custom ad
NewsOctober 18, 2021

Three months after creation of a commission to identify cybersecurity risks in state government, Gov. Mike Parson has not appointed any members. A state lawmaker said Friday vulnerabilities exposed on a state website prove the need for just such a panel of experts...

By JIM SALTER ~ Associated Press

Three months after creation of a commission to identify cybersecurity risks in state government, Gov. Mike Parson has not appointed any members. A state lawmaker said Friday vulnerabilities exposed on a state website prove the need for just such a panel of experts.

Democratic state Rep. Ashley Aune of Kansas City helped write the section of Senate Bill 49 creating the Missouri Cybersecurity Commission. Parson, a Republican, signed the bill into law in mid-July.

"In light of the events that have transpired this week, I believe the governor cannot wait any longer to appoint members to this commission so it may do the critical work of identifying and rectifying gaps in Missouri's cyberinfrastructure," Aune said in a news release.

A St. Louis Post-Dispatch journalist uncovered a security flaw on a Department of Elementary and Secondary Education's web application allowing the public to search teacher certifications and credentials. The newspaper found the Social Security numbers of perhaps 100,000 teachers and other school officials from around the state were in the HTML source code of the pages involved.

The Post-Dispatch alerted the department Tuesday and the agency removed the pages. The Post-Dispatch said it gave the state time to fix the problem before publishing a story Thursday.

But Parson on Thursday announced a criminal investigation, alleging the newspaper journalist was "acting against a state agency to compromise teachers' personal information in an attempt to embarrass the state and sell headlines for their news outlet. We will not let this crime against Missouri teachers go unpunished."

Receive Daily Headlines FREESign up today!

Aune accused Parson of a "smear campaign" against the Post-Dispatch journalist when it was Parson's administration that stored the private information and left it unprotected.

"This fiasco perfectly illustrates why Missouri needs to get serious about confronting 21st century cyberthreats," Aune said.

An email message left Friday with Parson's spokeswoman was not immediately returned. But during his news conference Thursday, Parson said the state is "working to strengthen our security to prevent this incident from happening again. The state is owning its part, and we are addressing areas in which we need to do better than we have done before."

Ian Caso, publisher of the Post-Dispatch, said in a statement the newspaper stands by the story and the reporter, who he said "did everything right."

Orin Kerr, a law professor at the University of California, Berkeley, and an expert on computer crime law, said the fact the Post-Dispatch journalist looked at the HTML source code is not a crime.

"The Supreme Court has recently said the federal computer hacking law calls for a 'gates up' versus 'gates down' inquiry," Kerr said. "And when you post information in source code on your website, on pages the public is supposed to access, that gate is 'up.'"

AP reporter Summer Ballentine in Columbia, Missouri, contributed to this report.

Story Tags
Advertisement

Connect with the Southeast Missourian Newsroom:

For corrections to this story or other insights for the editor, click here. To submit a letter to the editor, click here. To learn about the Southeast Missourian’s AI Policy, click here.

Advertisement
Receive Daily Headlines FREESign up today!