is a senior policy reporter at The Verge, covering the intersection of Silicon Valley and Capitol Hill. She spent 5 years covering tech policy at CNBC, writing about antitrust, privacy, and content moderation reform.
It was late June, and something strange was happening on Arizona’s online portal for political candidates. Images of the candidates were disappearing. Photos of the Iranian Ayatollah Ruhollah Khomeini were popping up in their place. The state would later come to believe it was an attack from an Iranian government-affiliated group. When they first discovered the threat, though, they were in the dark — and they needed help.
Arizona Secretary of State Adrian Fontes’ office took action to contain the threat, which he says did not impact personal voter information. But one thing he didn’t do was contact the federal agency that would have once been among Fontes’ first calls: the Cybersecurity and Infrastructure Security Agency (CISA).
CISA, housed within the Department of Homeland Security (DHS), is America’s central coordinator of cybersecurity information. The agency helps organizations that run critical infrastructure ranging from elections to sanitation prepare for cyber and physical threats, and helps streamline the response to attacks when they arise.
Are you a current or former CISA employee, or do you work for a critical infrastructure organization? Reach out securely and anonymously with tips from a non-work device to Lauren Feiner via Signal at laurenfeiner.64.
Normally, Fontes would have been in regular contact with CISA, even before the attack. The agency has helped Arizona create emergency preparedness workshops for Election Day threats. Its staff would physically inspect election-related buildings, offering recommendations to make them more secure. When Arizona’s polling locations received bomb threats during the 2024 election, Fontes tells The Verge in an interview, the state got intel on the situation “instantaneously” from CISA and only had to delay one polling location by 20 minutes. “We were prepared mostly by the help of folks like CISA, and they would grease the skids between all of the other federal organizations,” Fontes says. The same should have been true for the Iran-linked hack.
“How can I reveal security information that’s very sensitive in nature, that could be very easily exploited for political means, with an agency that’s been gutted and politicized?”
But under Trump, Fontes says, many of the CISA staffers his office regularly worked with have left, while Trump loyalists have taken up key posts at DHS. Its election integrity team is led by right-wing activist Heather Honey, who has promoted conspiracy theories about voting fraud. “How can I reveal security information that’s very sensitive in nature, that could be very easily exploited for political means, with an agency that’s been gutted and politicized?” Fontes says. “It would be foolish of me to do that.”
Fontes says that after discovering the candidate portal attack, his office contacted the National Guard and Arizona’s Counter Terrorism Information Center, which has contact with federal agencies — but he excluded CISA as much as possible. The decision underscores how much trust the agency has lost. It also reveals a disconcerting threat to America’s cyber defenses.
CISA’s value comes from its bird’s-eye view of cybersecurity. It can centralize intelligence about threats and provide recommendations based on them, along with helping less sophisticated players with training and preparation. And the agency deals with far more than elections. It focuses on critical infrastructure like water and transit systems, which experts have warned for years could be vulnerable to cyberattacks. When Microsoft Exchange Online was breached in 2023 by what the US determined to be China-affiliated hackers, “CISA was a central point for information sharing” across federal agencies and looked for other compromised areas, according to a report detailing the response.
... continue reading