President Trump last week annulled security clearances for Chris Krebs, the former leader of the Cybersecurity and Infrastructure Security Agency (CISA), who was dismissed by Trump after asserting that the 2020 election was the most secure in U.S. history. A memo from the White House, which also halted clearances for additional security experts at Krebs’s organization SentinelOne, arrives as CISA encounters substantial funding and workforce reductions.
Chris Krebs. Image: Getty Images.
The remarkable April 9 memo instructs the attorney general to probe into Chris Krebs (unrelated), labeling him “a notable bad-faith participant who weaponized and misused his governmental power.”
The memo stated that the investigation will encompass “a thorough assessment of all of CISA’s actions over the last 6 years and shall recognize any occurrences where Krebs’ or CISA’s behavior seems incompatible with the administration’s dedication to free expression and the cessation of federal censorship, including whether Krebs’ actions contravened suitability criteria for federal employees or involved the unauthorized sharing of classified details.”
CISA was established in 2018 during Trump’s initial term, with Krebs appointed as its inaugural director. In 2020, CISA launched Rumor Control, a portal that aimed to counteract misinformation surrounding the 2020 election.
This initiative directly contradicted Trump’s assertions that he lost the election due to hacking and fraud. The Trump campaign and its supporters instigated at least 62 lawsuits disputing the election results, vote tallying, and certification in nine states, with almost all those cases being dismissed or withdrawn due to lack of evidence or standing.
As the Justice Department began prosecutions against individuals who violently assaulted the U.S. Capitol on January 6, 2021, President Trump and Republican leaders altered the narrative, claiming that Trump’s electoral loss was a result of the previous administration censoring conservative voices on social media.
Astonishingly, the president’s memo aiming to marginalize Krebs flips reality, accusing Krebs of fostering the censorship of electoral information, “including acknowledged risks linked to certain voting procedures.” Trump also claimed that Krebs “falsely and groundlessly asserted that the 2020 election was rigged and stolen, by improperly and unequivocally dismissing widespread electoral misconduct and serious weaknesses with voting machinery” [emphasis added].
Krebs did not reply to a request for input. SentinelOne released a statement asserting its willingness to assist in any review of security clearances held by its staff, who currently number fewer than 10 individuals.
Krebs’s previous agency is now facing significant budgetary constraints and personnel cuts. The Record reports that CISA is considering eliminating approximately 1,300 positions by reducing about half of its full-time workforce and another 40% of its contractors.
“The agency’s National Risk Management Center, which acts as a central hub analyzing threats to cyber and critical infrastructure, is anticipated to face considerable reductions, reported two sources acquainted with the plans,” wrote The Record’s Suzanne Smalley. “Some of the office’s systemic risk duties may potentially be reassigned to the agency’s Cybersecurity Division, according to one of the sources.”
CNN reports that the Trump administration is also advancing strategies to remove civil service protections from 80% of the remaining CISA personnel, possibly allowing for their dismissal on political grounds.
The Electronic Frontier Foundation (EFF) urged individuals in the cybersecurity sector to support Krebs and SentinelOne, pointing out that other security firms and professionals could be the next targets of Trump’s attempts to politicize cybersecurity.
“The White House must not be granted unrestricted authority to transform cybersecurity professionals into political scapegoats,” the EFF stated. “It is imperative that the cybersecurity community unites to denounce this alarming assault on free expression and support Krebs and SentinelOne instead of recoiling in fear of being next.”
However, Reuters reported it discovered minimal signs of industry backing for Krebs or SentinelOne, with many security experts apprehensive about potentially being targeted if they voice their concerns.
“Reuters engaged with 33 of the most prominent U.S. cybersecurity firms, including technology companies and professional services organizations with extensive cybersecurity divisions, and three industry associations, for feedback on Trump’s actions against SentinelOne,” wrote Raphael Satter and A.J. Vicens. “Only one provided input regarding Trump’s actions. The others declined, did not reply, or did not address the inquiries.”
CYBERCOM-PLICATIONS
On April 3, President Trump dismissed Gen. Timothy Haugh, the head of the National Security Agency (NSA) and the U.S. Cyber Command, along with Haugh’s deputy, Wendy Noble. The president made this decision immediately after conferring in the Oval Office with far-right conspiracy theorist Laura Loomer, who allegedly pressed for their termination. Speaking to journalists on Air Force One after the news of the dismissals broke, Trump questioned Haugh’s allegiance.
