Oregon's House Bill 3228, introduced on March 21, 2025, aims to bolster the cybersecurity defenses of public bodies across the state by establishing a dedicated study and funding mechanism. The bill, sponsored by Representative Nathanson, Senator Woods, and Representative Mannix, directs the Oregon Cybersecurity Advisory Council to investigate the use of cybersecurity insurance for public entities and report its findings by the end of 2025.

The primary goal of House Bill 3228 is to enhance the resilience of public bodies against cyber threats, which have become increasingly prevalent in recent years. By studying the potential benefits of cybersecurity insurance, the council will provide valuable insights that could shape future legislation and policy decisions regarding cybersecurity practices in Oregon.

A significant feature of the bill is the creation of the Oregon Cybersecurity Resilience Fund, which will be managed separately from the state’s General Fund. This fund will receive donations and appropriations, and its resources will be allocated to the Higher Education Coordinating Commission. The commission will then distribute these funds to the Oregon Cybersecurity Center of Excellence, which will assist public bodies in meeting insurance requirements and preparing for cybersecurity incidents.

While the bill has garnered support for its proactive approach to addressing cybersecurity risks, it has also sparked discussions about the adequacy of existing cybersecurity measures within public institutions. Critics argue that simply providing insurance may not be enough to mitigate the risks posed by cyberattacks, emphasizing the need for comprehensive training and infrastructure improvements.

The implications of House Bill 3228 extend beyond just cybersecurity; they touch on the broader issues of public safety and trust in government operations. As cyber threats continue to evolve, the effectiveness of this bill could significantly impact how public bodies manage their digital security and respond to incidents.

As the legislative process unfolds, stakeholders will be closely monitoring the council's findings and recommendations, which could lead to further legislative action aimed at strengthening Oregon's cybersecurity framework. The urgency of the bill, marked by its emergency declaration, underscores the state's commitment to safeguarding its public institutions against the growing tide of cyber threats.