President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as CISA is facing huge funding and staffing cuts.
Chris Krebs. Image: Getty Images.
The extraordinary April 9 memo directs the attorney general to investigate Chris Krebs (no relation), calling him “a significant bad-faith actor who weaponized and abused his government authority.”
The memo said the inquiry will include “a comprehensive evaluation of all of CISA’s activities over the last 6 years and will identify any instances where Krebs’ or CISA’s conduct appears to be contrary to the administration’s commitment to free speech and ending federal censorship, including whether Krebs’ conduct was contrary to suitability standards for federal employees or involved the unauthorized dissemination of classified information.”
CISA was created in 2018 during Trump’s first term, with Krebs installed as its first director. In 2020, CISA launched Rumor Control, a website that sought to rebut disinformation swirling around the 2020 election.
That effort ran directly counter to Trump’s claims that he lost the election because it was somehow hacked and stolen. The Trump campaign and its supporters filed at least 62 lawsuits contesting the election, vote counting, and vote certification in nine states, and nearly all of those cases were dismissed or dropped for lack of evidence or standing.
When the Justice Department began prosecuting people who violently attacked the U.S. Capitol on January 6, 2021, President Trump and Republican leaders shifted the narrative, claiming that Trump lost the election because the previous administration had censored conservative voices on social media.
Incredibly, the president’s memo seeking to ostracize Krebs stands reality on its head, accusing Krebs of promoting the censorship of election information, “including known risks associated with certain voting practices.” Trump also alleged that Krebs “falsely and baselessly denied that the 2020 election was rigged and stolen, including by inappropriately and categorically dismissing widespread election malfeasance and serious vulnerabilities with voting machines” [emphasis added].
Krebs did not respond to a request for comment. SentinelOne issued a statement saying it would cooperate in any review of security clearances held by its personnel, which is currently fewer than 10 employees.
Krebs’s former agency is now facing steep budget and staff reductions. The Record reports that CISA is looking to remove some 1,300 people by cutting about half its full-time staff and another 40% of its contractors.
“The agency’s National Risk Management Center, which serves as a hub analyzing risks to cyber and critical infrastructure, is expected to see significant cuts, said two sources familiar with the plans,” The Record’s Suzanne Smalley wrote. “Some of the office’s systematic risk responsibilities will potentially be moved to the agency’s Cybersecurity Division, according to one of the sources.”
CNN reports the Trump administration is also advancing plans to strip civil service protections from 80% of the remaining CISA employees, potentially allowing them to be fired for political reasons.
The Electronic Frontier Foundation (EFF) urged professionals in the cybersecurity community to defend Krebs and SentinelOne, noting that other security companies and professionals could be the next victims of Trump’s efforts to politicize cybersecurity.
“The White House must not be given free reign to turn cybersecurity professionals into political scapegoats,” the EFF wrote. “It is critical that the cybersecurity community now join together to denounce this chilling attack on free speech and rally behind Krebs and SentinelOne rather than cowering because they fear they will be next.”
However, Reuters said it found little sign of industry support for Krebs or SentinelOne, and that many security professionals are concerned about potentially being targeted if they speak out.
“Reuters contacted 33 of the largest U.S. cybersecurity companies, including tech companies and professional services firms with large cybersecurity practices, and three industry groups, for comment on Trump’s action against SentinelOne,” wrote Raphael Satter and A.J. Vicens. “Only one offered comment on Trump’s action. The rest declined, did not respond or did not answer questions.”
CYBERCOM-PLICATIONS
On April 3, President Trump fired Gen. Timothy Haugh, the head of the National Security Agency (NSA) and the U.S. Cyber Command, as well as Haugh’s deputy, Wendy Noble. The president did so immediately after meeting in the Oval Office with far-right conspiracy theorist Laura Loomer, who reportedly urged their dismissal. Speaking to reporters on Air Force One after news of the firings broke, Trump questioned Haugh’s loyalty.
Gen. Timothy Haugh. Image: C-SPAN.
Virginia Senator Mark Warner, the top Democrat on the Senate Intelligence Committee, called it inexplicable that the administration would remove the senior leaders of NSA-CYBERCOM without cause or warning, and risk disrupting critical ongoing intelligence operations.
“It is astonishing, too, that President Trump would fire the nonpartisan, experienced leader of the National Security Agency while still failing to hold any member of his team accountable for leaking classified information on a commercial messaging app – even as he apparently takes staffing direction on national security from a discredited conspiracy theorist in the Oval Office,” Warner said in a statement.