Gen. Timothy Haugh. Image: C-SPAN.
Virginia Senator Mark Warner, the leading Democrat on the Senate Intelligence Committee, deemed it inexplicable that the administration would remove the senior officials of NSA-CYBERCOM without justification or forewarning, jeopardizing critical ongoing intelligence operations.
“It is shocking, too, that President Trump would terminate the nonpartisan, experienced leader of the National Security Agency while still failing to hold any member of his team accountable for leaking classified data on a commercial messaging platform – even as he seemingly takes staffing advice on national security from a discredited conspiracy theorist in the Oval Office,” Warner remarked in a statement.
On Feb. 28, The Record’s Martin Matishak citedthree references indicate Defense Secretary Pete Hegseth instructed U.S. Cyber Command to cease all strategizing against Russia, encompassing offensive cyber actions. The subsequent day, The Guardian reported that personnel at CISA were verbally alerted not to pursue or report on threats from Russia, despite this being a significant priority for the agency in the past.
A follow-up article from The Washington Post mentioned officials who stated that Cyber Command had been ordered to stop current operations against Russia, but claimed this pause was meant to last only while negotiations with Russia were ongoing.
The Department of Defense asserted on Twitter/X that Hegseth had “neither canceled nor postponed any cyber operations aimed at hostile Russian targets and there has been no stand-down directive regarding that priority.”
However, on March 19, Reuters reported that various U.S. national security organizations have paused their participation in a coordinated effort to counter Russian sabotage, disinformation, and cyberattacks.
“Regular gatherings between the National Security Council and European national security representatives have been left unscheduled, and the NSC has also ceased formal coordination efforts across U.S. agencies, including with the FBI, the Department of Homeland Security, and the State Department,” Reuters stated, referencing current and former officials.
TARIFFS VS TYPHOONS
President Trump’s enforcement of 125% tariffs on Chinese products has led Beijing to retaliate with 84 percent tariffs on U.S. imports. Now, certain security specialists are cautioning that the trade conflict might escalate into a cyber confrontation, especially given China’s successful attempts to infiltrate America’s essential infrastructure networks.
Over the last year, numerous digital breaches backed by the Chinese government have emerged, including a widespread espionage initiative involving the infiltration of at least nine U.S. telecommunications companies. Labeled “Salt Typhoon” by Microsoft, these telecom intrusions were predominantly enough that CISA and the FBI in December 2024 issued a caution to Americans against sharing sensitive data over phone networks, encouraging instead the use of encrypted messaging services (such as Signal).
The other widespread China-supported operation is identified as “Volt Typhoon,” which CISA characterized as “state-sponsored cyber personnel aiming to position themselves on IT networks for disruptive or destructive cyber strategies against U.S. crucial infrastructure should a significant crisis or conflict arise with the United States.”
The obligation to ascertain the fundamental causes of the Salt Typhoon security incident was assigned to the Cyber Safety Review Board (CSRB), a nonpartisan governmental body established in February 2022 with an objective to analyze the security breakdowns connected to major cybersecurity situations. However, on his initial full day back in the White House, President Trump dismissed all 15 members of the CSRB advisory committee—likely due to the inclusion of Chris Krebs among the advisers.
Last week, Sen. Ron Wyden (D-Ore.) placed a hold on Trump’s appointee to lead CISA, mentioning that the hold would persist unless the agency released a report regarding the hacks on the telecom sector, as previously promised.
“CISA’s prolonged cover-up of the telecommunications companies’ careless cybersecurity has tangible repercussions,” Wyden stated in a statement. “Congress and the American populace deserve access to this report.”
The Wall Street Journal detailed last week that Chinese officials acknowledged in a clandestine December meeting that Beijing was responsible for the extensive compromises in the telecommunications sector.
“The comments made by the Chinese officials during the December gathering were indirect and somewhat vague, but most of the U.S. delegation present interpreted it as an implicit acknowledgment and a caution to the U.S. regarding Taiwan,” wrote the Journal’s Dustin Volz citing a former U.S. official acquainted with the meeting.
In the meantime, China continues to exploit the significant layoffs of federal employees. On April 9, the National Counterintelligence and Security Center cautioned (PDF) that Chinese intelligence organizations are conducting an online initiative to recruit recently dismissed U.S. personnel.
