Chris Krebs’ Firing by Trump Increases Risk of U.S. Cyberattacks

Chris Krebs’ firing by President Trump puts the United States at greater risk for cyberattacks. It also damages the relationship between the cybersecurity industry and government.

That’s according to Joseph Carson, chief security scientist and advisory CISO at Thycotic. He’s among several cybersecurity experts who commented on the firing.

Krebs was director of the Cybersecurity and Infrastructure Security Agency (CISA). Trump fired him because he said there’s “no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

Thycotic’s Joseph Carson

“Christopher Krebs is an exceptional leader who closed the gap between industry and government, bringing security experts together to protect the United States from cyberattacks,” Carson said.

Governments need leaders like Krebs to ask tough questions, speak the truth and be transparent with citizens, he said.

“The CISA has become an important cybersecurity intelligence source under Krebs’ leadership and went well beyond the requirements they set,” Carson said.

Krebs’ loss damages the relationship between industry experts and the government, he said. Krebs was bridging the gap that’s now void.

Damaged Credibility

Nigel Thorpe is technical director at SecureAge. He said damaged credibility is a major short-term consequence.

SecureAge’s Nigel Thorpe

“Every state official that’s seen their career cut short as a result of the president’s temperament is piling onto the potential for skepticism from the intelligence community and state partners, foreign and domestic, regarding future statements made by CISA about the election or any other pertinent matters,” he said.

There’s also the question of whether Krebs’ replacement will be trustworthy or a Trump loyalist, Thorpe said.

“Will they, too, undercut the validity of the election process?” he said. “These questions alone can erode trust in our cyber defense integrity around the world. And they’ll remain an unfortunate constant throughout the narrative in the Krebs firing fallout until the new administration takes hold.”

The message this move sends to the broader international collection of cybercriminals and advanced persistent threats (APTs) is very negative, Thorpe said. It says the United States is divided and distracted, and lacks a united defensive front against cyberattacks.

“We could very well see an uptick in continued activity from current threats, as bad actors may see this news as a rallying cry over the weeks ahead,” Thorpe said. “Disinformation campaigns regarding election results, COVID-19 themed phishing attacks and data theft attempts on our health care and vaccine research infrastructures were all already happening. Now they might happen a bit more often.”

Impacting CISA

Dirk Schrader is global vice president of New Net Technologies (NNT).

NNT’s Dirk Schrader

“In cybersecurity, the capability of an organization’s management to orchestrate and to steer initiatives is vital for the overall security status,” he said.

If management changes or disappears, the cybersecurity strategy is in jeopardy, Schrader said.

“That hampers an organization’s ability to respond the ever-changing environment,” he said. “It is not different for the CISA with the demise of two senior figures in the past 24 hours. It will impact the agency’s ability to steer, to orchestrate.”

Heather Paunet is senior vice president at Untangle. She said the firing once again …