecurity.
The Joint Information Management and Technology Committee is one of the Legislature’s smaller committees. It meets once a week and has only a few bills assigned to it. The committee is powerful, though. It is a joint committee, meaning it has members from the House and Senate chambers. Co-Chair Rep. Nancy Nathanson, D-Eugene, who was first elected in 2007 and is a former co-chair of the Joint Ways and Means Committee, adds veteran punch to make things happen.
Establish the Oregon Cybersecurity Center of Excellence within Portland State University. Oregon does not have a centralized location for cybersecurity outside the Department of Administrative Services, a state agency that is responsible for state agency cybersecurity, not local government support. This center would coordinate funding, particularly federal funding, with a targeted focus on the unmet needs of regional and local government, special districts, education service districts, K-12 school districts and libraries.
Establish the Oregon Cybersecurity Center of Excellence Operating Fund as a standalone account to continuously fund the center. It is not uncommon for programs to be created by statute to receive one-time funding only or no funding at all. The ability to continuously appropriate funds hopefully indicates the Legislature intends to keep this program going.
Appropriate as much at $10 million to start the programs in the bill.
This is not the first time the Legislature has considered local government cybersecurity investments. In 2022, HB 4155 was expected to become law. It was an end of session casualty, however, delaying a comprehensive response to cybersecurity challenges.
School districts and ESDs support the bill. Rachel Wente-Chaney, the High Desert ESD chief information officer, testified earlier this month on behalf of many stakeholders, including OSBA, the Oregon Association of Education Service Districts, the Coalition of Oregon School Administrators and a number of school district-based IT professionals. She described the threat of malicious hackers increasingly targeting schools and shared the variety of attacks districts have faced, including:
ransomware attacks, resulting in disruption and school closures;
phishing attacks, resulting in financial losses and/or theft of personally identifiable information;
information systems breaches, jeopardizing both the continuity of education and student data privacy.
This problem is increasingly in the news. Malicious hackers have done staggeringly expensive harm to school districts, notably the Los Angeles Unified School District. School officials hope this bill will put our districts in a better place to stop these bad actors before they make inroads.