DHS cyber chief out after debunking Trump’s election claims

President Donald Trump on Tuesday fired Christopher Krebs, the U.S. government’s top cybersecurity official, after he spent weeks contradicting the election-related conspiracy theories that Trump and his allies have promoted to deny the legitimacy of President-elect Joe Biden’s victory.

Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, oversaw the defense of the 2018 and 2020 elections, as well as the protection of federal computer networks and critical infrastructure facilities such as hospitals and power plants.

In tweets posted Tuesday evening, Trump claimed that a recent statement issued by Krebs’ agency and several partners, which reassured Americans that the 2020 election had been conducted securely, “was highly inaccurate.”

“There were massive improprieties and fraud — including dead people voting, Poll Watchers not allowed into polling locations, “glitches” in the voting machines which changed … votes from Trump to Biden, late voting, and many more,” Trump tweeted, though those claims are false. “Therefore, effective immediately, Chris Krebs has been terminated.”

Krebs, one of the few Trump appointees with nearly universal bipartisan support, spent years navigating his new agency through DHS’s leadership turmoil and the administration’s political controversies. At the same time, he built relationships with fellow officials and private security experts to reform and promote the government’s cyber mission.

After rising to become the United States’ de-facto cyber czar in 2018, he became a familiar presence at security conferences, where he discussed threats such as the ransomware epidemic and the risks of Chinese telecom companies such as Huawei. In an administration that constantly defied democratic norms, Krebs became the public face of the government’s election security efforts, highlighting the collaboration between national security officials and election supervisors.

But Krebs’ commitment to debunking misinformation about the presidential election finally proved too much for the White House, which pushed him out as part of a government-wide purge that has also hit the top ranks of the Pentagon.

A focus on election security

Krebs’ most significant legacy is the nation’s increasingly robust election infrastructure. The technology and processes that power U.S. elections are far more secure than they were in 2016, when Russian hackers thrust the creaking machinery of American democracy into the spotlight. But getting to this point was an uphill battle at times.

“The success of the 2020 General Election — in the face of disinformation campaigns and cyber threats from foreign adversaries — is owed in large part to CISA under Chris Krebs’ leadership,” California Secretary of State Alex Padilla said in a statement. He called Krebs “an accessible, reliable partner for elections officials across the country, and across party lines, as we have fortified our cyber defenses since 2016.”

The Obama administration’s belated approach to engaging election supervisors in 2016 left state and local officials skeptical of, or even hostile to, help from Washington. Improving this relationship couldn’t have been more important, as many states maintained insecure voter registration databases and many counties used electronic voting machines that lacked the paper trails necessary for reliable audits.

Krebs and his team launched a charm offensive to dispel rumors about federal takeovers. They pushed states to adopt paper ballots and post-election audits, which many began doing after Congress approved hundreds of millions of dollars in election security grants. CISA also offered states free cybersecurity services, including penetration testing, phishing simulations, vulnerability scanning and resilience assessments. All 50 states and many local jurisdictions joined a CISA-funded information sharing group and installed intrusion-detection sensors that help the agency analyze hackers’ activities.

Under Krebs, CISA paid particular attention to small local jurisdictions that often lacked any dedicated IT staff, launching a “Last Mile Initiative” in 2018 that helped states furnish custom cheat sheets for their county supervisors. Krebs also launched a Voter Registration Database Ransomware Initiative to help officials protect these key systems from extortion-focused malware.

Krebs also worked to improve relationships with the companies that sell election technology such as voting machines, electronic poll books and results-reporting websites. For years, these largely unregulated vendors have scorned security researchers’ attempts to study their products, used lawsuits to maintain quasi-monopolies and in some cases misled customers about the security of their products. Krebs encouraged the companies to mend fences with researchers and improve security practices.

Over time, these efforts paid off. CISA persuaded several voting-machine manufacturers to let the Energy Department’s Idaho National Laboratory test their products for vulnerabilities. In 2019, Krebs said such cooperation would have been “unheard of” two years earlier. In addition, all three major voting machine makers now operate vulnerability disclosure programs. While researchers and activists still have complaints, many of them acknowledge that the industry is trying to improve.