On Feb. 28, The Record’s Martin Matishak cited three sources saying Defense Secretary Pete Hegseth ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions. The following day, The Guardian reported that analysts at CISA were verbally informed that they were not to follow or report on Russian threats, even though this had previously been a main focus for the agency.
A follow-up story from The Washington Post cited officials saying Cyber Command had received an order to halt active operations against Russia, but that the pause was intended to last only as long as negotiations with Russia continue.
The Department of Defense responded on Twitter/X that Hegseth had “neither canceled nor delayed any cyber operations directed against malicious Russian targets and there has been no stand-down order whatsoever from that priority.”
But on March 19, Reuters reported several U.S. national security agencies have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks.
“Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies, including with the FBI, the Department of Homeland Security and the State Department,” Reuters reported, citing current and former officials.
TARIFFS VS TYPHOONS
President’s Trump’s institution of 125% tariffs on goods from China has seen Beijing strike back with 84 percent tariffs on U.S. imports. Now, some security experts are warning that the trade war could spill over into a cyber conflict, given China’s successful efforts to burrow into America’s critical infrastructure networks.
Over the past year, a number of Chinese government-backed digital intrusions have come into focus, including a sprawling espionage campaign involving the compromise of at least nine U.S. telecommunications providers. Dubbed “Salt Typhoon” by Microsoft, these telecom intrusions were pervasive enough that CISA and the FBI in December 2024 warned Americans against communicating sensitive information over phone networks, urging people instead to use encrypted messaging apps (like Signal).
The other broad ranging China-backed campaign is known as “Volt Typhoon,” which CISA described as “state-sponsored cyber actors seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.”
Responsibility for determining the root causes of the Salt Typhoon security debacle fell to the Cyber Safety Review Board (CSRB), a nonpartisan government entity established in February 2022 with a mandate to investigate the security failures behind major cybersecurity events. But on his first full day back in the White House, President Trump dismissed all 15 CSRB advisory committee members — likely because those advisers included Chris Krebs.
Last week, Sen. Ron Wyden (D-Ore.) placed a hold on Trump’s nominee to lead CISA, saying the hold would continue unless the agency published a report on the telecom industry hacks, as promised.
“CISA’s multi-year cover up of the phone companies’ negligent cybersecurity has real consequences,” Wyden said in a statement. “Congress and the American people have a right to read this report.”
The Wall Street Journal reported last week Chinese officials acknowledged in a secret December meeting that Beijing was behind the widespread telecom industry compromises.
“The Chinese official’s remarks at the December meeting were indirect and somewhat ambiguous, but most of the American delegation in the room interpreted it as a tacit admission and a warning to the U.S. about Taiwan,” The Journal’s Dustin Volz wrote, citing a former U.S. official familiar with the meeting.
Meanwhile, China continues to take advantage of the mass firings of federal workers. On April 9, the National Counterintelligence and Security Center warned (PDF) that Chinese intelligence entities are pursuing an online effort to recruit recently laid-off U.S. employees.
“Foreign intelligence entities, particularly those in China, are targeting current and former U.S. government (USG) employees for recruitment by posing as consulting firms, corporate headhunters, think tanks, and other entities on social and professional networking sites,” the alert warns. “Their deceptive online job offers, and other virtual approaches, have become more sophisticated in targeting unwitting individuals with USG backgrounds seeking new employment.”
Image: Dni.gov
ELECTION THREATS
As Reuters notes, the FBI last month ended an effort to counter interference in U.S. elections by foreign adversaries including Russia, and put on leave staff working on the issue at the Department of Homeland Security.
Meanwhile, the U.S. Senate is now considering a House-passed bill dubbed the “Safeguard American Voter Eligibility (SAVE) Act,” which would order states to obtain proof of citizenship, such as a passport or a birth certificate, in person from those seeking to register to vote.
Critics say the SAVE Act could disenfranchise millions of voters and discourage eligible voters from registering to vote. What’s more, documented cases of voter fraud are few and far between, as is voting by non-citizens. Even the conservative Heritage Foundation acknowledges as much: An interactive “election fraud map” published by Heritage lists just 1,576 convictions or findings of voter fraud between 1982 and the present day.
Nevertheless, the GOP-led House passed the SAVE Act with the help of four Democrats. Its passage in the Senate will require support from at least seven Democrats, Newsweek writes.
