Missouri Governor. Mike Parson has not yet appointed any members. A state lawmaker stated Friday that vulnerabilities found on a state website show the need for such a panel.
Ashley Aune, a Kansas City Democratic state representative, was instrumental in the creation of the Missouri Cybersecurity Commission section of Senate Bill 49. The bill was signed into law by Parson, a Republican in mid-July.
“In light of the events that have transpired this week, I believe the governor cannot wait any longer to appoint members to this commission so it may do the critical work of identifying and rectifying gaps in Missouri’s cyberinfrastructure,” Aune said in a news release.
St. A St. Louis Post-Dispatch journalist discovered a security flaw in a Department of Elementary and Secondary Education web application that allowed the public search for teacher credentials and certifications. The HTML source code for the pages contained the Social Security numbers of 100,000 teachers and other school officials.
The Post-Dispatch notified the department Tuesday, and the agency removed those pages. The Post-Dispatch stated that it allowed the state to resolve the issue before publishing the story on Thursday.
Parson announced Thursday that a criminal investigation was underway. He claimed Parson had “acted against a state agency to compromize teachers’ personal data in an effort to embarrass state officials and sell headlines for his news outlet.” This crime against Missouri teachers will not go unpunished.”
Aune claimed that Parson was running a “smear” campaign against the Post-Dispatch journalist, when in fact it was Parson’s administration who stored the private information and left them unprotected.
Aune stated, “This fiasco perfectly illustrates Missouri’s need to get serious about facing 21st-century cyberthreats.”
Parson’s spokeswoman did not respond to an email sent Friday. Parson stated that the state was “working to strengthen security to prevent this from happening again” during Thursday’s news conference. We are working to improve our security and the state is taking responsibility for its actions.
Ian Caso (publisher of the Post-Dispatch) stated in a statement, that the newspaper stands behind the story and the reporter. He said that he “did everything right.”
Orin Kerr is a University of California Berkeley law professor and expert on computer crime law. He said that the fact that the Post-Dispatch journalist viewed the HTML source code was not a crime.
Kerr stated that the Supreme Court recently ruled that federal computer hacking laws require a “gates up” inquiry and not a “gates down” inquiry. Kerr said that if you put source code on your website on pages the public can access, that gate will be ‘up.