The day after the president fired Cybersecurity and Infrastructure Security Agency head Chris Krebs via tweet, the groups that partner with the Department of Homeland Security agency say they will continue to work with CISA despite the agency being left in a temporary limbo.
Krebs was a well-regarded figure in cybersecurity, building CISA into a model of public/private partnerships, leveraging the resources of the government to help state and private owners of critical infrastructure protect against threats to uptime. That infrastructure ranged from power plants owned by utilities to the backbones of shipping networks, to state-run election systems.
Security pros that spoke to SC Media say that while the services CISA offers may ultimately be the same, the fact the leader credited with the agency’s success was removed in such a jarring, politicized manner, undermines some of the confidence organizations will have working with the agency. And without the leadership that caused CISA to become an important government fixture, the rapid improvements may slow.
“People who do the day-to-day work should continue the momentum, but leadership came from the top,” said Shawn Wallace, vice president for energy at the security firm IronNet. “We may not have an appointee for a few months, and that’s lost time.”
“We can’t do this every four years,” he said.
Krebs is the only head that CISA has ever had. The agency did not exist in its current form before he took the reigns of its precursor, the National Protection and Programs Directorate. So while, in theory, CISA should work like any other government agency with career employees working administration to administration, people in infrastructure haven’t seen that with their own eyes.
The firing was a gut-punch to security pros, and made national news out of what had been a largely anonymous government agency. Krebs was showered with praise from the industry throughout Tuesday night for his work shaping CISA since its inception in 2018.
That said, though he was an influential leader, the infrastructure groups that work with CISA largely recognize that work is handed by the career employees below him. Those employees remain.
“The machinery of the relationships is at the operational level. Chris provided the top cover,” said Bryson Bort, founder of the cybersecurity consultancy GRIMM, the attack emulation platform SCYTHE and head of ICS Village, a touring industrial control systems learning lab that has partnered with CISA in the past.
People familiar with the operations of state operations said more or less the same thing – that the partnership elections officials developed with CISA that drew widespread praise in 2020 would continue.
And it was reasonable for organizations to at least plan for Krebs to step down on his own accord before the new administration started. Though Krebs hadn’t indicated that was his plan, it’s common for appointees to resign during the transitions of the presidents who appoint them.
“No one should be alarmed that Krebs is gone,” said Ed Amoroso, founder and CEO of TAG Cybersecurity, and former chief information security officer and CSO of AT&T. But, he added, “The next 60 days is going to be an unusual limbo.”