Missouri governor invited to appoint cybersecurity panel
Three months after a commission was created to identify cybersecurity risks in state government, Missouri Gov. Mike Parson has yet to appoint a member. A state lawmaker said on Friday that the vulnerabilities exposed on a state website prove the need for such a panel of experts.
Democratic State Representative Ashley Aune, of Kansas City, helped draft the section of Senate Bill 49 that created the Missouri Cyber ââSecurity Commission. Parson, a Republican, signed the bill in mid-July.
“In light of the events that have occurred this week, I believe that the governor cannot wait any longer to appoint members to this commission so that it can do the critical work of identifying and correcting gaps in the cyber infrastructure of the Missouri, âAune said in a press release.
A reporter from St. Louis Post-Dispatch discovered a security breach in a Department of Elementary and Secondary Education web application that allowed the public to search teachers’ certifications and credentials. The newspaper discovered that the Social Security numbers of perhaps 100,000 teachers and other school officials statewide were in the HTML source code of the affected pages.
The Post-Dispatch alerted the department on Tuesday and the agency removed the pages. The Post-Dispatch said it gave the state time to resolve the issue before publishing an article on Thursday.
But Parson announced a criminal investigation on Thursday, alleging the newspaper reporter was “acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell titles for their media.” We will not let this crime against teachers in Missouri go unpunished. “
Aune accused Parson of a “smear campaign” against the Post-Dispatch reporter when it was the Parson administration that stored the private information and left it unprotected.
“This fiasco is a perfect illustration of why Missouri needs to take the fight against 21st century cyber threats seriously,” Aune said.
An email message left with Parson’s spokesperson on Friday was not immediately returned. But in his press conference Thursday, Parson said the state “is working to strengthen our security to prevent this incident from happening again.” The state is doing its part and we are tackling areas where we need to do better than we have done before. “
Ian Caso, editor of the Post-Dispatch, said in a statement that the newspaper supported the story and the journalist, who he said “did everything right”.
Orin Kerr, a law professor at the University of California at Berkeley and an expert in computer crime law, said the Post-Dispatch reporter reviewed the HTML source code is not a crime.
“The Supreme Court recently declared that the federal hacking law calls for an ‘open doors’ investigation against ‘closed doors’,” Kerr said. âAnd when you post information in the source code on your website, on the pages the public is supposed to access, that door is ‘open’. “
AP reporter Summer Ballentine in Columbia, Missouri, contributed to this report.