Jefferson City, Mo. — A purported “cyber-hygiene” report from a vendor trying to sell its election cybersecurity product through the media is based on a scan of a domain (mo.gov) that is not in any way related to Missouri’s election website. Not only was the scan conducted on numerous pages that never had any connection to Missouri elections, the election system is completely separate from the networks of other state agencies. Other states reported similar issues with the company’s findings.
Missouri Secretary of State Jay Ashcroft, who organized the first National Election Security Summit held in St. Louis a year ago, stands with his bipartisan colleagues across the country in rejecting this company’s false analysis.
“This report is not only inconsequential, it is irresponsible,” Ashcroft said. “For a vendor to go to the media waving a report that is riddled with incorrect data is reprehensible. This company is only furthering the public’s distrust of our election systems.”
In a report grading the Missouri Secretary of State, one flaw was related to an IP address for a design handbook on another state agency’s website, and another IP address in the report pulled up pages related to the State Auditor, Department of Economic Development and Department of Elementary and Secondary Education – none of which host election data or related information.
“Instead of relying on poorly researched reports, we will continue to work closely with qualified and knowledgeable information security professionals and agencies like the U.S. Department of Homeland Security, Elections Infrastructure Information Sharing and Analysis Center, the Election Administration Commission, our state’s IT division and many others to assess and mitigate actual threats to Missouri elections,” Ashcroft added.