Cyber experts urge Trump to abandon Chris Krebs investigation

Dive Brief:

• Dozens of cybersecurity experts on Monday urged the Trump administration to abandon its investigation of former CISA Director Chris Krebs and restore his former colleagues’ security clearances.
• In a letter to President Donald Trump, the 40 industry luminaries called the investigation “retribution” for Krebs’ correct assertion that the 2020 election was fair and secure.
• The signatories include prominent voting-security experts, computer-science professors, tech executives and security researchers.

Dive Insight:

The new letter, organized by the Electronic Frontier Foundation (EFF), is the first high-profile pushback to Trump’s April 9 executive order targeting Krebs, which stripped his security clearance, paused the clearances of others at his then-employer SentinelOne and ordered an investigation of CISA’s activities.

Until now, few tech or cybersecurity executives have spoken up to defend Krebs. The leaders of virtually all of the major cybersecurity companies, trade groups and nonprofit associations have been silent. Last week, Krebs’s successor Jen Easterly criticized industry leaders for staying quiet, writing on LinkedIn that “if we fail to stand up for leaders being punished for telling the truth, for doing their jobs with honor—then we’re not leading; we’re calculating.”

The preponderance of election security experts who signed the letter reflects deep concerns within the cybersecurity community about the chilling effect that the Krebs investigation could have on current government officials’ ability to protect future elections, including by contradicting Trump’s falsehoods.

“An independent infosec community is fundamental to protecting our democracy, and to the profession itself,” the EFF letter said. “It is only by allowing us to do our jobs and report truthfully on systems in an impartial and factual way without fear of political retribution that we can hope to secure those systems. We take this responsibility upon ourselves with the collective knowledge that if any one of us is targeted for our work hardening these systems, then we all can be. We must not let that happen. And united, we will not let that happen.” 

The letter also reflects the view among many independent cyber experts that security testing free of political pressure — including publicly disclosing information that may reflect poorly on powerful public or private actors — is a necessary part of improving cybersecurity. The signatories cited their “professional obligation to report truthful findings, even — and especially — when they do not fit the playbook of the powerful.