With that wait time, some states might not get the service until weeks before the Nov. 2018 midterm elections, which would keep them unaware of system flaws that could provide openings for hackers and cyber vandals, Politico noted.
DHS’ “risk and vulnerability assessment” includes the agency’s personnel doing an in-person multi-week probing of the system required to run a local election, according to the website.
“We are working to prioritize,” said Christopher Krebs, a DHS official involved in election security efforts, Politico reported. Krebs also acknowledged that the wait was “not a good metric.”
DHS says that Russian hackers targeted at least 21 states during the 2016 election, the report said.
Pennsylvania is the only state that received a full-scale assessment before the 2016 election.
“It was actually pretty extensive,” said Marian Schneider, who at the time was deputy secretary for Pennsylvania’s State Department.
“The reason there’s a waitlist is because a lot of states want it done because they do it at no cost. To have that backlog is a problem, but it’s a good thing states are wanting the service,” Schneider said in Politico’s report.
“The fact they might have to wait until third quarter of 2018 — it’s not great, but they should get on the waitlist,” Schneider added.
DHS has other security options that are more easily implemented, such as “cyber hygiene” scans that do remote probes of election systems and report vulnerabilities. Those take a week or two to schedule, and 31 states already receive them, the report said.
Other options include a cyber resilience review helps local election officials conduct their own assessment, and a cyber infrastructure survey which involves an informal interview with an expert, Politico reported.
While Congress has not passed any bills to directly address election security, Sens. James Lankford, R-Okla., and Amy Klobuchar, D-Minn., have presented a bipartisan bill aimed at shoring up U.S. voting systems.