The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Election denier Tina Peters is on the ballot today

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Good morning and happy Tuesday! Today's my first day writing The Cybersecurity 202 in a while; send me suggestions and story ideas (I'll also accept dog videos):

Below: An Iranian steel firm says it was targeted by hackers, and House Speaker Nancy Pelosi calls for legislation to protect “women’s most intimate” data.

Election security has become a 2022 campaign issue. Today, it faces its biggest test yet.

Today, Colorado voters will decide whether to select Mesa County Clerk Tina Peters as the Republican nominee for secretary of state, Colorado’s top election officer. 

It’s an election that could roil the world of election security. Peters is facing criminal charges for an alleged security breach and is one of the highest-profile examples of an election official becoming an alleged “insider threat” after apparently facilitating a breach of voting equipment.

The primary is an early but significant test: It could indicate whether voters sympathize with officials who have been parroting debunked election-related conspiracy theories — and attempting to prove those theories by seeking evidence within voting machines.

  • “I think Tina Peters is unfit to serve as secretary of state and a threat to American democracy, someone who has already been found by a civil court to have taken actions to compromise her own voting equipment, who has been arrested two times and is under 10 counts of criminal indictment by a grand jury, is unfit to oversee elections,” Colorado Secretary of State Jena Griswold (D) told me. 

Griswold, who is running unopposed today and has called Peters an “insider threat,” will face Peters or one of her Republican rivals in November. 

Peters has insisted she’s innocent and that the charges against her are politically motivated. “The things I’ve been accused of are pretty laughable,” Peters said at a Republican event with two campaign rivals last month.

  • “Nothing’s going to come of it, no rules were broken, no laws were broken,” she added. Peters’s campaign did not respond to a request for comment on the indictment and the accusations that she is an insider threat.
From breach to indictment

Peters is facing criminal charges in connection with a 2021 breach of Dominion voting machines. Authorities had been investigating her since August 2021, when data from Mesa County voting machines popped up at an event hosted by conspiracy theorist and election denier Mike Lindell.

  • “In an 18-page indictment, a county grand jury accused Peters of sneaking someone who was not a county employee into secure areas of her office in May, before and during a manual update of Dominion voting machines known as a ‘trusted build,’ ” my colleague Emma Brown wrote in March. “She is accused of devising a scheme to allow that person to use a security badge assigned to another person.”

Peters’s arraignment has been delayed until at least August. But the accusations have cast a cloud over today’s primary, and a judge has even barred Peters from overseeing 2022 elections in Mesa County because of the charges.

She has also run up quite a bill. Mesa County has had to pay more than $900,000 to replace computers, do a hand count of 2021 election votes, and pay for overtime for workers who have had to do work that Peters and her deputy were supposed to, among other things, county officials told the Grand Junction Daily Sentinel. 

More on Peters: Voters elected Peters to be Mesa County clerk in 2018. County voters backed then-president Donald Trump by a roughly 2-to-1 margin over Joe Biden. But Biden won Colorado by 13 percentage points. 

  • The 2020 election was “extremely successful, holding true to our state’s high standards of election turnout, accessibility and security,” Griswold said in November 2020.

Peters has two challengers who have taken differing positions on the legitimacy of the 2020 election.

  • Pam Anderson, a former county clerk, has said elections in Colorado are secure and fair, Axios reported
  • Another challenger, Mike O’Donnell, says he “can’t say yes or no” about whether the 2020 election was stolen, the Colorado Sun reports.
Insider threats and election deniers

Peters is far from the only election official who has been investigated over a security breach related to the 2020 election, though she was the first to face criminal charges relating to 2020 election conspiracy theories.

Authorities have investigated post-2020 election breaches across the country, Reuters reported in April.

  • The FBI has investigated an attempted breach in Ohio that had similarities to Peters’s case, my colleagues reported in November.
  • Michigan state police have gotten warrants to seize election equipment and records in three towns and one county amid investigations of breaches of voting machines, Reuters reported.

Election deniers have also advanced to general elections for secretary of state beyond Colorado. In Michigan and New Mexico, election deniers will be on the ballot in November.

“If they’re continuing to maintain the 2020 election was stolen or rigged after everything we’ve seen from intelligence agencies and election officials, it’s fair to ask if they’d be willing to bend or break the rules when they’re overseeing elections,” David Levine, elections integrity fellow at the Alliance for Securing Democracy, previously told The Cybersecurity 202. 

