Missouri State Capitol

The Missouri state capitol in Jefferson City.

(The Center Square) – Missouri is home to a number of cybersecurity companies, including Global Velocity, Bandura and Norse Corp., and state lawmakers created an award-winning Office of Cyber Security managed by the state’s Chief Information Security Officer (CISO) nearly a decade ago.

Now that effort to thwart cyberattacks, data breaches and ransomware extortion against public institutions and corporations in Missouri will get more focused direction with the establishment of a nine-member Missouri Cybersecurity Commission.

The commission, which will operate under the Department of Public Safety (DPS), was created with the adoption of Senate Bill 49, which was signed into law Wednesday by Gov. Mike Parson.

The commission will evaluate risks to state technological infrastructure and issue an annual cybersecurity report to the governor and lawmakers to continuously update Missouri’s cybersecurity plan.

The commission’s nine members will all be appointed by the governor – no more than five from one party – and must include one person each from the Missouri National Guard, the State Emergency Management Agency (SEMA) and Highway Patrol.

The original 2021 bill to form a commission, House Bill 1204, was sponsored by Rep. Bill Hardwick, R-Waynesville, and passed through the House 144-0 before stalled on second reading in the Senate.

HB 1204 was amended into SB 49, which prohibits boats from anchoring in a way that obstructs access within 100 feet of a dock, and was passed 32-1 in the Senate and 145-1 in the House.

During a March hearing on HB 1204 before the House Homeland Security Committee, Hardwick cited his years of working with technology as a Missouri National Guardsman as his impetus in filing the bill.

The state’s Office of Cybersecurity does “a fantastic job of making sure that our networks are secure and that we have good protocols in place to protect them,” he said. “This bill would be a really positive advancement to identify the risks that we have from state actors, non-state actors around the world, and attacks that could potentially come in the future. It’s a good step forward and a good dialogue we could have about the best way we can identify information to the governor in case of an emergency.”

Maryland-based SecuLore Solutions’ Missouri Cyber Attacks page documents more than 50 instances of cyberattacks, data breaches, malware infiltration and ransomware crimes across the state since 2019.

SecuLore breaks down “infrastructure affected” in cyberattacks or ransomware crimes into Public Safety, Government, Medical and Education categories.

Under public safety, the page documents a dozen hacking and malware events detected on police and county sheriff’s websites in Missouri, including St. Louis County Police Headquarters, the Marion County Jail, Springfield Police Department, Kansas City Police Department and at least six county sheriff’s offices.

The government lists at least 12 cyberattacks on four cities – including ransomware crimes against the cities of Independence, Ashland and Washington – and six counties, including a ransomware assault against the Saline County Courthouse. State websites were targeted by “phishing,” according to SecuLore.

In the medical section, 14 data breaches and cyberattacks against health care providers and hospitals are cited, including ransomware crimes against Betty Jean Kerr People's Health Center in St. Louis, the Truman Medical Center and Blue Springs Family Care in Jackson County, and Cass Regional Medical Center in Cass County.

Under education, SecuLore lists seven cyberattacks against seven public school districts and six colleges, including the University of Missouri, Washington University’s School of Medicine and Metropolitan Community College of Kansas City.