Although the Missouri Cybersecurity Commission was put into law in 2021, Gov. Mike Parson has not named any of the eight members he has the power to appoint to the panel, despite an ongoing threat of online attacks.
Rep. Ashley Aune, D-Kansas City, who helped craft the legislation, has largely given up on Parson, who is term-limited and leaves office in January, and pledged to work with the next governor to get the commission up and running.
She said no one in the governor’s office has explained why the panel hasn’t met.
“I have no idea why he doesn’t think it’s a priority,” Aune said.
The commission was formed as part of an effort to identify risks and vulnerabilities facing state government in regard to computer hacking and other online attacks from within or outside the U.S.
The panel is supposed to meet at least quarterly and make recommendations to the governor to reduce the state’s risk of cyberattack and to identify best practices for the state to work offensively against cyber threats.
The commission also is supposed to prepare an annual report to the governor outlining possible vulnerabilities.
Parson raised eyebrows months after he signed the law creating the commission when he called on the Missouri Highway Patrol to investigate a Post-Dispatch reporter over an alleged hacking incident.
In October 2021, reporter Josh Renaud alerted the Missouri Department of Elementary and Secondary Education about a vulnerability on its website. The Social Security numbers of more than 100,000 school teachers, administrators and counselors were vulnerable to public exposure.
When the education department prepared to thank Renaud for discovering the problem, Parson overruled the agency and pledged at a news conference then that he would “not let this crime against Missouri teachers go unpunished” and vowed not to be “a pawn in the news outlet’s political vendetta.”
After the highway patrol finished its investigation — in which it estimated 576,000 Social Security numbers were actually exposed — the agency forwarded its report to the Cole County prosecutor, who declined to press charges.
Aune said Parson may have shelved the task force because he is angry about the negative reaction he received in response to the DESE incident.
“I can only speculate,” Aune said.
The absence of the commission comes as the governor’s administration hosted an event last week for state employees to learn about cybersecurity from companies and federal officials.
The event was sponsored by the Office of Cyber Security, which is responsible for protecting more than 60,000 devices and the data that flow through and resides on those devices.
Missouri has dealt with major computer outages in recent months.
In July, Missourians seeking to renew driver licenses and access food benefits were among those facing delays after cybersecurity giant CrowdStrike experienced a major disruption.
Most license offices simply closed their doors for the day after determining they’d been affected.
At the Missouri Department of Health and Senior Services, a supplemental food program for women, infants and children — known as WIC — was temporarily down.
The state’s information technology team was deployed across the state to get critical systems back up and running.
“Though approximately 31,000 workstations were affected as a result of the CrowdStrike update, state offices remained open and many team members were able to continue to provide critical services to our customers,” said Office of Administration spokesman Chris Moreland.
Cost estimates of the shutdown have not been made available.
(c)2024 the St. Louis Post-Dispatch Visit the St. Louis Post-Dispatch at www.stltoday.com Distributed by Tribune Content Agency, LLC.
