The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Arizona could face a more than $9 million clean up bill after a partisan election audit

Placeholder while article actions load

with Aaron Schaffer

Arizona’s heading into the red on election security, driven by a partisan audit in Maricopa County and baseless claims by former president Donald Trump and his allies that his election loss wasn’t legitimate. 

The state’s already on the hook for roughly $3 million to replace the county’s voting machines because of concerns the partisan firm conducting the audit, Cyber Ninjas, can’t ensure the machines weren’t infected with malicious software during the process. 

Now, Trump and his allies are pushing hard for the county to hand over routers that will cost an additional $6 million to replace if they similarly can’t be trusted. 

That would be a whopping $9 million for a review that has been roundly pilloried as inept and lacking basic security and methodological controls by election experts, Maricopa County’s own officials and the Arizona secretary of state. 

Top Arizona state Senate officials issued a new subpoena last night demanding the county turn over the routers along with envelopes from all mail-in ballots or images of them and detailed voter registration records, The Associated Press reports. The GOP-controlled state Senate is the main body supporting the audit while Maricopa County's Board of Supervisors, which is also Republican controlled, has firmly opposed it.

Here’s some troubling math: Arizona got just about $16 million for election security in a pair of congressional spending bills in recent years aimed at preventing a repeat of the 2016 election, which was undermined by Russian interference. More than half of that could be lost to cleaning up after the audit.

Just about $3.4 million in federal election security money made its way to Maricopa County during the past three years, according to figures provided by the Arizona Secretary of State's Office. That’s less than one-fifth the cost of damage done by an untrustworthy partisan review. 

It’s a bit like their voting systems were ransomwared and held hostage for $9 million and now they have to find a way to pay for it,” Matt Masterson, a top election adviser to the Cybersecurity and Infrastructure Security Agency during the Trump administration, told me. “Nothing about what’s taking place in Maricopa County right now should be a model for others.”

Cyber Ninjas' CEO Doug Logan was an ardent Trump supporter and has tweeted conspiracy theories supporting him. Maricopa County has already conducted two audits that found the 2020 election result was legitimate. 

Trump hyped up interest in the routers during a speech this weekend in Phoenix. 

The technical concern about routers is they could show machines were connected to the Internet during an election, which would be a major cybersecurity flub. 

But a county spokesperson has said the Cyber Ninjas auditors already have the necessary information to do that check and that a previous independent audit showed the machines weren’t connected. 

There was none of that nuance in Trump’s fevered speech, which included the word “routers” nearly a dozen times in the course of a minute

Here’s the relevant text:

The county has, for whatever reason, also refused to produce the network routers. We want the routers, Sonny, Wendy, we got to get those routers, please. The routers. Come on, Kelly, we can get those routers. Those routers. You know what? We’re so beyond the routers, there’s so many fraudulent votes without the routers. But if you got those routers, what that will show, and they don’t want to give up the routers. They don’t want to give them. They are fighting like hell. Why are these commissioners fighting not to give the routers? How simple could it be? That will tell the truth. What are they trying to hide?

The Arizona Senate appropriated $150,000 for the audit but the full cost is much higher and being borne by private donors. The Senate also agreed to shoulder the cost of replacing the voting machines before forcing the county to turn them over. It might make a similar agreement if routers are turned over. 

That doesn’t reduce the taxpayer cost of replacing the machines, of course. It just shifts it from county to state taxes. 

“One way or another, it sounds like the taxpayer is going to pay for whatever this costs,” Maricopa County Board of Supervisors Chairman Jack Sellers has said. 

The county is running a fact-checking page on the audit here

Giving election equipment to an untrusted third party is about the worst thing you can do from a security perspective.

Election officials typically keep their equipment in locked rooms until it’s brought out for voting or legitimate audits. When the equipment does come out, there are rigorous checks and extensive records about who has access to it, why and for how long to ensure that no one’s monkeying with controls or implanting malicious software. 

In the case of Maricopa County, Cyber Ninjas has a lengthy and documented history of leaving equipment unattended and vulnerable to tampering. 

“They have no idea who had access to these machines or what they did with that access. There’s no ability to fully know what took place,” Masterson, who’s now a non-resident policy fellow with Stanford University’s Internet Observatory, said. 

County officials also fear that other data that resides on the routers could be improperly shared or released, exposing details of confidential law enforcement operations or revealing citizens' personal information, according to a scathing 14-page statement

“We do not believe it prudent to blindly trust your contractors,” the letter states. 

The keys

Lawmakers want the Biden administration to consider sanctioning NSO Group.

