OPINION — “Black Tuesday” for cybersecurity came on November 17, when the President of the United States fired Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA). Mr. Krebs had the temerity to do two things.
First, he led the federal agency primarily responsible for securing the 2020 election effectively and with style, lending experts to conclude that the election was the most secure in American history.
Second, Krebs said “out loud” that the election was trustworthy, which undermines the President’s political narrative that the election was stolen.
There are no positives to Krebs’ firing, which was universally condemned by cybersecurity professionals (just check “infosec Twitter”). Removing the nation’s cyber and election security leader during a presidential transition, when the threat of disinformation about the election result remains, undermines the homeland and national security of the United States.
Firing Krebs is convincing evidence that Donald Trump, during his remaining time in office, will not “faithfully execute the Office of President of the United States, and will” not “to the best of [his] ability, preserve, protect and defend the Constitution of the United States.”
This action, along with other developments, provides a “hockey stick” moment for cybersecurity. The actions taken by the elected and appointed leaders of the United States, over the next few weeks and months, will determine whether cybersecurity becomes far better or much, much worse.
Public consciousness of the issue has never been higher. The shocking cyber incidents of recent years, like NotPetya and election interference in many countries, have helped to build the basis for further action nationally and globally.
The Cyberspace Solarium Commission report demonstrates that there is bipartisan consensus that significant actions must be taken, even if there are minor disagreements about what a few of those actions should be. And there is even widespread agreement among global cybersecurity leaders and experts. The World Economic Forum held its “Cyber Davos” concluding on the same day that Krebs was fired – that like-minded nations must join to address cybersecurity together.
Today, we are presented with both risk and opportunity. The risk is that nations will allow internal political divisions to undercut their national capabilities and actions. An example of this is Krebs’ firing. The risk is also that nationalism and relatively minor differences on cybersecurity and privacy will limit international action. This path leads to chaos and losses that magnify the global damage the pandemic has caused.
The opportunity is that we as a nation, and a member of the global community, can marshal public opinion about cybersecurity and privacy, political recognition of the need for action, and partnership with the private sector and civil society organizations to change the nature of the Internet and how we use it, not in decades but in mere years.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief