Votebeat is a nonprofit news organization reporting on voting access and election administration across the U.S. Sign up for Votebeat Arizona’s free newsletter here.
After a hacker broke into the Arizona Secretary of State’s election website, the state’s U.S. senators are asking the U.S. Department of Homeland Security what kind of election cybersecurity support it’s offering state and local governments.
Sens. Ruben Gallego and Mark Kelly, both Democrats, sent a letter Friday to Homeland Security Secretary Kristi Noem telling her it was “deeply troubling” to hear from Arizona officials that they no longer trust the department’s Cybersecurity and Infrastructure Security Agency to help them during cyberattacks, because of the administration’s recent cuts and changes to the agency.
“We would welcome the opportunity to discuss how DHS can strengthen coordination with Arizona officials ahead of future elections,” Gallego and Kelly wrote. “Protecting our election infrastructure must be above politics.”
The Department of Homeland Security did not immediately respond to a request for comment about the letter.
President Donald Trump and his allies have made election security a big theme of their campaign and political rhetoric. But earlier this year, the Trump administration halted CISA’s election security activities, cut staff, reduced the agency’s budget, and stopped funding a nationwide election security monitoring service for state and local election officials.
In Arizona, the Secretary of State’s Office had long received cybersecurity intelligence, technical support, and incident response from CISA, but that is now gone, along with a designated cybersecurity staff contact. Secretary of State Adrian Fontes personally wrote to Noem to raise concerns about these cuts, and “was dismissed outright,” he told Votebeat earlier.
The cyberattack on the Arizona Secretary of State’s election website occurred in late June, when a hacker gained access to a server and changed candidate profile photos that appeared alongside results for the past several election cycles. The hacker changed all of the photos to a red and black image of Ayatollah Ruhollah Khomeini, leader of the 1979 revolution that established Iran as an Islamic republic. State officials said they suspected Iranian involvement in the attack, which targeted other agencies and states and occurred soon after a U.S. bombing of Iran.
The hacker did not access the voter rolls or the server that stores election results, both of which are separate from the server that hosts the website. But the attacker was persistent, and it took about a week to beat back the attack.
Fontes’ staff called the Arizona Department of Homeland Security and the National Guard’s cybersecurity team for support, but did not immediately contact CISA.
“Given their recent conduct and broader trends at the federal level, we’ve lost confidence in their capacity to collaborate in good faith — or to prioritize national security over political theater,” Fontes told Votebeat at the time.
Gallego and Kelly wrote that the successful attack on the website “raised serious questions about the capacity of foreign adversaries to disrupt American democratic processes.”
They asked Noem to respond to a series of questions, including what steps the department had taken to rebuild CISA’s trust and engagement with state and local election officials; whether the department intends to restore the staff and programs it cut; and whether the department still considers election systems to be “critical infrastructure.”
Jen Fifield is a reporter for Votebeat based in Arizona. Contact Jen at jfifield@votebeat.org.
