The departure of the three of the Department of Homeland Security’s top cybersecurity officials over the past week is leading experts and officials to voice concerns that the United States has been left vulnerable to attacks in cyberspace, with national security potentially compromised.
The concerns come after President Trump fired Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and after both CISA Deputy Director Matthew Travis and top cybersecurity official Bryan Ware resigned following pressure from the White House.
These changes left the nation’s key cybersecurity agency without Senate-confirmed leadership in the last months of Trump’s presidency, amid a shakeup of major government officials following a contentious election.
“Today, cybersecurity and disinformation threats are among the most significant risks our nation confronts,” Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee, told The Hill in a statement Friday. “For that reason, it’s enormously disturbing that the president has paired an unwillingness to begin an orderly transition with a zeal to gut key national security agencies of their senior-most leadership.”
CISA, established by legislation signed into law by Trump in 2018, describes itself as “the nation’s risk advisor,” and leads efforts to secure critical infrastructure against foreign and domestic cyber threats.
The agency was heavily involved in coordinating with state and local officials to shore up election security ahead of this year’s general election, and has spearheaded efforts to defend all sectors against attacks.
The agency, and its leadership, had been widely viewed as stable and bipartisan by officials on both sides of the aisle, a rarity in an increasingly polarized capital city.
But with the change in leadership, Warner is not the only current or former official concerned about the potential destabilizing influence for federal cybersecurity objectives.
“Abruptly losing multiple senior officials would be challenging for any organization, let alone one expected to respond to national security threats,” Michael Daniel, the president and CEO of Cyber Threat Alliance, told The Hill Friday.
Daniel, who previously served as special assistant to President Obama and cybersecurity coordinator on the National Security Council staff, noted that if an adversary were to attack the U.S. in cyberspace over the next few months, the ability of the U.S. to respond would be kneecapped.
“Heading crises off proactively becomes almost impossible without permanent leadership,” Daniel said. “By stripping CISA of its well-respected, capable leadership and acting irresponsibly with respect to the transition, this administration has increased the likelihood that an adversary will try to take advantage of the situation.”
Adversaries have increasingly shown their willingness to hit the U.S. in cyberspace, most famously through targeting election infrastructure. CISA was among the agencies that responded to recent successful efforts by Russia and Iran to gain access to U.S. voter registration data in three states.
Kiersten Todt, who served as executive director of former President Obama’s Commission on Enhancing National Cybersecurity, described the situation as “dangerous,” but emphasized that CISA itself had a “strong infrastructure” to continue to confront threats.
“From a strictly national security level, it’s not ideal, but we’re okay,” Todt said. “From a political perspective, it doesn’t seem like it was necessary.”
Other Democratic members of Congress have also spoken out this week about concerns over national security, including Sen. Angus King (I-Maine). King caucuses with Democrats and is reportedly under consideration by President-elect Joe Biden to serve as director of national intelligence.
“By firing Mr. Krebs for simply doing his job, President Trump is inflicting severe damage on all Americans – who rely on CISA’s defenses, even if they don’t know it,” King said in a statement after Krebs was fired.
House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and cybersecurity subcommittee Chairwoman Lauren Underwood (D-Ill.), put out a joint statement accusing Trump of “making America less safe” through firing Krebs.
They said that Trump’s decision did “nothing to defend our state and local governments and critical infrastructure against malicious cyber campaigns from Russia, China, and Iran.”
One key increasing threat to U.S. critical networks during the COVID-19 pandemic has been debilitating ransomware attacks on hospitals and cyber targeting of groups involved in vaccine research.
Sen. Gary Peters (D-Mich.), the ranking member of the Senate Homeland Security and Governmental Affairs Committee, accused Trump of not doing enough to respond to this threat, and of making the situation worse by gutting CISA’s leadership.
“While I have full confidence in the dedicated workforce at CISA to continue to execute their mission despite your actions, the removal of these individuals invites attacks from our adversaries based on a perception of instability, rather than prevent them,” Peters wrote in a letter to Trump.
Some GOP members of Congress have pushed back against Trump in the days following Krebs’s ouster, though most have stuck to praising Krebs’s work to advance the nation’s cybersecurity defenses.
“I think what he was trying to do in an unprecedented way was to connect with every state in the country, and give them what they needed to protect and have a firewall in place to protect against cyberattacks,” Sen. Rob Portman (R-Ohio), a member of the Senate Homeland Security Committee, told CNN earlier this week.
In an email obtained by The Hill and confirmed by a CISA spokesperson, CISA Executive Director Brandon Wales — who stepped in as acting director of the agency following the departures of Krebs and Travis — sought to reassure employees.
“A change in leadership is not a change in mission,” Wales wrote in the email, sent to CISA employees last week. “It is vital for all of us to remain focused on our mission. At a critical time in the response to COVID-19, with a potential vaccine around the corner, we must continue to support healthcare systems and vaccine manufacturers in their defense against ransomware attacks and foreign adversaries.”
Wales emphasized that as long as he led the agency “we will maintain a laser focus on our mission to Defend Today and Secure Tomorrow.”
Beyond CISA, cybersecurity leadership at the federal level could be threatened by moves against leaders of other agencies as well.
Trump has reportedly been considering firing both FBI Director Christopher Wray and CIA Director Gina Haspel as he continues to make sweeping changes to leadership following the election. Both agencies have cybersecurity missions, with Wray one of the key leaders working to enhance election security over the past four years.
“If those firings do happen, I think it’s irresponsible leadership on the part of the president, it certainly puts this nation in a less than desirable position,” Todt said.
Despite this, she noted that she had confidence in the federal workforce to help carry the country’s cybersecurity mission forward until Biden takes office in January.
“You just hope that doesn’t happen all at once, but if it does, I have confidence in the civil workforce, and hopefully they won’t have to carry the water too long before we see a transition happen,” Todt said.