- President Trump's firing this week of Chris Krebs, the US's top cybersecurity official who spearheaded efforts to protect the 2020 election, is among his most consequential dismissals since he lost the election.
- Krebs' firing opens the door for foreign adversaries to target US critical infrastructure, and one security professional said his removal was comparable, from a cyber standpoint, to Trump's so-called "decapitation strike" at the Pentagon last week.
- David Kennedy, a former hacker for the National Security Agency, joked that cybersecurity experts "were bored out of their minds" this year because "nothing was happening" during the 2020 election thanks to Krebs' efforts to secure the vote.
- In 2016, "we saw a lot of evidence of foreign adversaries like Russia sowing confusion and doubt about our electoral process and the accuracy of the results," said Jason Glassberg, a co-founder of Casaba Security.
- Glassberg added: "In 2020, we've got the president doing our foreign adversaries' work. It's a complete turnaround."
- Visit Business Insider's homepage for more stories.
The 2020 US election was, by all accounts, one of the safest and most secure in recent history. Despite a raging pandemic, a surge in mail-in voting, the looming specter of foreign interference, and an unprecedented surge of disinformation, the election largely went off without a hitch.
On Tuesday, President Donald Trump fired Chris Krebs, one of the main architects of that success.
In the end, cybersecurity experts told Insider, Trump did Russia's work for it by firing Krebs, and in many ways, Krebs' ouster was the biggest sign of his accomplishments.
David Kennedy, a former hacker for the National Security Agency and the CEO of TrustedSec, joked that cybersecurity experts "were bored out of their minds" this year because of Krebs' work. "Nothing was happening because we had done so much to protect the voting process and election infrastructure by making sure it was properly segmented and hackers couldn't get in. A lot of that was because of Chris's leadership at CISA."
Krebs oversaw the Cybersecurity and Infrastructure Security Agency (CISA) before getting a pink slip via presidential tweet Tuesday evening. CISA is part of the Department of Homeland Security (DHS) and was created in late 2018 as the nation's premier cybersecurity arm. The agency's efforts were instrumental in protecting the 2020 election, but it was relatively unknown to most Americans until a few weeks ago, when CISA started publicly and explicitly rebuking the president's lies about the election, putting Krebs on a collision course with the White House.
Shortly after Krebs was fired, his deputy, Matt Travis, was forced out. And last week, Bryan Ware, another senior CISA official, was similarly ousted. With Krebs and Travis out, Brandon Wales, CISA's executive director and the third highest-ranking official, is the acting head of the agency.
Unlike his predecessor, Wales is a career official and not a political appointee, which means he can't be fired by Trump. And according to Politico, Krebs specifically tapped Wales to join CISA because he trusted him to lead the agency in the event that political forces pushed Krebs out.
Larry Johnson, a 24-year veteran of the US Secret Service who spearheaded the Election Crimes Task Force, expressed confidence that regardless of who's leading CISA, "the rank and file, the intelligent and dedicated analysts, are going to continue doing the work they're tasked with."
That said, Wales "is now working not one, not two, but three jobs," said Michael Borohovski, a director at Synopsys who previously worked as a senior contractor for the Pentagon and intelligence community. "It's of course true that Chris was not the only person at CISA. But now, the work that used to take three people is going to have to be done by one person, which is incredibly tough."
Krebs, whose personal Twitter bio says, "I'm now going to reintroduce myself to my family," did not respond to a request for comment.
'We've got the president doing our foreign adversaries' work'
Before he was fired, Krebs used his official Twitter account and the DHS' "Rumor Control" website to defend the federal government's work safeguarding the integrity of the election amid an onslaught of disinformation from Trump and his Republican allies about canvassing and auditing, voter registration, ballot-counting measures, and the overall electoral process.
On Tuesday, Trump singled out Krebs' statements as "highly inaccurate" and launched into a conspiracy-laden and evidence-free rant about "massive improprieties and fraud," dead people voting, and compromised voting machines that "changed votes from Trump to Biden." In a subsequent tweet, the president dismissed Krebs.
One cybersecurity professional and security researcher, who requested anonymity because they are not authorized to speak to the press, said Krebs' ouster was comparable from a cyber standpoint to Trump's "decapitation strike" at the Pentagon last week, when he abruptly fired Defense Secretary Mark Esper.
"From a defensive standpoint, there are some very high-profile risks" associated with Krebs' removal, the security researcher said. "If you don't have somebody competent at the wheel to handle infrastructure security for the whole country, or if the leadership is in limbo, that leaves us pretty vulnerable."
Borohovski said the next several weeks will be a waiting game, and that the whole world will be watching.
"You don't really want to make any major decisions as the interim or acting head, unless you're angling for a permanent position," he said. "So right now, we're in a situation where what it really boils down to is, what does the leadership vacuum at CISA mean for the US? And I don't have an answer to that."
In addition to being in charge of election infrastructure, CISA governs critical infrastructure security like power grids and hydroelectric plants and chemical security like nuclear and hazardous material facilities. The agency oversees the Federal Protective Service — which is responsible for providing security to nearly 10,000 federal buildings — the Office of Cyber and Infrastructure Analysis, the Office of Infrastructure Protection, and more.
When he was ousted, Krebs was also leading the DHS' efforts to guard the US from cyberattacks and foreign threats, particularly from hostile adversaries.
