Chris Krebs was widely credited with forging ties between the government and the private sector during his two-year tenure as director of the Cybersecurity and Infrastructure Security Agency. Those ties are now under threat after he was fired Tuesday by President Trump, lawmakers and business executives say.
With Mr. Krebs and two key deputies out at CISA, an arm of the Department of Homeland Security, some warn the rapid-fire departures will set back public-private collaboration on cybersecurity threats at a key moment.
Private firms own most U.S. critical infrastructure, including the power grid, water system and financial services. A federal commission assessing U.S. cyber readiness this year urged federal agencies to share with businesses threat intelligence—and vice versa—to ward off attacks by foreign governments and criminal groups.
CISA has strengthened such partnerships since the Trump administration created the agency in 2018. But Mr. Krebs’s departure has injected chaos into those lines of communication, said Patrick Gaul, executive director of the National Technology Security Coalition, an Atlanta-based advocacy group representing chief information security officers.
“Chris leaving is a disappointment for us because we’ve worked so hard to build that relationship and that level of trust,” said Mr. Gaul, whose organization represents security chiefs at Fortune 1000 companies.
Mr. Krebs’s firing came amid growing tensions between CISA—tasked with protecting critical infrastructure such as voting systems—and Mr. Trump’s administration, which has alleged fraud in the Nov. 3 presidential election. No evidence of widespread fraud has emerged, and in a joint statement last week challenging such claims without naming the president, CISA and other agencies called the election “the most secure in American history.”
Mr. Trump cited that statement when he announced Mr. Krebs’s firing on Twitter. Two other senior CISA officials, Deputy Director Matthew Travis and Assistant Director for Cybersecurity Bryan Ware, resigned in recent days, adding to fears that cybersecurity matters are becoming politicized within the federal government.
“It suggests to the greater community that maybe CISA isn’t a nonpartisan institution, we don’t really know who’s in charge, and maybe we should keep our own counsel for a while,” Sen. Angus King (I., Maine) said.
“We’ve got two months before there’s a new president, and our adversaries look at transitions as periods of vulnerability anyway,” Mr. King added. “What [Mr. Trump] is doing is multiplying that vulnerability.”
That dynamic also could extend internationally, said Jerry Ray, chief operations officer at Singapore-based data security company SecureAge Technology Pte. “You will see a lot of countries look to each other [for information] instead of to the U.S. first,” Mr. Ray said.
Representatives at CISA and the White House National Security Council didn’t respond to requests for comment about such concerns. Mr. Krebs, a Trump appointee who is respected among cyber experts and lawmakers in both parties, also didn’t respond to a request for comment.
Some current and former government officials say that the agency can withstand a housecleaning at the top as it prepares to transition to a new administration under President-elect Joe Biden.
“There is a strong team of people who are there,” said Kiersten Todt, managing director of the Cyber Readiness Institute, a nonprofit focused on small businesses, who was a cyber adviser to the Obama administration. “When any agency is down any amount of men or women, it’s not easy, but it’s not insurmountable.”
Multiple CISA officials said after the departures that they were optimistic that their work, for now, would continue uninterrupted. Brandon Wales, a career official who is now serving as the acting director, is well-respected at the agency and cares deeply about its election security mission, according to his colleagues. Because he isn’t a political appointee, it is harder for the White House to remove him.
Still, agency officials were on high alert Wednesday. Some are concerned that Matt Masterson, a senior cybersecurity adviser at CISA with extensive election administration experience, could be next to receive a pink slip. Before joining DHS two years ago, Mr. Masterson was a Republican commissioner on the federal Election Assistance Commission who made protecting elections from cyberattack a priority after the 2016 election. He has received widespread praise for helping to bridge the gap between federal agencies and state and local election officials.
“The mission is unchanged,” Mr. Masterson tweeted hours after Mr. Krebs was fired.
Many cybersecurity experts argue that CISA should be empowered with more resources and authority in the coming years as cyber threats intensify across the U.S. economy. Michael Daniel, the White House cybersecurity coordinator under President Barack Obama, said the department is an accomplishment upon which Mr. Biden’s administration should build.
U.S. cybersecurity policy has remained fairly stable between recent presidents, said Mr. Daniel, now president and chief executive of the Cyber Threat Alliance, a nonprofit intelligence-sharing group. The continuity makes Mr. Krebs’s firing after an election seemingly devoid of major incidents even more notable, he said.
“To me,” Mr. Daniel said, “that makes no sense.”
—Additional reporting by Kim S. Nash, Catherine Stupp and Dustin Volz
Write to David Uberti at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8