President Trump<\/strong> last week revoked security clearances for Chris Krebs<\/strong>, the former director of the Cybersecurity and Infrastructure Security Agency<\/strong> (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs\u2019s employer SentinelOne<\/strong>, comes as CISA is facing huge funding and staffing cuts.<\/p>\n Chris Krebs. Image: Getty Images.<\/p>\n<\/div>\n The extraordinary April 9 memo<\/a> directs the attorney general to investigate Chris Krebs (no relation), calling him \u201ca significant bad-faith actor who weaponized and abused his government authority.\u201d<\/p>\n The memo said the inquiry will include \u201ca comprehensive evaluation of all of CISA\u2019s activities over the last 6 years and will identify any instances where Krebs\u2019 or CISA\u2019s conduct appears to be contrary to the administration\u2019s commitment to free speech and ending federal censorship, including whether Krebs\u2019 conduct was contrary to suitability standards for federal employees or involved the unauthorized dissemination of classified information.\u201d<\/p>\n CISA was created in 2018 during Trump\u2019s first term, with Krebs installed as its first director. In 2020, CISA launched Rumor Control, a website that sought to rebut disinformation swirling around the 2020 election.<\/p>\n That effort ran directly counter to Trump\u2019s claims that he lost the election because it was somehow hacked and stolen. The Trump campaign and its supporters filed at least 62 lawsuits contesting the election, vote counting, and vote certification in nine states, and nearly all of those cases were dismissed or dropped for lack of evidence or standing.<\/p>\n When the Justice Department began prosecuting people who violently attacked the U.S. Capitol on January 6, 2021, President Trump and Republican leaders shifted the narrative, claiming that Trump lost the election because the previous administration had censored conservative voices on social media.<\/p>\n Incredibly, the president\u2019s memo seeking to ostracize Krebs stands reality on its head, accusing Krebs of promoting the censorship of election information, \u201cincluding known risks associated with certain voting practices.\u201d Trump also alleged that Krebs \u201cfalsely and baselessly denied that the 2020 election was rigged and stolen<\/em>, including by inappropriately and categorically dismissing widespread election malfeasance and serious vulnerabilities with voting machines\u201d [emphasis added].<\/p>\n Krebs did not respond to a request for comment. SentinelOne issued a statement<\/a> saying it would cooperate in any review of security clearances held by its personnel, which is currently fewer than 10 employees.<\/p>\n Krebs\u2019s former agency is now facing steep budget and staff reductions. The Record<\/strong> reports<\/a> that CISA is looking to remove some 1,300 people by cutting about half its full-time staff and another 40% of its contractors.<\/p>\n \u201cThe agency\u2019s National Risk Management Center, which serves as a hub analyzing risks to cyber and critical infrastructure, is expected to see significant cuts, said two sources familiar with the plans,\u201d The Record\u2019s Suzanne Smalley<\/strong> wrote. \u201cSome of the office\u2019s systematic risk responsibilities will potentially be moved to the agency\u2019s Cybersecurity Division, according to one of the sources.\u201d<\/p>\n CNN reports<\/a> the Trump administration is also advancing plans to strip civil service protections from 80% of the remaining CISA employees, potentially allowing them to be fired for political reasons.<\/p>\n The Electronic Frontier Foundation<\/strong> (EFF) urged professionals in the cybersecurity community to defend Krebs and SentinelOne, noting that other security companies and professionals could be the next victims of Trump\u2019s efforts to politicize cybersecurity.<\/p>\n \u201cThe White House must not be given free reign to turn cybersecurity professionals into political scapegoats,\u201d the EFF wrote<\/a>. \u201cIt is critical that the cybersecurity community now join together to denounce this chilling attack on free speech and rally behind Krebs and SentinelOne rather than cowering because they fear they will be next.\u201d<\/p>\n However, Reuters<\/strong> said<\/a> it found little sign of industry support for Krebs or SentinelOne, and that many security professionals are concerned about potentially being targeted if they speak out.<\/p>\n \u201cReuters contacted 33 of the largest U.S. cybersecurity companies, including tech companies and professional services firms with large cybersecurity practices, and three industry groups, for comment on Trump\u2019s action against SentinelOne,\u201d wrote Raphael Satter<\/strong> and A.J. Vicens<\/strong>. \u201cOnly one offered comment on Trump\u2019s action. The rest declined, did not respond or did not answer questions.\u201d<\/p>\n On April 3, President Trump fired Gen. Timothy Haugh<\/strong>, the head of the National Security Agency <\/strong>(NSA) and the U.S. Cyber Command<\/strong>, as well as Haugh\u2019s deputy, Wendy Noble<\/strong>. The president did so immediately after meeting in the Oval Office with far-right conspiracy theorist Laura Loomer<\/a>, who reportedly urged their dismissal. Speaking to reporters on Air Force One after news of the firings broke, Trump questioned Haugh\u2019s loyalty.<\/p>\n Gen. Timothy Haugh. Image: C-SPAN.<\/p>\n<\/div>\n Virginia Senator Mark Warner<\/strong>, the top Democrat on the Senate Intelligence Committee, called it inexplicable that the administration would remove the senior leaders of NSA-CYBERCOM without cause or warning, and risk disrupting critical ongoing intelligence operations.<\/p>\n \u201cIt is astonishing, too, that President Trump would fire the nonpartisan, experienced leader of the National Security Agency while still failing to hold any member of his team accountable for leaking classified information on a commercial messaging app \u2013 even as he apparently takes staffing direction on national security from a discredited conspiracy theorist in the Oval Office,\u201d Warner said in a statement.<\/p>\n On Feb. 28, The Record\u2019s Martin Matishak<\/strong> cited<\/a> three sources saying Defense Secretary Pete Hegseth<\/strong> ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions. The following day, The Guardian<\/strong> reported<\/a> that analysts at CISA were verbally informed that they were not to follow or report on Russian threats, even though this had previously been a main focus for the agency.<\/p>\n A follow-up story<\/a> from The Washington Post<\/strong> cited officials saying Cyber Command had received an order to halt active operations against Russia, but that the pause was intended to last only as long as negotiations with Russia continue.<\/p>\n The Department of Defense responded on Twitter\/X that Hegseth had \u201cneither canceled nor delayed any cyber operations directed against malicious Russian targets and there has been no stand-down order whatsoever from that priority.\u201d<\/p>\n But on March 19, Reuters reported<\/a> several U.S. national security agencies have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks.<\/p>\n \u201cRegular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies, including with the FBI, the Department of Homeland Security and the State Department,\u201d Reuters reported, citing current and former officials.<\/span><\/p>\n President\u2019s Trump\u2019s institution of 125% tariffs on goods from China has seen Beijing strike back with 84 percent tariffs on U.S. imports. Now, some security experts are warning that the trade war could spill over into a cyber conflict<\/a>, given China\u2019s successful efforts to burrow into America\u2019s critical infrastructure networks.<\/p>\n Over the past year, a number of Chinese government-backed digital intrusions have come into focus, including a sprawling espionage campaign involving the compromise of at least nine U.S. telecommunications providers<\/a>. Dubbed \u201cSalt Typhoon<\/a>\u201d by Microsoft, these telecom intrusions were pervasive enough that CISA and the FBI in December 2024 warned Americans<\/a> against communicating sensitive information over phone networks, urging people instead to use encrypted messaging apps (like Signal).<\/p>\n The other broad ranging China-backed campaign is known as \u201cVolt Typhoon<\/a>,\u201d which CISA described as \u201cstate-sponsored cyber actors seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.\u201d<\/p>\n Responsibility for determining the root causes of the Salt Typhoon security debacle fell to the Cyber Safety Review Board<\/a> (CSRB), a nonpartisan government entity established in February 2022 with a mandate to investigate the security failures behind major cybersecurity events. But on his first full day back in the White House, President Trump dismissed all 15 CSRB advisory committee members \u2014 likely because those advisers included Chris Krebs.<\/p>\n Last week, Sen. Ron Wyden<\/strong> (D-Ore.) placed a hold on Trump\u2019s nominee to lead CISA, saying the hold would continue unless the agency published a report on the telecom industry hacks, as promised.<\/p>\n \u201cCISA\u2019s multi-year cover up of the phone companies\u2019 negligent cybersecurity has real consequences,\u201d Wyden said in a statement<\/a>. \u201cCongress and the American people have a right to read this report.\u201d<\/p>\n The Wall Street Journal<\/strong> reported last week Chinese officials acknowledged in a secret December meeting that Beijing was behind the widespread telecom industry compromises.<\/p>\n \u201cThe Chinese official\u2019s remarks at the December meeting were indirect and somewhat ambiguous, but most of the American delegation in the room interpreted it as a tacit admission and a warning to the U.S. about Taiwan,\u201d The Journal\u2019s Dustin Volz<\/strong> wrote<\/a>, citing a former U.S. official familiar with the meeting.<\/p>\n Meanwhile, China continues to take advantage of the mass firings of federal workers. On April 9, the National Counterintelligence and Security Center<\/strong> warned<\/a> (PDF) that Chinese intelligence entities are pursuing an online effort to recruit recently laid-off U.S. employees.<\/p>\n \u201cForeign intelligence entities, particularly those in China, are targeting current and former U.S. government (USG) employees for recruitment by posing as consulting firms, corporate headhunters, think tanks, and other entities on social and professional networking sites,\u201d the alert warns. \u201cTheir deceptive online job offers, and other virtual approaches, have become more sophisticated in targeting unwitting individuals with USG backgrounds seeking new employment.\u201d<\/p>\n Image: Dni.gov<\/p>\n<\/div>\n As Reuters notes<\/a>, the FBI last month ended an effort to counter interference in U.S. elections by foreign adversaries including Russia, and put on leave staff working on the issue at the Department of Homeland Security.