In May, Maricopa County Sheriff Paul Penzone said requests by the Arizona Senate’s audit team to review routers used by the county’s election department would “jeopardize the entire mission of the Maricopa County Sheriff’s Office,” although he did not provide a more detailed explanation.
The sheriff’s concerns were shared at the time by Maricopa County Attorney Alister Adel, who advised the county’s board of supervisors to deny access to the subpoenaed routers. Adel insisted that if “criminal elements” gained access to the router data “it might compromise county and federal law enforcement efforts and put the lives of law enforcement personnel at risk.”
Last month the Maricopa County Board of Supervisors agreed in principle to pay the cost for former U.S. Rep. John Shadegg to act as intermediaries to ask the Senate’s questions about the routers and Splunk logs showing internet activities. Shadegg’s services contract was finally released earlier this week showing the county will pay $500 an hour for his services plus an undetermined amount for up to three IT assistants.
It is hoped that information about the county’s routers will start to become available for the Senate in a few weeks.
But Penzone’s earlier and very public concern that reviewing routers used by the county’s election staff would have “horrendous consequences” and “negative impact on public safety” continues to raise eyebrows. And it is renewing interest in a time not so long ago when government officials did not pay as much attention to cybersecurity issues.
Such as in 2007 when several Chinese nationals -with the support of top deputies working for then-Maricopa County Sheriff Joe Arpaio- held positions in an Arizona company contracted to work at the Arizona Counter Terrorism Information Center.
The stated purpose of the Arizona Counter Terrorism Information Center, established in 2004 as a joint effort by Arizona Department of Public Safety (DPS), the Arizona Department of Homeland Security, the FBI, and other agencies, is to support Arizona’s homeland security efforts by providing intelligence, investigative, and technical support to multiple local, state, tribal, and federal law enforcement agencies.
But in 2007, something went wrong.
Chinese emigrant Xunmei “Grace” Li helped another Chinese national, Lizhong Fan, land a computer job with Hummingbird Defense Systems, a facial recognition company owned by Li’s boyfriend, Steve Greschner.
For her part, Li came to the United States from China in 1994 and received a green card the next year. She would later become romantically involved with Greschner, who agreed to hire Fan in 2007.
The job Fan held provided him access to the Arizona Counter Terrorism Information Center. A few months later, Fan unexpectedly boarded a plane back to China with what the FBI described simply as “computer equipment.” What the equipment consisted of and what data was stored on that equipment is still unknown to the public, as court documents are either sealed or heavily redacted.
After Fan’s departure, it was not long before Li came under federal investigation as a possible spy. Li was convicted in 2009 of immigration fraud, part of which involved her failure to disclose the fact she was married to two men at once, including Gang Chen, a Chinese man who became Greschner’s business partner.
READ MORE ABOUT GRACE LI: Why Hasn’t The U.S. Deported Xunmei Grace Li
Chen was eventually deported, but cybersecurity experts have long noted Li and the Chinese men would have never had access to Arizona’s top counter terrorism agency without the help of top officials of the Maricopa County Sheriff’s Office.
In 2006, then-Sheriff Joe Arpaio’s chief deputy David Hendershott traveled with Li and Greschner to China. That is the same year MCSO contracted Hummingbird Defense Systems for a facial recognition program to assist Arpaio’s law enforcement efforts.
Little is known about what access Hummingbird Defense had to Maricopa County’s computer systems. But with support of MCSO, Greschner got a contract at the Arizona Counter Terrorism Information Center, giving Hummingbird Defense Systems employees access to the building and state databases such as the one containing ADOT’s nearly 15 million drivers’ license photographs, as well as law enforcement databases containing national data such as mugshots and non-public arrest warrants.
Questions still circulate among cybersecurity officials about whether Maricopa County officials did enough after the Hummingbird Defense scandal to block and identify outside attempts to access its computers, attempts which may have been possible due to vulnerabilities discovered by the Chinese.
More recently, the FBI is investigating a confirmed cyberattack of the Maricopa County Election Department voter database during the 2020 General Election.
It is unknown what information Shadegg’s team will learn about the county’s routers for the Senate Audit team, but there is a growing sentiment that state officials need to do more to ensure local and county public bodies do more to implement best practices to protect against cyberattacks.
Which is one reason many government watchers welcomed the announcement earlier this month that Gov. Doug Ducey is launching the Arizona Cyber Command Center.
“This new command center will be critical in protecting Arizonans and ensuring our cyber infrastructure remains safe and secure,” Ducey said during an Oct. 4 ceremony at the Arizona Counter Terrorism Information Center.
The plan is for the Cyber Command Center to be utilized as the central location for cybersecurity professionals working for local, state, and federal agencies to prevent and respond to cyberattacks. State agencies will also use the center to increase information sharing between one another, the governor’s office says.