Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Governance & Risk Management

Senior DHS Officials, One in Cybersecurity, Resign

Departures Leave Questions About US Cybersecurity Readiness
Senior DHS Officials, One in Cybersecurity, Resign
DHS resignations: Valerie Boyd, assistant secretary for international affairs, and Bryan Ware, assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency

This story has been updated.

See Also: Healthcare in The Cloud: Detecting and Overcoming Threats to Ensure Continuity & Compliance

Two senior U.S. Department of Homeland Security officials have been forced to resign, and a senior cybersecurity official fears he will be fired by the Trump administration, according to news reports.

Valerie Boyd, assistant secretary for international affairs at DHS, and Bryan Ware, assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, have resigned, CNN reports.

Christopher Krebs

Also, Reuters reports that CISA’s director, Christopher Krebs, expects to be fired.

On Friday, however, the The New York Post cited sources who said DHS Acting Secretary Chad Wolf was defying President Trump’s order to fire Krebs.

The loss of Krebs would “take away a strong leader at DHS and be disruptive at a time when the threat of disinformation and other malicious cyber activity remains great,” says Christopher Painter, who was the State Department’s top cyber diplomat until mid-2017 and is a former federal cybercrime prosecutor.

“It will make us more vulnerable and less able to respond,” Painter says.

'Alarming’ News

Gregory Touhill, a retired U.S. Air Force brigadier general who was appointed by President Barack Obama as the first federal CISO of the U.S., called the reports of Krebs' potential departure "alarming."

"Chris' service to the nation has been sterling," says Touhill, who is now the president of AppGate Federal. "Our country remains under significant cyber risk, and Chris, leader of CISA - the country's risk adviser - is fully engaged thwarting those who seek us harm. To remove him, one of our key cyber leaders, in the middle of an ongoing cyber 'fire fight' with malicious cyber actors just doesn't make sense. I hope for the sake of our country it doesn't happen."

Krebs provided a steady hand for CISA during the election and received wide praise. Experts have said they hope for him to retained (see: What a Joe Biden Presidency Means for Cybersecurity).

Krebs' Comments on Collaboration

Krebs spoke in August at Information Security Media Group’s Cybersecurity Virtual Summit. He described how the agency was assisting local and state government election officials with technical support, training and cyber hygiene exercises (see: Election Security: A Progress Report From CISA's Krebs).

"Whether you're with the federal government or the private sector or state and local government … we bring everyone together to share best practices and really consolidate knowledge,” Krebs said in an earlier interview with ISMG. “That's the advantage we have here at CISA. … We can bring everybody together to build a community of best practices and really put that leverage against our security problems."

Jake Williams, a former network exploitation engineer with the National Security Agency who now runs Georgia-based consultancy Rendition Infosec, says losing Krebs would affect U.S. cybersecurity readiness.

“Let me just say for the record that I have a lot of trust issues with most federal cybersecurity leadership,” Williams tweets. “I didn't have that issue with Krebs - at all. This is the biggest continuity loss I've seen yet during the transition and one that will impact the nation's cybersecurity.”

Tom Kellermann, who served as a cybersecurity adviser to former President Barack Obama, says Krebs deserves credit for his leadership at CISA, especially in the run-up to the 2020 election.

"Christopher Krebs helped transform CISA and proactively led the effort to protect against cyberattacks from foreign adversaries," says Kellermann, who is now the head of cybersecurity strategy at VMware. "His departure would leave a significant void that could ultimately undermine public and private partnerships to combat the ongoing siege of cyberattacks from our nation-state actor enemies."

Rising Tension

The staff departures at CISA come as President Donald Trump has thus far refused to concede the election to President-elect Joe Biden, who is tracking to win both the Electoral College vote and the popular vote.

The development also comes after Trump on Monday fired Defense Secretary Mark T. Esper.

The departure of senior officials in agencies critical for the national security of the United States has sparked questions about the country’s stability. It raises further tensions in what is usually a calm and orderly transition period before an elected president takes office on Jan. 20.

The New York Times reported on Monday that other officials at risk of being fired before Trump's tenure ends include FBI Director Christopher Wray and CIA Director Gina Haspel.

Democratic Sen. Ron Wyden of Oregon, who sits on the Senate’s Select Committee on Intelligence, expressed concern that the possible firing of Krebs could be part of a Trump plan to spread misinformation about the election.

“Under Chris Krebs’ leadership, CISA has been a trusted source of election security information,” Wyden tweets. “If Donald Trump fires him, it will suggest Trump is preparing to spread lies about the election from a government agency.”

As the news broke, Democratic Sen. Mark Warner of Virginia tweeted that Krebs “has done a great job protecting our elections.”

Krebs’ Goals for CISA

In the interview with ISMG earlier this year, Krebs noted that one of his goals at CISA was ensuring that his team had support in Congress for its mission, including election security.

"Our other goal is really making sure that we continue the good progress that the federal government has developed since the [2015] Office of Personnel Management hack and ensuring that the federal government continues to accelerate toward its goal of better cybersecurity," Krebs said. "Congress has provided us some excellent authorities under the binding operational directive, where we can work collaboratively with CIOs and CISOs across the federal government and make sure that we understand what the risks are and put appropriate mitigations against those challenges."

Report: Trump Unhappy With CISA

Citing an anonymous source, Reuters reports that the White House was displeased with some of CISA’s work on the election. That included a section on its website called Rumor Control, which sought to debunk widely spread myths about the integrity of the U.S. electoral process.

Rumor Control listed circulating falsehoods - including that dead people could vote and that bad actors could change results without detection - and countered with why these statements were false.

An excerpt from Rumor Control, a section of CISA’s website that sought to dispel falsehoods about the integrity of U.S. voting (Source: CISA)

Election Day was uneventful on the cybersecurity front, an achievement widely attributed to hyper-alert U.S. intelligence agencies that sought to head off interference by countries such as Iran and Russia.

There have been concerns, however, that the period after the election could also pose opportunities for adversaries to spread misinformation or mount attacks (see: Post-Election Day: US on Guard for Hacking, Misinformation).

Social media companies also joined the election security fight, implementing new policies to label or delete content that sought to undermine confidence in voting.

On Thursday, CISA released a joint statement with other government agencies, nongovernment organizations and voting equipment vendors saying that the Nov. 3 election “was the most secure in American history.”

“There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised,” the statement says.

Managing Editor Scott Ferguson contributed to this report.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.