Oregon State University, Portland State University and the University of Oregon are collaborating to form the Oregon Cybersecurity Center of Excellence at PSU in order to “promote awareness, education and training about cybersecurity and cybersecurity-related issues for public, private and nonprofit sectors.”
Outlined in House Bill 2049, which was signed into law by Governor Tina Kotek on July 31, 2023, the purpose of the center is “to supplement the activities of the state chief information officer regarding cybersecurity in (Oregon).”
With $4.9 million in funding, the CCOE looks to be a major part of a variety of cybersecurity projects.
According to section seven of the bill, the CCOE will be responsible for coordinating, funding or providing cybersecurity engineering and technical education workforce development programs; cybersecurity methodologies training programs; science, technology and mathematics technical education programs; cybersecurity research programs; and cybersecurity-related services to Oregon public bodies.
Initially, there were supposed to be more universities and community colleges attached to the center, but, mainly due to a proposed budget of $15 million, Rakesh Bobba, associate director at the CCOE, said the state legislature decided to cut the project down to the three major Oregon universities.
The $4.9 million is split between three funds: operating ($2.5 million), the money appropriated for the running of the center; workforce development ($2.15 million), which includes education and training; and a grant fund ($250k) to help public bodies.
“So it’s called a grant fund, but it’s funds set aside to help with the cost match needs for public bodies to get federal funding in the cybersecurity space.” Bobba said. Bobba also serves as associate professor at OSU’s School of Electrical Engineering and Computer Science.
“That’s one of the purposes from when that fund was created, but it can also be given as a grant fund to help local governments meet with cybersecurity challenges,” Bobba said.
While Bobba said that Oregon is no more susceptible to cyberattacks than any other state, he also said that rural areas and local governments are especially vulnerable.
“Funding is always an issue and resources are always a challenge for these small local governments, but if you’re in a rural area, you’re also struggling to attract the right talent to be able to help you with these kinds of problems,” Bobba said.
One big problem, Bobba went on to explain, is that the targets of cybersecurity threats have changed over the years. It is no longer big companies with deep pockets with intellectual property that can be stolen that are the targets of ransomware attacks, according to Bobba. Instead, local public health has become a lucrative target.
“It seems to me that the attackers figured out that hospitals are most likely to pay up because they need to immediately restore that system, which is pretty high, because you’re dealing with people’s lives and health,” Bobba said.
“So this is the kind of stuff that the center is able to facilitate,” Bobba added. “In translating research into practice that’s useful from, that’s helping local, public bodies that are otherwise struggling to deal with these challenges.”
Though the majority of the operational staff will be at PSU, Bobba said that both OSU and UO will also host operational staff.
“We originally intended it to be a truly virtual center, operated by the three universities but the legislative council needed some location,” Bobba said. “The bill states that it will be hosted at PSU, but will be jointly operated by the three universities.”
Each university will bring their own unique experiences and areas of expertise to the center.
Bobba points to OSU’s School of ECS as well as the Oregon Research Teaching and Security Operations Center.
“We have this new research and teaching security operations center,” Bobba said. “And this idea is what we’re following: a medical school or a veterinary medicine model where we train students in cybersecurity through clinical rotation. So they are actually providing services to real entities as part of their training.”
Bobba added, “So that’s kind of a novel cybersecurity education concept. OSU is among the first in the nation to formally integrate this into the curriculum and study this.”
Birol Yeşilada, CCOE director and cybersecurity professor at PSU, added that ORTSOC will also act as a regional cybersecurity center of excellence that provides security information sharing and analysis, professional education and training opportunities for regional entities. It will also serve underserved entities’ cybersecurity operations needs.
For what Portland State University brings to the program, Yeşilada said, “At PSU, we have The Mark O. Hatfield Cybersecurity and Cyber Defense Policy Center, a national center of academic excellence in cyber research designated by the National Security Agency and the Department of Homeland Security.”
According to Yeşilada, the center convenes scholars, managers and policymakers from Portland State University to train future leaders and translate research findings into effective policy.
“(PSU) achieves these goals through multi-disciplinary, multi-sector and multi-stakeholder curricular and research partnerships,” Yeşilada said. “Our no-fee, non-credit cybersecurity resilience certificate program is in its second year and is funded by United States Congress Targeted Funding.”
For the University of Oregon, Professor and Head of the Department of Computer Science and CCOE Associate Director Reza Rejaie said that UO offers a bachelor’s degree of science in cybersecurity and is currently working on implementing master’s and certificate programs as well.
“We are also developing a cyber clinic that offers experiential learning opportunities for students in our programs and cybersecurity services to various stakeholders in Oregon,” Rejaie added.
While at the moment the center features only the three universities, the bill states that, “a public university listed in ORS 352.002, or a community college operated under ORS chapter 341 … may join the operating agreement and provide administrative and staff support and facilities.”
Bobba points out that other organizations have already started to work with the center.
“There will be a collaboration among a number of academic institutions,” Bobba said. “So for example, Mount Hood Community College played a critical role throughout the years in supporting the passage of the bill. Some of the workforce development fund was actually set aside for a scholarship grant for students in community colleges that are focusing on cybersecurity.”
Aside from scholarships for community colleges, the center will offer internships and graduate assistantships opportunities in cybersecurity, Yeşilada said.
To reach out to young people to garner interest in the field, CCOE also runs the NW Cyber Camp, a summer cybersecurity camp that takes place from July 24 to July 28 every year at OSU and several other colleges around Oregon.
“Right now, there are about half a million jobs related to cybersecurity available in the country,” Bobba said. “In Oregon alone there are between 5,000 and 7,000. It’s a very well paying field as well. So the opportunities in this field would be good for Oregonians.”
Bobba also said the center is looking into ways to implement cybersecurity training into K-12 education and instructing K-12 teachers in cybersecurity.
Follow these links to check out ORTSOC and the School of ECS at OSU, Mark O. Hatfield Cybersecurity & Cyber Defense Policy Center at PSU and undergraduate programs at UO as well as their cybersecurity bootcamp program.