Kreb also encouraged companies such as Google and Microsoft to offer free support to campaigns and election officials, resulting in the increased adoption of techniques such as multi-factor authentication. In the final phase of the 2020 election, CISA launched a “Rumor Control” website to debunk election-related misinformation and partnered with other agencies to encourage trust in the system and correct viral falsehoods. Krebs argued that false alarms and reduced voter confidence could do far more damage than an actual cyberattack.

Full plate of other threats

The coronavirus pandemic offered another stress test of CISA’s partnerships with other agencies and the private sector. CISA offered cybersecurity help to health-care organizations developing vaccines as part of the Trump administration’s “Operation Warp Speed” initiative. The agency also worked with its British counterpart to warn about hackers exploiting the pandemic, and it partnered with the FBI to warn that Chinese hackers were targeting virus researchers.

Krebs also had to deal with the threat of ransomware, which mushroomed to become one of the biggest problems facing businesses, healthcare systems and local governments. In October, CISA, along with the FBI and the Department of Health and Human Services, began assisting hospitals in defending themselves against a massive ransomware campaign that one researcher described as “probably the most dangerous cyberattacks in the US to date.”

CISA also tackled problems including 5G security and threats to the industrial control systems found in facilities such as power plants. The agency launched a supply chain risk management task force to help companies protect the sprawling global web of producers and suppliers, and it produced a “National Critical Functions” list to help clarify policymakers’ thinking about the country’s biggest systemic weak points. To help CISA identify the operators of vulnerable infrastructure, Krebs pushed Congress to grant him the power to issue administrative subpoenas to internet service providers for basic customer data.

Krebs also leaned into CISA’s role as the cyber overseer for federal civilian agencies. Using CISA’s authority to issue “binding operational directives,” he ordered agencies to launch vulnerability disclosure programs, protect their most valuable digital assets and implement basic email and web security defenses. He also issued emergency orders requiring agencies to remedy emerging flaws.

Cybersecurity is ‘where it’s at’

Krebs joined the Trump administration in March 2017 after spending three years as a Microsoft lobbyist on cyber issues. He first served as a senior counselor to then-DHS Secretary John Kelly before becoming the assistant secretary for infrastructure protection. He concurrently served as the acting under secretary in charge of DHS’s cyber wing, the National Protection and Programs Directorate, until the Senate confirmed him to that job in June 2018.

Krebs’ position gained new importance in May 2018, when the White House eliminated the cybersecurity coordinator position inside the National Security Council, leaving the government without an official “cyber czar” and functionally throwing Krebs into that role. He embraced the responsibility, becoming a constant presence at cybersecurity conferences. He hobnobbed with tech executives on the sidelines of industry events, bantered with reporters after keynote speeches and inspired memes on social media about his socks and ties.

Two weeks after the 2018 midterms, Trump signed a bill that reorganized Krebs’ DHS division into CISA, handing the new agency director a major win and fulfilling a long-term goal of many cyber policy specialists.

“This will make us, I think, much more effective,” Trump said as he signed the bill. “Cyber is, to a large extent, where it’s at nowadays.”

The new agency made Krebs’ team more approachable to the private sector — he often joked about never again having to say NPPD’s clunky full name — and it quickly became a partner for companies that were hesitant to engage with other agencies but trusted Krebs.

As the de-facto cyber chief, Krebs had to manage relationships with an often fractious community of federal agencies, state and local partners, activist groups, independent researchers and security companies.

One of Krebs’ main tasks was to cut through years of mistrust between the hacker community and the government. At events such as the annual DEF CON conference in Las Vegas, Krebs urged public-spirited hackers to help the government find and fix flaws in U.S. computer systems. He acknowledged their skepticism but insisted that he was advocating for them inside the government.