The keys

Iranian steel firm halts production after apparent hacking attempt

State-owned Khuzestan Steel Co. stopped factory work “due to technical problems” following the “cyberattacks,” which it said ultimately weren’t successful, the chief executive of the firm said, noting that he expected the factory to be back to normal by the end of Monday. Two other steel facilities were apparently targeted, the Associated Press’s Isabel Debre reports.

A hacking group said it targeted the facilities in response to the “aggression of the Islamic Republic.” Iran’s government didn’t acknowledge a disruption of Khuzestan Steel’s operations, and it hasn’t said who was behind the hacking attempts. Details of the incidents remain murky.

The group that said it was behind the incident has a history; last year, it said it targeted Iran’s railways, CyberScoop’s AJ Vicens reports. In the past year, hackers have also targeted Iran’s gas subsidy service, the country’s state broadcaster and the country’s notorious Evin Prison. It’s not clear if those hacks are related.

Pelosi calls for legislation to protect ‘women’s most intimate’ data post-Roe

In response to the Supreme Court decision overturning federal abortion rights, House Speaker Nancy Pelosi (D-Calif.) said in a letter to colleagues that her caucus is considering legislation that “[p]rotects women’s most intimate and personal data stored in reproductive health apps.”

“Many fear that this information could be used against women by a sinister prosecutor in a state that criminalizes abortion,” Pelosi added, singling it out as a top issue.

Other top Democratic officials including aides to Senate Commerce Chairwoman Maria Cantwell (D-Wash.) are pushing to expand protections for reproductive health data and other sensitive information in the wake of the ruling striking down Roe v. Wade, as my colleague Cristiano Lima reported Monday. The issue could emerge as a sticking point as lawmakers look to hash out a bipartisan privacy deal with Republicans, who largely oppose abortion.

Pro-Russia hackers direct ire at Lithuanian sites

Pro-Russia hacktivist group Killnet said they were overwhelming Lithuania’s public services with fake internet traffic in retaliation for Lithuania not allowing Russian goods under E.U. sanctions to go to Russian exclave Kaliningrad, Politico Europe’s Antoaneta Roussi and Laurens Cerulus report. The group said the attacks would continue if Vilnius doesn’t allow goods to move to Kaliningrad.

Lithuanian officials last week saw an uptick in the attacks, which are known as distributed denial-of-service (DDoS) attacks, the country’s cybersecurity agency said. The attacks have thus far had “limited success,” and authorities have been able to bring downed websites back up, Vice Minister Margiris Abukevičius said, according to Politico.

Still, authorities are warning about the prospect of the hackers launching waves of malicious traffic. “It is highly probable that such or even more intense attacks will continue into the coming days, especially against the communications, energy and financial sectors,” Jonas Skardinskas, the acting director of the agency, said in a statement

Securing the ballot

With violent rhetoric and election denial, podcaster becomes GOP force (Rosalind S. Helderman)

Global cyberspace

EY valued NSO Group at $2.3bn months before emergency bailout (Financial Times)

South Korean military to join US-led major, multinational cyber exercise for first time (The Korea Herald)

Russian espionage ‘booming’ in Switzerland, intelligence chiefs warn (Financial Times)

Venezuela tapped 1.5 million phone lines. That’s just the start, experts warn. (By María Luisa Paúl)

Government scan

State Department cyber strategy emphasizes proactively hunting for threats (CyberScoop)

Hill happenings

GOP senators press Biden administration on TikTok security concerns (The Hill)

Privacy patch

Australian retailer pauses facial recognition trial over privacy complaint (Reuters)


  • DHS Assistant Secretary for Cyber, Infrastructure, Risk and Resilience Iranga Kahangama and CISA Deputy Executive Assistant Director for Cybersecurity Matt Hartman speak at a House hearing on ransomware today at 11 a.m.
  • A House Science Committee panel holds a hearing on “privacy in the age of biometrics” Wednesday at 11 a.m.
  • Director of National Intelligence Avril Haines and Deputy Attorney General Lisa Monaco speak at an event hosted by the Silverado Policy Accelerator and Google on Wednesday at 5:30 p.m.
  • CISA Director Jen Easterly speaks at the opening of the U.S. Cyber Open on Thursday.

Secure log off

Thanks for reading. See you tomorrow.