States seeking help from the Department of Homeland Security (DHS) to guard election systems from hackers could be waiting up to nine months for an advanced screening from the department.
State officials seeking a “risk and vulnerability assessment," or the agency's most thorough security screening, could sit on a DHS waiting list for as many as nine months before DHS officials are able to personally arrive and inspect state election systems.
The wait time is “not a good metric," according to DHS cybersecurity official Christopher Krebs. ”We are working to prioritize.”
The assessment is an extremely close review of state election systems that involves DHS personnel inspecting state elections hardware and software in a multiweek in-person review.
States such as Vermont and Connecticut that have requested the service told Politico that estimates from DHS as to how long the process could take ranged from a few weeks to nine months.
“It’s resource-intensive,” a former official with Pennsylvania's Department of State told Politico. “The reason there’s a waitlist is because a lot of states want it done because they do it at no cost. To have that backlog is a problem, but it’s a good thing states are wanting the service."
The long wait period has drawn criticism from some lawmakers, including Sen. Claire McCaskillClaire Conner McCaskillLobbying world Ex-Rep. Akin dies at 74 Republicans may regret restricting reproductive rights MORE (D-Mo.), who wrote to DHS in October to express concern.
“Given the secretary’s position, I am concerned about reports of nine-month wait times for states and localities to receive some of the more in-depth cyber services DHS provides,” the Missouri Democrat wrote at the time.
States can access a wide range of less-thorough DHS resources for securing local election systems in the meantime, including regular DHS "cyber-hygiene" scans that can take just weeks to implement.
Primary elections in some states occur as early as March of 2018. DHS reported earlier this year that as many as 21 states were hit by Russian hackers in 2016.
-Updated 12:23 p.m.