To promote CISA’s work and demonstrate to outsiders that it wasn’t your average government agency, Krebs embraced humor and whimsy, running a “Star Wars”-themed recruiting campaign and explaining the threat of disinformation with a campaign about the controversial practice of putting pineapple on pizza.

As CISA grew, other agencies were also reorganizing their cyber missions. Krebs had to build ties with the Pentagon’s newly elevated U.S. Cyber Command and the NSA’s new Cybersecurity Directorate, the secretive spy agency’s first major attempt at public engagement. Cyber Command’s newly aggressive posture and the NSA’s insular culture were fundamentally at odds with CISA, which prioritized collaboration and information sharing. Krebs also had to coordinate with the FBI’s Cyber Division, which began trying to play a larger role in deterring hackers.

Leading amid the chaos

Looming over all of this was the leadership turmoil atop DHS, which experienced a succession of permanent and acting secretaries as the White House pushed the department to pursue harsher immigration policies. Krebs steered CISA away from the political controversies, but policy specialists wondered how the agency was suffering from a lack of stable DHS leadership.

A reminder of Krebs’ precarious position arrived in August, when the Government Accountability Office declared acting DHS Secretary Chad Wolf’s appointment to be invalid and determined that, under the department’s succession plan, Krebs should have become the acting secretary when Kirstjen Nielsen resigned in April 2019. The crisis illustrated the peculiar situation in which the scrupulously apolitical Krebs found himself.

Through it all, Krebs garnered rare bipartisan acclaim. In an administration that was almost singularly focused on catering to Trump’s whims and implementing a right-wing agenda, Krebs was one of the few agency chiefs whom Democrats and Republicans alike regarded as a nonpartisan figure just trying to do good work.

Rep. Jim Langevin (D-R.I.) recently told POLITICO that he wanted Biden to keep Krebs in place after he took office. When news broke on Thursday of Krebs’ likely ouster, he received support and praise from many Democratic lawmakers, including Sen. Mark Warner of Virginia, the ranking member on the Intelligence Committee; Sen. Maggie Hassan of New Hampshire, a member of the Homeland Security Committee; and Rep. Bennie Thompson of Mississippi, chairman of the House Homeland Security Committee.

Krebs deflected questions about the tensions between his and Trump’s comments about election security, saying he was focused on his technical mission.

Distancing himself from Trump’s remarks protected Krebs for more than three years, but the presidential election pushed the CISA director’s relationship with the White House to the breaking point.

As Election Day neared, CISA launched the “Rumor Control” website to collect fact checks about common election misinformation. Krebs, who told reporters he wouldn’t directly correct Trump’s falsehoods, nonetheless stocked the page with information that debunked right-wing conspiracy theories. That continued after the election, as Trump and his allies — including several of Krebs’ fellow agency leaders — falsely alleged mass voter fraud to deny the legitimacy of Biden’s victory.

“The November 3rd election was the most secure in American history,” CISA and its election security partners said in a statement on Thursday, as rumors about Krebs’ fate swirled. ““While we know there are many unfounded claims and opportunities for misinformation about the process of our elections, we can assure you we have the utmost confidence in the security and integrity of our elections, and you should too.”

Krebs’ insistence on the sanctity of the process angered White House officials, who took particular umbrage when he dismissed a Republican conspiracy theory about a vote-flipping supercomputer as “nonsense.”

Several government officials expected Krebs to be fired after a POLITICO story published on Tuesday highlighted his pushback against conservatives’ election misinformation, a former U.S. official said.

As it turned out, Rumor Control was only the final straw. The White House’s personnel office “has wanted to fire Krebs for a while,” said a current U.S. official.

If he was worried, Krebs showed no sign in public. On Thursday afternoon, he told a federal advisory committee that CISA would “continue … to defend our democracy” during Georgia’s upcoming Senate runoff elections and beyond.

A few hours later, Krebs retweeted an election technology specialist’s warning against sharing “wild and baseless claims about voting machines, even if they’re made by the president.”