In February, CISA cut roughly 130 employees, including its election security advisors. The agency also was forced to freeze all election security activities pending an internal review. The review was reportedly completed in March, but the Trump administration has said the findings would not be made public, and there is no indication of whether any cybersecurity support has been restored.
Many state leaders have voiced anxiety over the administration’s cuts to CISA programs that provide assistance and threat intelligence to election security efforts. Iowa Secretary of State Paul Pate last week told the PBS show Iowa Press he would not want to see those programs dissolve.
“If those (systems) were to go away, it would be pretty serious,” Pate said. “We do count on a lot those cyber protections.”
Pennsylvania’s Secretary of the Commonwealth Al Schmidt recently warned the CISA election security cuts would make elections less secure, and said no state on its own can replace federal election cybersecurity resources.
The Pennsylvania Capital-Star reports that several local election offices received bomb threats around the time polls closed on Nov. 5, and that in the week before the election a fake video showing mail-in ballots cast for Trump and Sen. Dave McCormick (R-Pa.) being destroyed and thrown away was linked to a Russian disinformation campaign.
“CISA was able to quickly identify not only that it was fraudulent, but also the source of it, so that we could share with our counties and we could share with the public so confidence in the election wasn’t undermined,” Schmidt said.
According to CNN, the administration’s actions have deeply alarmed state officials, who warn the next round of national elections will be seriously imperiled by the cuts. A bipartisan association representing 46 secretaries of state, and several individual top state election officials, have pressed the White House about how critical functions of protecting election security will perform going forward. However, CNN reports they have yet to receive clear answers.
Nevada and 18 other states are suing Trump over an executive order he issued on March 25 that asserts the executive branch has broad authority over state election procedures.
“None of the president’s powers allow him to change the rules of elections,” Nevada Secretary of State Cisco Aguilar wrote in an April 11 op-ed. “That is an intentional feature of our Constitution, which the Framers built in to ensure election integrity. Despite that, Trump is seeking to upend the voter registration process; impose arbitrary deadlines on vote counting; allow an unelected and unaccountable billionaire to invade state voter rolls; and withhold congressionally approved funding for election security.”
The order instructs the U.S. Election Assistance Commission to abruptly amend the voluntary federal guidelines for voting machines without going through the processes mandated by federal law. And it calls for allowing the administrator of the so-called Department of Government Efficiency (DOGE), along with DHS, to review state voter registration lists and other records to identify non-citizens.
The Atlantic’s Paul Rosenzweig notes that the chief executive of the country — whose unilateral authority the Founding Fathers most feared — has literally no role in the federal election system.
“Trump’s executive order on elections ignores that design entirely,” Rosenzweig wrote. “He is asserting an executive-branch role in governing the mechanics of a federal election that has never before been claimed by a president. The legal theory undergirding this assertion — that the president’s authority to enforce federal law enables him to control state election activity — is as capacious as it is frightening.”
Chilling. This is frightening news.
Thanks for gathering and sharing this information, Brian.
And people say Trump is joking about wanting a third term, just like he was “joking” about shipping “home grown” people to El Salvadorian prisons earlier today…
This is getting more serious by the day, and we’re less than three months in.
Huge CISA fan. Not a huge fan of the politicization of the department. It is true that good work was done by CISA while Chris Krebs was at the helm. It is also true that he was playing politics when he stated “2020 election was most secure in US history”.
If my boss wanted a security audit and I snapped back “This is the most secure system in the history of this organization.” It would be a very unprofessional response and illogical because it doesn’t account for the constant state of change in systems and security. The professional conversation would be around what systems, structures and components are in place to ensure the prescribed levels of security. This is the first thing Chris Krebs did wrong, he was playing defense for political purposes not being a critical professional.
Yep, I totally agree with you, quite disappointing…
You both surely analyzed all previous elections to discount the expert’s factually undisputed claim, then. Good for you.
“It is also true that he was playing politics when he stated “2020 election was most secure in US history”
If, you mean, stating facts that are equivocally true can sometimes be construed as “political” when a political figure has lied without evidence in stating the opposite hundreds if not thousands of times… then sure, but then it’s also “political” to say that the US Presidency is limited to 2 terms by the 12th Amendment to the Constitution, ratified in 1804. Three coequal branches of government – political, can’t say it.
I read you loud and clear, comrade. We must not say what we all know is true. It is verboten.
I believe what he said was…”The professional conversation would be around what systems, structures and components are in place to ensure the prescribed levels of security. ”
To make a stand alone statement, in a politically charged environment, without supporting evidence, will come off as a political statement. Context is important.
