One of Gov. Jay Nixon's most memorable cases as attorney general — or at least most memorably named — is Nixon v. Beer Nuts, ruled in his favor in 2000.
The case involved a company offering a beer-of-the-month promotion available for purchase online. In an effort to strengthen Missouri's ability to enforce consumer laws even for goods purchased from out of state over the internet, Nixon's office arranged a sting operation wherein a 15-year-old purchased alcohol through the website.
"It was a unanimous Supreme Court decision that we did have the ability to investigate, we did have the ability to enforce our liquor laws wherever they were," Nixon told a crowd of public- and private-sector technology professionals. "That began for us this foray into the internet. Little did I know that it would lead to where we are now, where we are spending as much time, if not more, on defense than we are on offense."
Nixon used the anecdote to illustrate the growing importance of securing the valuable data the state possesses, as well as the valuable information stored and communicated using the internet across every sector, during the first Missouri Governor's Cybersecurity Summit, held Tuesday in Jefferson City.
"Whether it's test scores or health records in an elementary school, whether it's ticket information in a city hall, whether it's health care information here or private health care information at the Department of Mental Health, or crime records in the middle of an investigation somewhere that don't need to be compromised — the bottom line is we have a joint responsibility, public and private sector, to define very clearly what is public and what is private," Nixon said.
Tuesday's conference for cybersecurity stakeholders from across the state was one effort of Missouri's new Cybersecurity Task Force.
"Cyber threats constantly evolve, and we too must evolve and continue to come up to what the game requires," Nixon said. "Meeting this challenge requires a coordinated, comprehensive and aggressive approach that marshals the resources of both the public and the private sector."
Funded partially through a $100,000 grant from the U.S. Department of Homeland Security, the Cybersecurity Task Force includes representatives from state and local governments, law enforcement agencies, private businesses, higher education institutions and public school districts.
The task force's goals are to encourage best practices for information sharing; initiate training for effective defense against cyber attacks; develop a workforce prepared to use that expertise; harden critical infrastructure to withstand cyber attacks; and prepare to give effective incident responses in the event of a cyber threat.
Missouri's state government itself already has powered up its efforts to secure electronic information.
"As we witnessed our peers become victims of attacks, such as the states of Texas, Utah and South Carolina and major businesses like Heartland, Target, Home Depot and Sony, we became greatly concerned about our citizens' data," said Missouri Cyber Information Security Officer Mike Roling, whose Office of Cybersecurity has quadrupled in size since 2009.
"We started to realize that a purely compliance-driven approach had taken over," Roling said. "Compliance is good, but security is better."
Since that time, the Legislature has approved a dedicated state budget for cybersecurity initiatives and security capabilities have expanded.
It wasn't long before those precautions were tested.
"In the late summer and fall of 2014, during the period of civil unrest in the St. Louis area, the state of Missouri was the No. 1 target of hacktivists globally," Roling said. "They went after web applications, looking for vulnerabilities, and tried to social-engineer their way into our systems."
Fortunately, the security systems in place served their purpose.
"We were able to quickly take action and work as one primarily due to the functional alignment brought about by having consolidated IT," Roling said. "The average state employee and constituent had no idea that the state of Missouri was under a cyber siege, and that's exactly what we were aiming for — continuity of business."
Looking to the technology landscape of the future, the challenges will only grow, he said.
"Historically, information technology within organizations has focused almost exclusively on systems that consume, process and output data. With everything becoming connected, human safety is now on the radar," Roling said. "A data breach is terrible, but the loss of life as a result of not being able to secure or manage software within cars, traffic signals, water supply controls or hospital equipment is absolutely horrifying. Securing and managing the 'internet of things' is our next great problem and opportunity as IT professionals."
More immediately, Nixon said, cybersecurity directly affects Missouri's economy.
"It's really important economically," the governor said. "Like every challenge, cybersecurity is also an opportunity. In addition to enhancing security of Missouri's personal information and enhancing our cybersecurity efforts, we'll also strengthen our economy and Missouri's position as a hub of high-tech jobs and innovations."