WASHINGTON – In response to Russian meddling in the 2016 presidential election, 16 states asked the Department of Homeland Security to review the security of their voting systems, and five reviews have been completed, a DHS official said Wednesday.
Sen. Kamala Harris, D-Calif., pressed DHS Assistant Secretary for Infrastructure Protection Christopher Krebs to ensure election cybersecurity assessments are completed before the primary elections for Congress this year.
Krebs said five states have received reviews and 11 are in the queue. He estimated all assessments — which are voluntary — would be completed sometime in April.
DHS spokesman Scott McConnell said in an email that the department cannot reveal the states that requested assessments because DHS keeps cybersecurity information confidential and defers “to each state whether to disclose information about its own networks.”
Some states like Texas have midterm primaries as early as March 6. Krebs said he wasn’t sure if all states that requested assessments would receive them before their primary elections.
“I’m concerned that you don’t know the timeline, given that we had unanimous consensus among our intelligence community that Russia interfered in the election,” Harris said. “It seems to me that this would be a high priority in the Department of Homeland Security.”
The Department of Homeland Security in January 2017 declared elections to be “critical infrastructure” to protect polling places and voter machines. Sectors considered vital to the country’s security or economy are labeled “critical” so elections are in the same category as energy and emergency services.
Georgia Secretary of State Brian Kemp slammed the designation in a Facebook post at the time, calling it “provocative but predictable” and vowed to “continue to fight to keep election systems under the control of state government where it belongs.”
DHS Secretary Jeh Johnson defended the “critical” label at the time, saying in a statement it “does not mean a federal takeover, regulation, oversight or intrusion concerning elections in this country.”
Krebs mentioned at the DHS round table on Wednesday that some states like South Carolina have the capabilities to conduct their own cybersecurity assessments.
In September, the federal government told 21 states that hackers targeted their systems before the 2016 presidential election. Some battleground states like Florida, Pennsylvania and Ohio, as well as predictably Democratic states like California or Republican states like Texas were on the list. DHS did not disclose whether any of those states requested assessments.