President Trump, who has pulled the security clearances of dozens of people within the intelligence and security industry, is turning his focus to cybersecurity expert and former CISA head Chris Krebs and another former government official.
In a memorandum released this week, the president ordered federal agencies to revoke security clearances granted to Krebs – who Trump fired as CISA director after Krebs said the 2020 election “was the most secure in American history” – and “individuals at entities associated with Krebs,” including at cybersecurity firm SentinelOne, where Krebs serves as CIO and chief public policy officer.
He also ordered the Justice Department (DOJ) to review Krebs’ years in government service as well as CISA’s activities over the past six years to “identify any instances where Krebs’ or CISA’s conduct appears to be contrary to the administration’s commitment to free speech and ending federal censorship, including whether Krebs’ conduct was contrary to suitability standards for federal employees or involved the unauthorized dissemination of classified information.”
Job Cuts at CISA
It also was issued the same day that the White House released a similar order that suspended security clearances of Miles Taylor, a former Department of Homeland Security official during Trump’s first term, during his Taylor wrote an op-ed piece in the Wall Street Journal that sharply criticize Trump and his administration and was written under the byline “Anonymous.”
That order also covers anyone associated with Taylor, including people at the University of Pennsylvania, where he is a lecturer, pending a review “of whether such clearances are consistent with the national interest.”
The president’s order comes at a time when his administration is gearing up to slash as many as 1,300 jobs at the country’s top cybersecurity agency and after the administration last week fired Gen. Timothy Haugh as National Security Agency (NSA) director and head of U.S. Cyber Command, both key positions in the nation’s cybersecurity defenses.
Demand for Loyalty
Trump stressed in his order against Krebs that it was born out of his demand for loyalty from government officials, writing that he “has made clear that loyalty to the United States must come before personal or partisan agendas, taking decisive action against those who misuse their undeserved influence to deceive the American public.”
The president said in the order that Krebs “is a significant bad-faith actor who weaponized and abused his government authority.”
That included disagreeing with Trump regarding the 2020 election he lost to Joe Biden, with the president claiming that Krebs and CISO censored election information, including what Trump viewed as risk “associated with certain voting practices” and “falsely and baselessly [denying] that the 2020 election was rigged and stolen, including by inappropriately and categorically dismissing widespread election malfeasance and serious vulnerabilities with voting machines.”
He also accused Krebs of “covertly” working against Americans by disputing accusations made during a high-profile investigation of a laptop purportedly owned by Biden’s son, Hunter, and slanting the “bona fide” debate about the COVID-19 virus “by attempting to discredit widely shared views that ran contrary to CISA’s favored perspective.”
SentinelOne Included in Order
The president looked to add pressure on Krebs by targeting SentinelOne, which last year said it was using its AI-powered Singularity Platform and Singularity Data Lake to support CISA’s Persistent Access Capability initiative, including Continuous Diagnostics and Mitigation Program to improve the security of the government’s IT assets and critical infrastructure.
Both of those SentinelOne products in September 2024 were authorized under the government’s FedRAMP program, which meant they cleared stringent security hurdles, allowing them to be used by federal agencies.
Neither Krebs nor SentinelOne has yet commented on Trump’s order.
Mistaken Identity
Brian Krebs, a cybersecurity expert who shares Chris Krebs’ last name but no other relation, said in a LinkedIn post that – as happened after Trump fired Chris Krebs from CISA in 2020 – he again is receiving hate mail from “people full of ignorant rage figuring we’re the same person. … Now it’s happening again. … Can’t even imagine the stuff Chris is getting right now.”
Security professionals said the implications of staffing cuts and the injection of politics into cybersecurity are worrying. John Bambenek, president of Bambenek Consulting, told Security Boulevard that security clearances let the government gather valuable intelligence from cybersecurity firms.
Targeting SentinelOne, which played no role in any dispute between Trump and Krebs, was “gratuitous under the ‘new rules’ and risks dividing both the economy generally and cybersecurity firms specifically into ‘Republican’ and ‘Democrat’ when the work really is non-partisan. I don’t ask my employers, clients, or coworkers what their political beliefs are, and I don’t want to start now.”
Deepwatch CEO John DiLullo told Security Boulevard that the “blast radius from the recent cuts at CISA will be massive. I’ve seen studies which found that 60% of all cybercrimes are attributable to insiders.”
CISA now faces a mass firing, and “even though fired workers may not be have malicious intent, their vigilance fades quickly and sensitive data is often compromised, or exposed, as a result.”
Jason Soroko, senior fellow at Sectigo, recalled listening to Michael Hayden, retired general former NSA director, say at a conference that no one should assume the cavalry is coming.
“I don’t think anyone outside of the White House administration knows what will actually be cut moving forward,” Soroko told Security Boulevard. “However, the advice from Michael Hayden should be heeded. In other words, dependence on government services for cybersecurity should always have a back-up plan. If there is no back-up plan, there is an opportunity for commercial industry to fill that gap.”
