The Electronic Frontier Foundation (EFF) and numerous infosec leaders are lobbying US President Donald Trump to drop his enduring investigation into Chris Krebs, claiming that targeting the former CISA boss amounts to bullying.
The open letter, co-signed by the industry bigwigs, compares the campaign against Krebs and, by extension, his most recent employer, cybersec biz SentinelOne, to Trump’s ongoing grudge against law firms associated with critics of the president.
But in addition to the suggestion of bullying, the cyber pros argue the implications of the attack on Krebs are more far-reaching – and that to undermine the crucial work of securing government IT threatens the practice of good-faith cyber defense.
“By placing Krebs and SentinelOne in the crosshairs, the President is signaling that cybersecurity professionals whose findings do not align with his narrative risk having their businesses and livelihoods subjected to spurious and retaliatory targeting, the same bullying tactic he has recently used against law firms,” the letter reads.
“As members of the cybersecurity profession and information security community, we counter with a strong stand in defense of our professional obligation to report truthful findings, even – and especially – when they do not fit the playbook of the powerful. And we stand with Chris Krebs for doing just that.”
Trump’s beef started in 2020 when Krebs discredited suggestions that electoral fraud was to blame for Joe Biden’s victory in that year’s Presidential election.
Trump appointed Krebs head of government cybersecurity in 2017 – a department that a year later became known as the Cybersecurity and Infrastructure Security Agency (CISA).
In effect, Krebs was responsible for US cybersecurity, including the important role of securing the nation’s elections. He was fired by tweet after stating at the time that the 2020 election was “the most secure in American history.”
On April 9 of this year, the White House issued a presidential memorandum ordering a criminal investigation into Krebs, accusing him of abusing his role at CISA to cover up evidence that the 2020 election was rigged.
The President alleged this and other claims made in the memo were part of a “partisan mission.”
Additionally, the memo also accused Krebs, a Republican, of colluding with social media companies to censor “disfavored speech” and skew the narrative around the COVID-19 pandemic to align with CISA’s own perspective.
The memo rounded off by revoking all security clearances from Krebs and cybersecurity company SentinelOne, which Krebs joined in 2023 and which holds federal contracts.
The open letter, co-signed by the EFF and 40 others (as of April 28), urged that both the criminal investigation and revocation of security clearances be reversed “immediately.”
“An independent infosec community is fundamental to protecting our democracy, and to the profession itself,” the letter said. “It is only by allowing us to do our jobs and report truthfully on systems in an impartial and factual way without fear of political retribution that we can hope to secure those systems.
“We take this responsibility upon ourselves with the collective knowledge that if any one of us is targeted for our work hardening these systems, then we all can be. We must not let that happen. And united, we will not let that happen.”
Krebs resigned from his role as chief intelligence and public policy officer at SentinelOne last week via an email shared on LinkedIn.
He said the decision was one he took himself – not based on any other influence – and intends to take on the “tough fight” outside of his role at SentinelOne.
“This will require my complete focus and energy,” said Krebs. “It’s a fight for democracy, for freedom of speech, and for the rule of law. I’m prepared to give it everything I’ve got.”
He rounded off his social media post: “So with that, let’s go. Illegitimi non carborundum.” (The mock-Latin phrase is supposed to be translated as “Don’t let the bastards grind you down.”) ®