No one asked for a security audit: the election was “stolen” and corrupt in 2020 because he lost. Notice he didn’t say the same thing about this past year, or 2016, although he certainly prepped for it just the same. He even referred to the same thing as far back as 2012 with Romney on his social media accounts. The only one who made it political was Trump, he determined that there’s no way he could lose because he’s infallible, and any dissent is unacceptable.
It would be more like if a CISO pre-determined a security incident was caused by a rogue insider threat taking over the domain controller, with no evidence or mechanisms to support it, and when asked had no functional mechanisms to explain why he thought that way (see all the cases brought before judges in 2020). Imagine asking for evidence, checking the logs, and coming back and saying it’s as secure as it’s ever been and suffering personal consequences with your former boss going after your job and filing false police reports for disagreeing with the chain of command.
That’s what’s going on, don’t try to spin it as anything else.
Can’t disagree with that. At least he’s got one thing – the investigation of his doings that may exonerate him from the accusations, even if his response to them could have been better.
‘capricious’, not ‘capacious’. bloody spellcheck…
I left the U.S. two years ago but I can’t stop being amazed at how much damage is being done to the system. Sure, it may take years to remove all those loyalists that Trump inserted into various government positions and to amend the constitution to prevent free rein by any future populist supported by idiot voters.
But the most damage in my view was done to the reputation of the U.S. government. A few years back I was seriously considering getting a job of the security researcher with the U.S. government. It didn’t work out back then but now I’m so thankful that it didn’t. I honestly dodged the bullet of being fired by an unelected druggie, foreign billionaire that bought his way into the White House and was then gutting the government that was impeding his business practices. Or even worse, being afraid for my job every 4 years when imbeciles in the US elect another Russian asset. I don’t think this damage can ever be undone. Ever.
Questioning Dear Leader will lead to consequences from Him or his cult-like followers.
Excellent. We need investigations into every aspect of the so-called “deep state”; fed employees (at least within the Executive Branch disobeying direct orders from the Chief Executive and going rogue. In some cases, management specifically ordering the rank and file to ignore those orders.
As a retired Fed with 40 years in service, this was shocking to me to hear. I’m retired now but these are all changed within the past 10 years. Previously, if you thought an order was “illegal” or against regs, you mentioned it to the boss and went to legal if that didn’t make a difference (on sufficiently concerning issues). You didn’t disregard things out-of-hand.
Don’t know about you, friend, but this Fed with 40 years service swore an oath to support and defend the Constitution, not the fever dreams of some tin horn, wanna-be dictator.
The only Deep State that’s ever existed in governments, republics, and empires throughout the course of human history is the loyalists to an emperor, king, or dictator. Crushing dissent on an increasing basis and unquestionable loyalty to a dictator are fundamental tenets of Stalinism and Nazism, among hundreds of other states formed throughout our wonderful human history that have killed billions. If you think that way, just own up to it instead of creating a boogeyman trying to justify your hateful intentions.
Hard to read adjectives like ‘surprising’, ‘shocking’, and ‘astonishing’ in the industry responses without wondering how any of this can be a surprise to anyone who has been paying attention to Trump’s statements both during and after the 2024 campaign.. That’s the astonishing part
Thanks for the very enlightening article. Very scary. Everyone should read this.
We are going down a slippery slope that Americans are not ready for. Fromm Covfefe-in-chief deporting people lawfully in America with no intent to get them back, and the threat of even deporting American citizens to El Salvador. Now the punishment and retaliation for just doing their job is what the Cheeto-in-charge wants to happen and things are going to get a whole lot worse before they get better.
Please keep these articles going. Truth must speak to power. Donald hates the truth because it destroys his narrative.
Chris Krebs should be honored by the cybersecurity community because he spoke the truth in the face of a lot of pressure to do otherwise. History has proven Chris correct. Donald and his minions lost over 60 election lawsuits in 2020 and he is still trying to lie his way to a different story. His approach now is to attack those who spoke the truth.
. Brian, I have read your articles for quite a while.
This one is unexpectedly political. Please stop. You have a lot more different and unique content to offer.
If I wanted to steep myself in the political discord du jour, I could dip my toes in Twitter.
This is what you get when you have a president that makes everything a loyalty test and everything political. Cybersecurity has for a long time been one of the most bipartisan issues in Congress. Or, at least it was until Trump lost in 2020. Then in his mind security became synonymous with accountability. which ofc he hates.