“Foreign intelligence organizations, especially those from China, are targeting active and former U.S. government (USG) employees for recruitment by masquerading as consulting firms, corporate recruiters, think tanks, and other entities on social and professional networking platforms,” the alert warns. “Their deceptive virtual job offers and other online tactics have evolved to become more sophisticated in targeting unsuspecting individuals with backgrounds in USG seeking new employment opportunities.”
Image: Dni.gov
ELECTION THREATS
As Reuters highlights, the FBI last month concluded an initiative to combat interference in U.S. elections by foreign adversaries, including Russia, and placed on leave personnel involved in the matter at the Department of Homeland Security.
At the same time, the U.S. Senate is currently considering a House-approved proposal called the “Safeguard American Voter Eligibility (SAVE) Act,” which would require states to secure proof of citizenship,such as a passport or a birth certificate, in person from those aiming to register to vote.
Opponents argue that the SAVE Act could disenfranchise millions of voters and deter eligible individuals from signing up to vote. Furthermore, documented instances of voter fraud are rare, as is participation by non-citizens during elections. Even the conservative Heritage Foundation concedes this point: An interactive “election fraud map” released by Heritage cites only 1,576 convictions or findings of voter fraud from 1982 to the present.
Nonetheless, the GOP-controlled House passed the SAVE Act with the assistance of four Democrats. For it to advance in the Senate, backing from at least seven Democrats will be necessary, Newsweek reports.
In February, CISA laid off approximately 130 staff members, including its election security advisors. The agency also had to halt all election security operations pending an internal evaluation. The evaluation was reportedly finalized in March, although the Trump administration announced that the results would remain private, and there is no indication of whether any cybersecurity assistance has been restored.
Numerous state officials have expressed concern about the administration’s reductions to CISA programs that offer support and threat intelligence for election security endeavors. Iowa Secretary of State Paul Pate remarked last week in an interview with the PBS program Iowa Press that he would prefer not to see those programs dissolve.
“If those (systems) were to vanish, it would be quite serious,” Pate stated. “We heavily rely on those cyber protections.”
Pennsylvania’s Secretary of the Commonwealth Al Schmidt recently cautioned that the CISA election security cuts would undermine election safety, asserting that no state alone can replace federal election cybersecurity resources.
The Pennsylvania Capital-Star reports that multiple local election offices experienced bomb threats around the time polls closed on Nov. 5, and in the week leading up to the election, a fabricated video showing mail-in ballots purportedly cast for Trump and Sen. Dave McCormick (R-Pa.) being disposed of was traced back to a Russian misinformation campaign.
“CISA was able to swiftly determine not only that it was fraudulent, but also the origin of it, enabling us to inform our counties and share with the public so trust in the election wasn’t undermined,” Schmidt noted.
According to CNN, the administration’s actions have significantly alarmed state officials, who caution that the next series of national elections will be gravely threatened by these cuts. A bipartisan organization representing 46 secretaries of state, along with numerous individual high-ranking state election officials, have urged the White House for clarity on how essential functions to safeguard election security will continue moving ahead. However, CNN reports they have not yet received straightforward responses.
Nevada and 18 other states are filing a lawsuit against Trump concerning an executive order he issued on March 25 which claims that the executive branch possesses broad authority over state election processes.
“None of the president’s authorities permit him to alter the election regulations,” Nevada Secretary of State Cisco Aguilar articulated in an op-ed published on April 11. “This is an intentional aspect of our Constitution, which the Framers included to ensure election integrity. Yet, Trump is attempting to disrupt the voter registration process; impose arbitrary deadlines on vote tallying; allow an unaccountable billionaire to access state voter databases; and withhold congressionally sanctioned resources for election security.”
The order directs the U.S. Election Assistance Commission to unexpectedly revise the voluntary national standards for voting machines without adhering to the procedures outlined by federal law. Furthermore, it seeks to allow the administrator of the so-called Department of Government Efficiency (DOGE), along with DHS, to scrutinize state voter registration records and other documents to find non-citizens.
The Atlantic’s Paul Rosenzweig observes that the nation’s chief executive — whose unchecked power the Founding Fathers most feared — has no role in the federal election system whatsoever.
“Trump’s executive order on elections completely disregards that design,” Rosenzweig remarked. “He is claiming an executive branch role in managing the logistics of a federal election that has never before been asserted by a president. The legal foundation of this claim — that the president’s ability to enforce federal law empowers him to supervise state election activities — is as expansive as it is alarming.”