Chris Krebs built bridges between the government and the private sector during his two-year tenure as director of the Cyber and Infrastructure Security Agency. Those ties are now under threat after President Trump fired him on Tuesday, lawmakers and business leaders say.
Together with Krebs and two key representatives of ICAR, a unit of the Ministry of National Security, some warn that the rapid start of fires at an important time will reverse the public-private partnership on cyber security threats.
Private companies own most of America’s major infrastructure, including electricity, water and financial services. A federal commission reviewing this year’s U.S. cyber activity readiness asked federal authorities to share threat information with companies and vice versa to prevent attacks by foreign governments and criminal groups.
ICAR has strengthened these partnerships since their establishment by the Trump Administration in 2018. But Krebs’ departure has led to chaos in those lines of communication, said Patrick Gall, executive director of the National Technology Security Coalition, an Atlanta-based human rights group representing senior information security officials.
Chris’ departure is a disappointment for us because we have worked so hard to build that relationship and that level of trust, says Gull, whose organization represents the security guards at Fortune 1000 companies.
Matt Masterson, Senior Cyber Security Advisor at the Agency for Cyber and Infrastructure Security, testified at a Senate hearing in 2018.
Andrew Harrer/Bloomberg News
Krebs’ resignation took place against a backdrop of growing tensions between ICAR, which protects critical infrastructure such as voting systems, and the Trump administration, which won the presidential election on March 3. November alleged fraud. No evidence of massive fraud has surfaced, and in a joint statement last week, challenging these accusations without calling the president, ICAR and other agencies said the elections were the safest in American history.
Trump quoted this statement when he announced the release of Krebs on Twitter. Two other senior ICAR officials, deputy director Matthew Travis and deputy director of Cyber Security Bryan Ware, have resigned in recent days, expressing concern about the politicization of cyber security issues within the federal government.
This suggests that ICAR may not be an impartial organization, that we do not know who is responsible and that we may have to put our own advice aside for a while, said Senator Angus King (I, Maine).
We have two months before a new president takes office, and our opponents still see transitions as vulnerable times, the King said. What [Mr. Asset] does multiplies that vulnerability.
This momentum could also be spread worldwide, said Jerry Ray, chief operating officer of SecureAge Technology Pte, a data security company in Singapore. You will see that many countries look at each other [for information] and not primarily the United States, Ray said.
Subscribe to the newsletter
WSJ Pro-Cyber Security
News, analysis and views on cybersecurity from the global WSJ team of journalists and editors.
Representatives of ICAR and the White House National Security Council have not responded to requests for comments on these concerns. Mr Krebs, a representative appointed by Mr Krump and respected by cyber experts and legislators on both sides, did not respond to the invitation to comment either.
Some current and former government officials say the agency can handle the cleanup of the upper floors as it prepares for a new administration under newly elected chief executive Joe Biden.
There’s a strong team here, said Kiersten Todt, executive director of the Cyber Readiness Institute, a non-profit organization for small businesses that served as the Obama administration’s e-Counseling service. If an authority reduces the number of men or women, it is not easy, but also not insurmountable.
Many CIS officials stated after their departure that they were optimistic that their work would continue uninterrupted for the time being. Brandon Wales, a career official who currently serves as director, is highly respected within the Agency and is very concerned about his election security mission, according to his colleagues. Since he has not been appointed by a political party, it is more difficult for the White House to remove him from office.
However, the staff of the agency was informed on Wednesday. Some fear that Matt Masterson, ICAR’s senior cyber security consultant with extensive experience in election management, is close to the pink card. Before joining DHS two years ago, Masterson was a Republican commissioner on the Federal Electoral Assistance Commission, which made protection against cyber attacks a priority after the 2016 elections. He was widely praised for his contribution to bridging the gap between the federal government and local and regional elections.
The mission hasn’t changed. Mr Masterson tweeted a few hours after Mr Krebs was released.
Many cyber security experts believe that ICAR should gain resources and credibility in the coming years as cyber threats to the US economy increase. Michael Daniel, the White House cybersecurity coordinator under President Barack Obama, said the department is an accomplishment that Biden’s administration should continue.
U.S. cyber security policies have remained relatively stable among former presidents, said Daniel, currently president and chief executive officer of the Cyber Threat Alliance, an intelligence-sharing nonprofit group. Continuity will make Krebs’ dismissal after the election even more visible without serious incidents, he said.
For me, Mr. Daniel said, it doesn’t make sense.
-Supplementary reports by Kim S. Nash, Catherine Stupp and Dustin Voltz.
Additional information about WSJ Pro Cybersecurity
Write to David Uberty at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8