The administration should consider export controls and a new sanctions policy against NSO after revelations about the firm’s Pegasus spyware by The Washington Post and 16 media partners, the Democratic lawmakers said, Cristiano Lima reports. Reps. Tom Malinowski (N.J.), Katie Porter (Calif.), Joaquin Castro (Tex.) and Anna G. Eshoo (Calif.) also called for an investigation into potential targeting of Americans and whether U.S. national security has been harmed by the spyware.

NSO Group has repeatedly disputed findings by the Pegasus Project consortium, which found evidence that the spyware targeted journalists and human rights activists around the world.

The lawmakers’ statement was titled “enough is enough,” an echo of an NSO Group news release last week saying the company would no longer respond to journalists’ questions about Pegasus.

A top U.S. diplomat blasted China for hacking.

Deputy Secretary of State Wendy Sherman discussed Chinese cyberattacks in a meeting with top Beijing officials, the State Department said. Sherman’s trip is the highest-level visit to date by a Biden administration official to China, and comes just a week after U.S. and allied officials said China’s Ministry of State Security hacked Microsoft email servers in March.

“This is very serious — that the Ministry of State Security would assist criminals to hack Microsoft and potentially others,” Sherman told the New York Times after her meetings in China. “Such behavior is absolutely irresponsible, reckless and has no place in our world,” she said. 

Chinese Vice Foreign Minister Xie Feng told Sherman that the U.S. is demonizing China as an “imagined enemy,” the country’s foreign ministry said. China says accusations it is involved in cyberattacks are “groundless.”

Kaseya said it didn’t pay a ransom to help customers unlock their data.

The company initially declined to say whether it paid hackers for a decryption key that helped Kaseya and its customers get up and running again, Rachel Lerman reports. But after days of questions, the company issued a new statement confirming that it did not pay hackers for the key.

“We are confirming in no uncertain terms that Kaseya did not pay a ransom either directly or indirectly through a third party to obtain the decryptor,” the company said.

Hill watch

It’s a blockbuster day for cybersecurity on the hill. 

In the Senate, the Commerce Committee is holding a 10 a.m. hearing on pipeline cybersecurity. At the same time Judiciary Committee will hold a hearing on ransomware. The House Oversight and Government Reform Committee will have a 2 p.m. hearing on electrical grid cybersecurity. 

Pegasus fallout

Israel defence minister to visit France to discuss NSO, Iran (Reuters)

Hungarians protest against alleged illegal surveillance with Pegasus spyware (Reuters)

Industry report

As cyberattacks surge, security start-ups reap the rewards (New York Times)

Global cyberspace

Iran's secret cyber files on how cargo ships and gas stations could be attacked (Sky News)

China’s tech regulator orders companies to fix issues related to competition and security (Wall Street Journal)

U.S.-listed Chinese companies must disclose government interference risks -SEC official (Reuters)

Government scan

Judge: Ex-CIA worker can represent himself in espionage case (Associated Press)

Internal documents reveal NSA cafeteria sucks (Motherboard)


  • Homeland Security Secretary Alejandro Mayorkas testifies before the Senate Homeland Security and Governmental Affairs Committee today at 10 a.m.
  • Transportation Security Administration chief David Pekoske and deputy secretary of transportation Polly Trottenberg testify at a Senate Commerce Committee hearing on pipeline cybersecurity today at 10 a.m.
  • The Senate Judiciary Committee holds a hearing on ransomware today at 10 a.m.
  • A House Oversight and Reform Committee panel holds a hearing on electrical grid cybersecurity today at 2 p.m.
  • Deputy national security adviser Anne Neuberger and top Australian, Indian and Japanese officials speak at the Quad Open RAN Forum on Wednesday at 8 a.m.
  • Homeland Security and cybersecurity officials are set to speak on the second day of the Building Resilience Through Private-Public Partnerships Conference on Wednesday.
  • The House Armed Services Committee’s cybersecurity subcommittee discusses the annual defense authorization bill on Wednesday at 10 a.m.
  • The House Committee on House Administration holds a hearing on election subversion and integrity on Wednesday at noon.
  • Palo Alto Networks hosts an event on the Technology Modernization Fund on Wednesday at 2 p.m.
  • Mayorkas delivers his State of Homeland Security address on Thursday at 10 a.m.
  • A House Homeland Security Committee panel holds a hearing on the cybersecurity workforce on Thursday at 10 a.m. 
  • Former CISA director Chris Krebs speaks at a Washington Post Live event on Thursday at 3:30 p.m.

Secure log off