It’s not a revelation that another Oregon department has serious cybersecurity risks. What’s troubling is that the state identified the same kinds of weaknesses at the Department of Consumer and Business Services twice before in 2016 and in 2108.
They are still there.
The department should have a mature process for assessing and validating risks. It should document its security procedures. It should do more to ensure third-party activities are secure. It does not. The cybersecurity problems with the department are highlighted in a new state audit.
The department is Oregon’s “largest consumer protection and business regulatory agency. It handles professional licenses, complaints, citation appeals and some worker’s compensation. It’s budget for the 2021-2023 biennium is more than $662 million. It has 929 full-time equivalent positions.
Big department. Big job. Big need to protect its data.
The department response is, in part: “DCBS is fully committed to continuing to improve its security stance, protect state systems and data, and reduce risk.”
It doesn’t, though, explain why it’s full commitment to improvement led to yet another state report pointing out problems identified in 2016 and 2018. Instead Oregonians got excuses: “Past audits and assessments accounted for organizational maturity and risk acceptance to temper resultant grading.”
Two years ago, the Bend Park & Recreation District shelved plans to build a footbridge over the Deschutes River southwest of Bend. Now a grassroots movement that supports the bridge idea is gearing up for a renewed campaign to build the bridge. If you have a detailed opinion, send it to letters@bendbulletin.com
