When Arizona discovered in June that its website for politicians to file as candidates had been hacked, Secretary of State Adrian Fontes did something that would have been unthinkable in the past two presidential administrations: He kept the feds in the dark.
Hackers had replaced past candidates’ photos with that of Iran’s former supreme leader, Ayatollah Ruhollah Khomeini. Such website defacements are relatively common and are often crimes of opportunity, where hackers spot a flaw they can exploit and use it to draw attention to their cause without doing serious damage. Arizona took the portal offline and remedied the issue.
Still, an attack by pro-Iranian hackers is something to note, the kind of thing that secretaries of state and cybersecurity experts share in order to keep colleagues aware of ongoing threats. But in this political climate, Fontes decided it was best to handle on his own.
“The political theater that we’ve seen out of the Department of Homeland Security, I don’t want that anywhere near my security operations,” he said. “I don’t want that anywhere near my Threat Assessment operations. I don’t want that anywhere near my technicians or the folks who are actually doing the hard work keeping us and our system safe.”
Fontes’ decision highlights a major concern around cybersecurity cooperation and election security in the second Trump administration. Cuts to the federal government’s election security work and the politicization of Homeland Security have left some state election heads unsure of how they would work with the federal government if they are hacked. Experts say that a lack of communication could lead to more and worse hacks surrounding elections.
“The challenge in the wake of the evisceration of election security funding by the Trump administration is that it is unclear who to call at [the Cybersecurity and Infrastructure Agency] to share this information and what resources are still available,” Shenna Bellows, the secretary of state of Maine, told NBC News. Bellows and Fontes are Democrats.
The Cybersecurity and Infrastructure Agency (CISA), created in 2018 in the first Trump administration as part of the Department of Homeland Security to protect crucial services from hackers, has emerged in recent years as the clearinghouse for election officials to share cybersecurity information. But things have changed in the second Trump administration, which has cut most of CISA’s election security services and has sought to punish its first director for openly defying the president, particularly around election fraud claims.
Three state election heads and a former CISA official who spoke to NBC News said it’s clear the agency is no longer as effective in protecting U.S. elections.
“You’re hanging states out to dry, basically, to let them fend for themselves,” said Pam Smith, the president of Verified Voting, a nonpartisan nonprofit devoted to providing election officials with resources for their jobs.
“If you do that, I don’t think you can expect that people will share,” she said. “That sort of trusted relationship is essentially broken. That’s not to say that it couldn’t be rebuilt, but it would require some evidence that they’ve got your back.”
Bellows said that it was unclear how helpful the agency will be going forward or even if it can help.
“It’s not that I don’t know the names of appointees in certain titles,” Bellows said. “But the people doing the work on the ground over the last four years, many of them were fired, and funding for core election cybersecurity services has been eliminated.”
Phil McGrane, Idaho’s secretary of state and a Republican, said the lack of resources at CISA is clear, leaving state officials to figure out a new way forward.
“As a community, we’re going through a process right now trying to determine, ‘All right, what does this look like moving forward? How much do the states pick up and do some of this work and provide services to their offices?’” he told NBC News.
The Trump administration has cut most election security resources from CISA, which before this year had worked to beef up trust with state and local election officials. A CISA spokesperson declined to tell NBC News if any dedicated election security officials still worked at the agency, citing a policy of not discussing personnel matters. The agency also cut funding for the EI-ISAC, a threat information sharing program for election officials.
Election officials are still able to receive CISA’s general warnings of cyberthreats, like the recent flaw in Microsoft’s SharePoint platform. In an emailed statement, a DHS spokesperson said: “The integrity and security of our nation’s elections systems are non-negotiable. We look forward to working with Arizona to continue making sure their citizens get what they deserve — secure and transparent elections.”
The White House did not respond to a request for comment.
In the Biden administration and during Trump’s first term, CISA was the central hub for election cyber information. It may not have been able to keep a state like Arizona from being hacked, but it could have quickly sounded the alarm if it were, minimizing the chance that other states fell to the same tactics. CISA also had open channels with intelligence agencies like the FBI and National Security Agency to get advance warning of what foreign intelligence agencies were planning, information not generally available to local election officials.
But CISA caught Trump and his allies’ ire in 2020 when it publicly rebutted false claims about elections being rigged or stolen, countering Trump’s insistence that he had actually won that year’s election. Since retaking the presidency, Trump has called for the agency’s director in his first term, Christopher Krebs, to be investigated despite no public evidence of wrongdoing, a move that has disheartened and upset agency employees.
One former CISA official, who requested to not be publicly identified because of the current political atmosphere around the agency, said open communication between the agency and states was fundamental to how the government protected elections from hackers.
“Encouraging voluntary information sharing during incidents was so vital to the whole enterprise, and that appears to be severely degraded,” he told NBC News. “Less complete information and slower response means potentially more victims and more disruptive impact.”
“We would have been all over this. “We’d want to know, is there a foreign nexus?” he said about the Arizona hack. “What else did they try to get into? Was it in other states? Did compromises occur elsewhere? There would be people looking at [reports], working with federal and industry partners, trying to figure out how widespread or isolated it was. Was it targeting elections, was it broader?” he said.
Voting machines are generally not directly connected to the internet, and the likelihood of a hacker remotely changing official results is extremely low. The vast majority of voting machines in the U.S. now use paper ballots, which the voter can verify and which can be audited.
But many other election-related systems are online, and hackers can theoretically exploit them to make it more difficult for people to vote or to sow chaos around unofficial results as they come in.
Smith, the head of Verified Voting, questioned why the cuts to election security happened in the first place.
“The most important thing is that relational trust got broken,” she said. “You slash funding for important threat sharing centers. You cut whole teams of people whose job it was to support election officials and their work.
“There’s no sign of any explanation about why all of that is necessary, or prudent, or helpful,” she added.