"When you remove someone like that, you're removing direction, guidance, and policy," Kennedy said. "It takes a long time to make adjustments, and it's going to be hard to replace Chris in a short timeframe, especially at takeoff, because he was in charge of so many national security and critical infrastructure initiatives CISA was doing."
Complicating things is the fact that Krebs' dismissal comes during the most tumultuous presidential transition period in modern history.
Since winning the election, President-elect Joe Biden has begun staffing up his transition team, building a COVID-19 task force, and moving forward with national security briefings. But he's doing all that without assistance from the Trump administration because the incumbent refuses to concede the election, forbade government officials from communicating with Biden's team, and carried out a string of revenge firings in the wake of his defeat that destabilized the very agencies responsible for keeping the US on a steady course.
"Our adversaries are watching all of this," Kennedy said. "If you're Russia, China, North Korea, or Iran, Chris' firing and this transition period present an opportunity to leverage against us because right now, we're basically running around without someone in charge of security for the country. And that's a big deal."
The White House did not respond to a request for comment.
Jason Glassberg, a co-founder of Casaba Security, said the disruption in the US's command and control structure could allow Russia to capitalize on disinformation campaigns, spearphishing attacks, and influence operations aimed at sowing doubt about who was in charge and, more broadly, the US's democratic process.
Glassberg, whose cybersecurity firm has previous experience working on election-related issues, also highlighted the contrast between the 2016 and 2020 elections, and how Krebs' firing benefits Russia.
In 2016, "we saw a lot of evidence of foreign adversaries like Russia sowing confusion and doubt about our electoral process and the accuracy of the results," he said. "Now, in 2020, we've got the president doing our foreign adversaries' work. It's a complete turnaround. Up is down, down is up, and left is right. It's a complete reversal."
Broadly, Russia, China, Iran, and North Korea have different goals. But they share a common interest in the US's critical infrastructure and military preparedness in the event of a war.
Critical infrastructure is typically more difficult to secure because of legacy systems that date back, in some cases, to the 1970s and 1980s and haven't been updated since.
"One of Chris' initiatives was to really focus on critical infrastructure and figure out how to protect it from a national security perspective, as well as run day-to-day operations looking at how our adversaries are changing their targets," Kennedy said.
"Coming up with solid defenses, being able to synthesize intelligence and focus on long-term strategies — all of these are things Chris was working on," he added. "And if you don't have someone in that position or you have a disruption or distraction at the top of the agency, China, Russia, North Korea, and Iran can absolutely take advantage of the gap in leadership and change their tactics on a dime's notice."
Borohovski agreed in part but emphasized that "it's not like Chris leaving opens up some sort of big hole for attackers to walk right in." That said, "the US is distracted right now, and if I was a bad guy and I was thinking about running some sort of offensive operation, then this would be a good time. It would be dumb not to."
'The evidence of Krebs' success, unfortunately, is his firing'
CISA employees said Krebs protected them from Trump for months and that his firing was always a looming threat at the agency. That threat was magnified after the election, when CISA shared a joint statement from a nonpartisan group of election and government officials about the safety of the voting process this year. "America, we have confidence in the security of your vote, you should, too," Krebs tweeted along with the statement.
His potential firing was "always a concern," one CISA employee told Business Insider's Jeff Elder. "We were able to fly under the radar and do the work because of Director Krebs' leadership." Another employee said they felt empowered to do their job because "Director Krebs made it clear that 'I'll handle the politics, you handle securing the election.'"
"When you start gutting leadership, that makes people that serve under them a little less effective because now they're worried about their long-term job prospects," the security researcher said. "How far is it going to go? Do they have to change their behavior or how they're doing their job in order to avoid being fired on Twitter by the president?"
Krebs, for his part, resurfaced on his personal Twitter account minutes after the president fired him.
"Honored to serve. We did it right. Defend Today, Secure Tomrorow [sic]. #Protect2020," he tweeted.
Matthew Masterson, a senior election security official at CISA, followed suit after his former boss, writing, "The mission is unchanged. #Protect2020."
National security and cybersecurity experts also pointed out that now that Krebs is out of the government, he's free to talk to the Biden transition team. Though he's barred from sharing classified information because of the president's refusal to recognize Biden as the president-elect, Krebs has a wealth of institutional knowledge that would likely be enormously useful to the incoming administration. That's especially true given that CISA didn't exist until two years ago.
"Chris has made a lot of headway in the industry even though he hasn't been there long," Kennedy said of Krebs, who worked at DHS and as a Microsoft executive before being tapped to lead CISA. "He hit the ground running, he laid out his key priorities around critical infrastructure, guarding the elections from foreign interference, and so on. I really hope Biden brings him back in, because we're losing a lot of time and effort right now."
Johnson, the Secret Service veteran who led the Election Crimes Task Force, agreed, saying, "You want to go from zero to 60, but you don't want to start at zero. You need a foundation and Krebs can give them that."
The Biden transition team did not respond to a request for comment.
Krebs "did a terrific job under impossible circumstances," Glassberg said. "He seems to have run a perfectly safe election with no major signs of breaches. And he basically got fired for doing his job."
"I can't think of a single thing I would've done differently," the security researcher said. "CISA tackled a hard problem and they did an admirable job of it. The agency is going to be central to the conversation for every American election going forward. To that point, the evidence of Krebs' success, unfortunately, is his firing."
Source: Read Full Article