President Donald Trump announced Tuesday his decision to fire Chris Krebs, the top cybersecurity official at the Department of Homeland Security.
The decision spurred widespread criticism from leaders within the cybersecurity community that credit him for repairing a fractured relationship between government and industry.
Trump announced the decision via tweet after a tense period following the election where Krebs, whose portfolio included elections, had to routinely counter debunked and unsubstantiated comments from the president and his surrogates.
The two-tweet thread, which Twitter flagged for accuracy, read: “The recent statement by Chris Krebs on the security of the 2020 Election was highly inaccurate, in that there were massive improprieties and fraud – including dead people voting, Poll Watchers not allowed into polling locations, ‘glitches’ in the voting machines which changed votes from Trump to Biden, late voting, and many more. Therefore, effective immediately, Chris Krebs has been terminated as Director of the Cybersecurity and Infrastructure Security Agency.”
Krebs headed the Cybersecurity and Infrastructure Security Agency (CISA) since before it was an agency – until 2018, it was the National Protection and Programs Directorate. He shaped a lot of how the agency functions and relates to the companies and states that own the infrastructure CISA is tasked to protect.
“We have a short term memory on this, but not too long ago, no one wanted to work with DHS,” said Kiersten Todt, managing director of the Cyber Readiness Institute, which works with small and mid-sized businesses to bolster cybersecurity.
NPPD and later CISA were tasked with offering assistance to the entities making up the nation’s critical infrastructure, which DHS defines as falling within 16 different sectors – everything from transportation to electricity and elections. But even as late as 2016, at the end of the Obama administration, there was a feeling amongst industrial firms and the state elections boards that the DHS were essentially tourists, with little domain expertise being helicoptered in to help where they weren’t wanted.
Under Krebs, a lot of that has changed. The most public-facing examples is in elections. In 2016, when DHS Secretary Jeh Johnson started making a push to offer department resources to state election boards, he was widely rebuffed by Republicans state leaders, who worried the government was trying to wrestle away control of elections. Even as late as 2018, the National Association of Secretaries of State President Connie Lawson described the state relationship with DHS as a “forced marriage.”
Fast forward to 2020, when state officials from both parties now see CISA as an important partner in protecting elections. In fact, according to reporting from Reuters, Krebs believed he would be fired because CISA’s widely touted disinformation debunking portal pushed back on the Trump administration’s public claims of voter fraud.
There was a similar evolution in the relationship between industry and CISA/NPPD.
“This division didn’t have the best reputation,” said Bryson Bort, founder of the cybersecurity consultancy GRIMM, the attack emulation platform SCYTHE and head of ICS Village, a touring industrial control systems learning lab that has partnered with CISA in the past.
“The biggest thing Chris [Krebs] brought is the vision he rolled out about 18 months ago,” said Bort. “He realized ‘we can’t be the heavy-handed government agency.'”
CISA’s successes are often attributed to a deliberate effort by Krebs to reshape the agency into one that epitomizes the best of public-private partnerships. Bort credits Krebs with getting industry a “seat at the table” in interagency discussions about industrial control systems – Bort has, himself, advised CISA since April.
“It’s a credit to Chris,” said Bort. “The organization didn’t have to evolve like this.”
Todt points to how egoless CISA has been about incorporating outside efforts into its own work. She pointed to the agency’s decision to tap Cyber Readiness Institute to assist in efforts to design cybersecurity toolkits, after realizing its own work was duplicative of efforts already underway by CRI.
CISA is, in fact, the kind of agency that DHS should model its future after, said Todt, who was a staff member for Joe Lieberman when he chaired the Senate Homeland Security committee that created the Department of Homeland Security post 9/11.
Across the cybersecurity industry, several companies expressed remorse to see Krebs go.
“There have been a lot of questions about roles and responsibilities across the government, including where CISA fits in and where they don’t. There have been no questions, though, on Chris Krebs’ effectiveness,” wrote Dragos CEO and co-founder Robert M. Lee in a statement.
“His departure leaves a significant void that could ultimately undermine public/private partnerships to combat the ongoing siege of cyberattacks from our nation state actors,” emailed Tom Kellermann, head of Cybersecurity Strategy at VMware Carbon Black and a member of the Secret Service’s Cyber Investigations Advisory Bureau.
Krebs leaves the government with a Dr. Fauci-type reputation among cyber-defenders, many of which expressed hopes that the Biden administration might bring him back. Even before his firing, there was talk outside the Biden camp that Krebs would be an ideal National Security Council cybersecurity adviser, should the White House reinstate something akin to the cybersecurity coordinator eliminated by President Trump.
If nothing else, wrote Lee, “folks should be thankful for his time there.”