<\/p>\n Meanwhile, the U.S. Senate is now considering a House-passed bill<\/a> dubbed the \u201cSafeguard American Voter Eligibility (SAVE) Act<\/strong>,\u201d which would order states to obtain proof of citizenship, such as a passport or a birth certificate, in person from those seeking to register to vote<\/a>.<\/p>\n Critics say the SAVE Act could disenfranchise millions of voters and discourage eligible voters from registering to vote. What\u2019s more, documented cases of voter fraud are few and far between, as is voting by non-citizens. Even the conservative Heritage Foundation<\/strong> acknowledges as much: An interactive \u201celection fraud map<\/a>\u201d published by Heritage lists just 1,576 convictions or findings of voter fraud between 1982 and the present day.<\/p>\n Nevertheless, the GOP-led House passed the SAVE Act with the help of four Democrats. Its passage in the Senate will require support from at least seven Democrats, Newsweek writes<\/a>.<\/p>\n In February, CISA cut roughly 130 employees, including its election security advisors. The agency also was forced to freeze all election security activities pending an internal review. The review was reportedly<\/a> completed in March, but the Trump administration has said the findings would not be made public, and there is no indication of whether any cybersecurity support has been restored.<\/p>\n Many state leaders have voiced anxiety over the administration\u2019s cuts to CISA programs that provide assistance and threat intelligence to election security efforts. Iowa Secretary of State Paul Pate<\/strong> last week told<\/a> the PBS<\/strong> show Iowa Press<\/strong> he would not want to see those programs dissolve.<\/p>\n \u201cIf those (systems) were to go away, it would be pretty serious,\u201d Pate said. \u201cWe do count on a lot those cyber protections.\u201d<\/p>\n Pennsylvania\u2019s Secretary of the Commonwealth Al Schmidt<\/strong> recently warned the CISA election security cuts would make elections less secure, and said no state on its own can replace federal election cybersecurity resources.<\/p>\n The Pennsylvania Capital-Star<\/strong> reports<\/a> that several local election offices received bomb threats around the time polls closed on Nov. 5, and that in the week before the election a fake video showing mail-in ballots cast for Trump and Sen. Dave McCormick (R-Pa.) being destroyed and thrown away was linked to a Russian disinformation campaign.<\/p>\n \u201cCISA was able to quickly identify not only that it was fraudulent, but also the source of it, so that we could share with our counties and we could share with the public so confidence in the election wasn\u2019t undermined,\u201d Schmidt said.<\/p>\n According to CNN<\/a>, the administration\u2019s actions have deeply alarmed state officials, who warn the next round of national elections will be seriously imperiled by the cuts. A bipartisan association representing 46 secretaries of state, and several individual top state election officials, have pressed the White House about how critical functions of protecting election security will perform going forward. However, CNN reports they have yet to receive clear answers.<\/p>\n Nevada and 18 other states are suing Trump over an executive order he issued on March 25<\/a> that asserts the executive branch has broad authority over state election procedures.<\/p>\n \u201cNone of the president\u2019s powers allow him to change the rules of elections,\u201d Nevada Secretary of State Cisco Aguilar<\/strong> wrote in an April 11 op-ed<\/a>. \u201cThat is an intentional feature of our Constitution, which the Framers built in to ensure election integrity. Despite that, Trump is seeking to upend the voter registration process; impose arbitrary deadlines on vote counting; allow an unelected and unaccountable billionaire to invade state voter rolls; and withhold congressionally approved funding for election security.\u201d<\/p>\n The order instructs the U.S. Election Assistance Commission<\/strong> to abruptly amend the voluntary federal guidelines for voting machines without going through the processes mandated by federal law. And it calls for allowing the administrator of the so-called Department of Government Efficiency<\/strong> (DOGE), along with DHS, to review state voter registration lists and other records to identify non-citizens.<\/p>\n The Atlantic\u2019s Paul Rosenzweig<\/strong> notes that the chief executive of the country \u2014 whose unilateral authority the Founding Fathers most feared \u2014 has literally no role in the federal election system.<\/p>\n \u201cTrump\u2019s executive order on elections ignores that design entirely,\u201d Rosenzweig wrote<\/a>. \u201cHe is asserting an executive-branch role in governing the mechanics of a federal election that has never before been claimed by a president. The legal theory undergirding this assertion \u2014 that the president\u2019s authority to enforce federal law enables him to control state election activity \u2014 is as capacious as it is frightening.\u201d<\/p>\n<\/div>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/04\/chriskrebs-gi.png?resize=750%2C330&ssl=1\")
<\/p>\nCYBERCOM-PLICATIONS<\/h2>\n
![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/04\/genhaugh-cspan.png?resize=749%2C377&ssl=1\")
<\/p>\nTARIFFS VS TYPHOONS<\/h2>\n
![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/04\/dni-china-hiring.png?resize=749%2C416&ssl=1\")
<\/a><\/p>\nELECTION THREATS<\/h2>\n