Franklin, Andrews, Kramer & Edelstein

[scion]

The Cybersecurity 202: The Trump administration’s top election defender is calling out Republicans who support the 'big lie'

By Joseph Marks
Anchor of The Cybersecurity 202 newsletter
Today at 7:10 a.m. EDT
https://www.washingtonpost.com/politics/2021/07/30/cybersecurity-202-trump-administrations-top-election-defender-is-calling-out-republicans-who-support-big-lie/

with Aaron Schaffer

Chris Krebs, who led the federal government’s election security efforts during the Trump administration, yesterday lit into elected Republicans who are still contesting the former president’s defeat.

“This is a power play and this is about fundraising and that’s all this is,” Krebs told my colleague Ellen Nakashima during a Washington Post Live interview.

“Shame on those that continue to push the ‘big lie,’” he said, referring to baseless claims that Trump won the election.

The comments are among the harshest from a former Trump administration official about the continuing efforts to call Joe Biden’s victory into question through dubious and partisan audits in Arizona and elsewhere.

They reflect a growing frustration among officials who spent years ensuring the election was as secure as possible. They're upset the 2020 results are being called into question by people with little or no experience in election security and audits.

In Maricopa County, Ariz., officials conducted two rigorous audits that verified Biden’s victory there. But the GOP-controlled state Senate commissioned yet another audit against the county’s will. The firm leading the audit, Cyber Ninjas, has no auditing experience and its CEO has spread pro-Trump conspiracy theories. Not surprisingly, the result has been a slew of unforced errors and cybersecurity flubs.

Yet officials are pursuing similarly partisan audits in Pennsylvania, Wisconsin and elsewhere.

“There are certified, approved audit processes out there. … It's not like audits just fell off the back of a turnip truck,” Krebs said. “We need more of them, in fact, but with a transparent methodological process, not what is happening in Arizona and is threatening to spread to other states.”

Krebs’s former agency, the Cybersecurity and Infrastructure Security Agency, helped numerous states shift to more secure election systems with voter paper trails and installed hacking sensors on voting systems across all 50 states. Trump fired him by tweet in November for stating that the election results were legitimate.

Since leaving office, Krebs has warned that the nation needs a far more vigorous cyber defense.

During his conversation with Ellen, he endorsed congressional efforts to require firms in critical sectors to report to the government when they’re hacked.

A bill that’s working its way through Congress would impose such requirements on firms in 16 industries the government deems critical infrastructure, such as energy and chemical firms, airports and water utilities. The bill, sponsored by Sens. Mark Warner (D-Va.), Marco Rubio (R-Fla.) and Susan Collins (R-Maine), would also impose those requirements on government contractors and cybersecurity firms.

Krebs also urged the government to do more to punish Russia and China for hacks against U.S. infrastructure, which has emerged as a top national security issues following a major Russian hack against SolarWinds, a software supplier, that enabled the theft of troves of data from U.S. government agencies, and the Chinese hack of Microsoft Exchange.

As one way of punching back against China, he suggested imposing sanctions and other restrictions against Chinese firms that benefit from intellectual property and trade secrets that Chinese government hackers steal from foreign firms.

“If China wants to be a full-blown member of the World Trade Organization and participate in the global market, there have to be consequences and repercussions for behaving badly,” he said.

Krebs now runs a consulting firm with former Facebook security executive Alex Stamos.

Krebs also floated the idea of splitting up the Department of Homeland Security, CISA’s parent agency.

Specifically, Krebs suggested dividing the parts of DHS that focus on domestic security and resilience – such as CISA, the Transportation Security Administration and the Federal Emergency Management Agency – from agencies that are focused on immigration and border security, such as Customs and Border Protection and Immigration and Customs Enforcement.

Such a split would place CISA in a more narrowly focused department with agencies it already cooperates with regularly. CISA and TSA are working together now on a program to impose mandatory cybersecurity requirements on pipelines in the wake of the Colonial Pipeline ransomware attack, which could become a model for other critical infrastructure sectors if Congress gives the government broader authority.

A split like that would have an added benefit of separating CISA’s work, which is almost entirely politically neutral, from DHS’s immigration enforcement work, which has been a partisan lightning rod – especially during the Trump administration.

Such ideas have been floated several times for the department that was famously scraped together from different parts of the federal government after the Sept. 11, 2001, terrorist attacks.

“Does DHS reflect our current national security priorities?” Krebs said. “I think a rational evaluator [or] analysts could say it doesn't.”



https://www.washingtonpost.com/politics/2021/07/30/cybersecurity-202-trump-administrations-top-election-defender-is-calling-out-republicans-who-support-big-lie/