with Aaron Schaffer

A partisan election audit in Maricopa County, Ariz., is turning into a lesson in how not to manage cybersecurity and elections. 

The review began under a cloud. The GOP-controlled state Senate launched it despite the objections of top county officials and hired Cyber Ninjas to conduct it — a company with no election audit experience and whose CEO Doug Logan has echoed false claims that the 2020 election was stolen. 

Since then, the audit has been beset by unforced security errors including laptops with election information being left unattended and WiFi routers connecting to laptops that contain vital election information. 

Ballots themselves were also left unattended in poorly secured storage facilities and ballot images are being taken with cameras that seemingly haven’t undergone security vetting or been certified by a government body.

In more than a decade working on elections, audits and recounts across the country, I’ve never seen one this mismanaged,” Jennifer Morrell, a partner at the Elections Group consulting firm and a former local election official in Colorado, wrote in a Post op-ed.

The coup de grace came when Arizona Secretary of State Katie Hobbs (D) warned the county that it should replace nearly 400 ballot tabulators at a cost of millions of dollars because it couldn’t verify that Cyber Ninjas hadn’t tampered with them in a way that would make them more vulnerable to hacking — or left them unattended while someone else did so. 

“The lack of physical security and transparency means we cannot be certain who accessed the voting equipment and what might have been done to them,” Hobbs wrote to county leaders. 

Maricopa County leaders, who are contemplating suing the state Senate and the auditors, said they will not use any equipment that isn’t verified to be secure. The county board of supervisors is also majority Republican. 

The slapdash approach to the audit stands in stark contrast to how nonpartisan election audits are typically conducted.

“If post-election audits are performed and completed correctly, they are taken seriously; they are a big deal, and they must be done with great precision and public transparency — not ‘flying by the seat of your pants,’ ” Edward Perez, global director of technology development at OSET Institute, a nonprofit election technology organization, wrote in a blog post.  

He compared the Cyber Ninjas auditors to bankers who fail at the basic task of ensuring the security of all the currency in the bank. 

The rookie errors are especially egregious if you consider the last four years.

There's been a nationwide effort to improve election cybersecurity protections following Russian interference in the 2016 contest. 

Those efforts included buying new, more secure voting machines with auditable paper trails and fielding a massive network of Department of Homeland Security cybersecurity sensors in election offices across the nation. When all was said and done, top law enforcement and cybersecurity officials called the 2020 contest the most secure election in history.

Despite those improvements, however, voter confidence in election security was battered in 2020 — largely because of false claims by former president Donald Trump and his supporters that the election was stolen.  

The Maricopa audit could undermine voter confidence further even if auditors don’t find any evidence of fraud

“A group with no expertise, improvising procedures as it goes, is sowing doubt about the result of a well-run election,” Morrell wrote. “This is not an audit, and I don’t see how this can have a good outcome.”

But the Maricopa model will probably be repeated elsewhere. 

A Georgia state judge ordered heavily Democratic Fulton County to allow local voters to review all 147,000 mail-in ballots cast in the county in 2020 amid allegations counterfeit ballots were accepted, Amy Gardner reports

The order came after two statewide audits and a hand recount found no evidence of widespread fraud in the state, which Joe Biden narrowly carried. 

And Fulton County is just one of many communities where local voters and Trump supporters are pushing for additional audits. Such efforts are underway in Michigan and New Hampshire, among other states, Amy reports.

“What’s happening in Arizona is potentially a mortal attack on the firewall that protects impartial election administration from political influence and disinformation,” Perez wrote. “This model could spread to other states, and it must not. When weaponized doubt undermines faith in elections forever, it will be ‘game over’ for representative democracy.”

The keys

An FBI analyst was indicted on charges of bringing home sensitive documents on cyberthreats and other dangers.

Kendra Kingsbury took home the national security documents over the course of more than a decade, Derek Hawkins reports. Prosecutors did not indicate what Kingsbury’s motive was. The documents she took home also included materials related to al-Qaeda and Osama bin Laden, they said.

Kingsbury’s arraignment is scheduled for June 1. A message left at a listed phone number was not immediately returned this weekend.

“The breadth and depth of classified national security information retained by the defendant for more than a decade is simply astonishing,” Alan E. Kohler Jr., the assistant director of the FBI’s Counterintelligence Division, said in a statement. She is not accused of leaking the documents, which commonly accompanies mishandling classified information.

The ransomware that bedeviled the Irish health-care system has hit more than a dozen U.S. health-care and first responder networks in the past year.

They’re among more than 400 organizations worldwide, including 290 in the United States, that have been hit by the vicious strain of ransomware, the FBI said in an industry alert.

Ireland is still reeling from the attack, which has stalled many non-emergency medical services. The group behind that attack may release sensitive patient information today after Ireland refused to pay a $20 million ransom to the hackers, an Irish official warned. A decryption tool has helped with restoring medical systems, officials said.

India’s national airline said 10 years’ worth of its passenger data was breached.

Information including passport and credit card details were stolen in the breach, which originated with airline IT company SITA Passenger Service System, the Associated Press reports. Air India said 4.5 million passengers globally were affected by the breach, though it did not say how many were its travelers. The airline said no customer passwords were stolen. 

Hackers were in SITA’s systems for 22 days, SITA global head of communications Edna Ayme-Yahil told the Times of India. The company initially said that other major airlines, including Singapore Airlines and Lufthansa, were affected.

Industry report

Global cyberspace

Cyber insecurity

Chat room

The Russian federal government was breached by “cyber mercenaries” working for a foreign country, according to a new report partially written by an organization created by Russia’s Federal Security Service spy agency. Silverado Policy Accelerator executive chairman Dmitri Alperovitch pointed out some issues with that attribution:

Russia has used such claims to brush off allegations by U.S. government officials that its spy agencies hacked the SolarWinds software firm, the 2018 Tokyo Winter Olympics and other targets. FireEye’s Alex Lanstein:

Daybook

  • Retired Gen. Keith Alexander, the former commander of U.S. Cyber Command and director of the NSA, speaks at a cybersecurity conference hosted by the U.S. Chamber of Commerce at 9:15 a.m. on Tuesday.
  • Ben Bernstein, senior special counsel at the Securities and Exchange Commission, discusses cyber governance at a Cyber Crossroads event at 11:35 a.m. on Tuesday.
  • A House Science Committee panel holds a hearing on software supply chain security in the wake of the cyberattack on SolarWinds and other companies on Tuesday at 2 p.m.
  • Former Undersecretary of Defense for Policy Michèle Flournoy, the co-founder of WestExec Advisors, speaks at the Institute for Security and Technology’s Strat-Tech conference at 2:10 p.m. on Tuesday.   
  • Amb. Tobias Feakin, Australia’s cyber ambassador, and a White House official speak at a Center for a New American Security event on Tuesday at 6 p.m.
  • Secretary of Homeland Security Alejandro Mayorkas testifies before House and Senate Appropriations Committee panels at 10 a.m. and 2 p.m. on Wednesday. 
  • Former Director of National Intelligence Adm. Dennis Blair and former Homeland Security Secretary Michael Chertoff speak at a Center for Strategic and International Studies launch event for the Multilateral Cybersecurity Action Committee on May 26 at 2 p.m.
  • The Senate Homeland Security and Governmental Affairs Committee holds a confirmation hearing for top nominees to the Department of Homeland Security on Thursday at 10:15 a.m.
  • Anne Neuberger, the deputy national security adviser for cyber and emerging technology, and Jeffrey Greene, the National Security Council’s acting senior director for cybersecurity, speak at a Center for Strategic and International Studies event on Thursday at 2 p.m.

Secure log off