Thanks for reading. I hope you actually read it before dismissing it as political. Anyway, now is not the time to tune out.
CyberSecurity is not political, the is no TCP flag for party affiliation, the injection of politics into CS is done by PEOPLE (from both sides of the aisle tbh). Just cut the crap already, everyone, on this front, please, for the love of all that is good in this world (what’s left of it anyway).
If you think cyber security is not political, how do you square state actors, cyber offense/defense agendas, social media, etc? Even the very creation of standards be it IEEE, 3GPP, etc is soaked in the political arena.
You can be Red, Blue, Poka-Dot, but as a cyber professional or just someone interested in the space, the politics are real.
Eat a bag of dicks. Republicans are politicizing all institutions of the federal government. Don’t cry about journalists writing about the hostile takeover by screaming “politics, waaaahhhh” when you choose to put your head in the sand.
I have criticized Brian a couple of times for some overtly political takes that really didn’t add anything to the facts but this article has none of that sort of content whatsoever. This is a statement of facts and facts that we should be made aware of because of how dangerous some (all?) of this activity is. There is no political slant to this article unless you think that anything that dares speak negatively of the president’s actions is “political”. That’s not how it works if what the article states is true. This one rings true. At this point, you should probably ask yourself why Trump being Trump is a good enough reason for you to accept everything he does regardless of the potential (and realized) negative impact it may have. That’s not a good place for your brain to be.
This was the obvious conclusion to expect when you vote for a textbook fascist as your representative. Meanwhile, all of my coworkers in infosec that voted for this are as ignorant as ever without the slightest clue about the ramifications of their vote for authoritarianism.
America is getting exactly what it collectively voted for. Buckle up, MAGAts. YOU voted for this.
I think we have crossed a line here where articles like these are clearly not political opinions. Facts are facts, even when denied by someone who is accused of serious abuse of power. Its hard to read multiple stories about the illegal activities this president has supported and not be convinced that we have a massive problem here and our elected officials and/or any cabinet members with a minimum sense of responsibility need to take action. Back when Bell Labs created a telecommunications system that was hardened against outside threats, it was unheard of that a foreign agency could compromise virtually every company now in business. This defense of our adversaries is treason; period.
Thank you again Mr Krebs for getting this information out.
You are a hack Krebs … a tired hack!
And you are a wet wipe Josh … a used wet wipe!
Thank you Brian for illustrating why you remain one of the most valued and trusted cybersecurity reporters for IT professionals. I appreciate your judgment in topics and focus here. It’s refreshing to see good technology journalism that courageously tells some of the bigger story than just the bits and bytes.
Dear Brian Krebs, thank you for your worthwhile work.
It amuses me greatly that the comments here
are turning more vicious, in direct proportion to the accuracy of the articles. I am a generalist and not
an IT guy, but as the belligerent, bellicose insults and veiled insinuations continue, it may be useful to
add a rating system where we can upvote or downvote a comment. (not that it will discourage them)
And it is not a time to stay silent. There are plenty of good Americans now speaking out, all over the country.
I have to believe the idiots are outnumbered by the good voices.
But I also think part of the strategy of the sock-puppets is the same agenda of any soul-less bully;
distract, disrupt, flood the zone, deflect, and fake outrage, the whole panoply of evil techniques.
If one ever had a course in classical logic, logical fallacies, and rhetoric, it is pretty transparent.
Fortunately , your regular and loyal readers are also pretty savvy.
I often wonder how despicable people live with themselves, but then I remember: they are soul-less
hollow people. Some of them may even be on a payroll. To quote T. Jefferson, “Eternal vigilance is
the price of liberty.” Keep up the good work, Brian, and everyone else, talk to your friends, stay engaged.
Guv’ment workers you cannot say that 2+2=4 when Trump says it’s 5, that’s contrary to suitability standards.
4chan hacked today but Krebs is soyjaking over Trump. How the mighty have fallen.
You wouldn’t know mighty if it fell out of the sky and hit you in the colostomy bag!
How many constitutional amendments has he broken? 1 several times, 5 with disappearing people to gulags without due process. 6 Attacking our judges and attorneys. Homeboy speedrunning complete constitutional destruction.
He can do whatever he wants, his sycophants would rather “own the libs” at the cost of destroying this country than hold the twice-impeached dictator accountable for his actions
Trump is systematically and deliberately opening the door wide and inviting Russia to take over our elections to keep him and his lapdogs in power.