SPONSORED:

Leadership changes at top cyber agency raise national security concerns

The departure of the three of the Department of Homeland Security’s top cybersecurity officials over the past week is leading experts and officials to voice concerns that the United States has been left vulnerable to attacks in cyberspace, with national security potentially compromised. 

The concerns come after President TrumpDonald John TrumpTrump rages against '60 Minutes' for interview with Krebs Cornyn spox: Neera Tanden has 'no chance' of being confirmed as Biden's OMB pick Pa. lawmaker was informed of positive coronavirus test while meeting with Trump: report MORE fired Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and after both CISA Deputy Director Matthew Travis and top cybersecurity official Bryan Ware resigned following pressure from the White House.

These changes left the nation’s key cybersecurity agency without Senate-confirmed leadership in the last months of Trump’s presidency, amid a shakeup of major government officials following a contentious election. 

ADVERTISEMENT

“Today, cybersecurity and disinformation threats are among the most significant risks our nation confronts,” Sen. Mark WarnerMark Robert WarnerHarris shares Thanksgiving recipe: 'During difficult times I have always turned to cooking' Biden leans on foreign policy establishment to build team Trump relents as GSA informs Biden transition to begin MORE (D-Va.), vice chairman of the Senate Intelligence Committee, told The Hill in a statement Friday. “For that reason, it’s enormously disturbing that the president has paired an unwillingness to begin an orderly transition with a zeal to gut key national security agencies of their senior-most leadership.”

CISA, established by legislation signed into law by Trump in 2018, describes itself as "the nation’s risk advisor,” and leads efforts to secure critical infrastructure against foreign and domestic cyber threats. 

The agency was heavily involved in coordinating with state and local officials to shore up election security ahead of this year’s general election, and has spearheaded efforts to defend all sectors against attacks.

The agency, and its leadership, had been widely viewed as stable and bipartisan by officials on both sides of the aisle, a rarity in an increasingly polarized capital city.

But with the change in leadership, Warner is not the only current or former official concerned about the potential destabilizing influence for federal cybersecurity objectives. 

“Abruptly losing multiple senior officials would be challenging for any organization, let alone one expected to respond to national security threats,” Michael Daniel, the president and CEO of Cyber Threat Alliance, told The Hill Friday.

ADVERTISEMENT

Daniel, who previously served as special assistant to President Obama and cybersecurity coordinator on the National Security Council staff, noted that if an adversary were to attack the U.S. in cyberspace over the next few months, the ability of the U.S. to respond would be kneecapped. 

“Heading crises off proactively becomes almost impossible without permanent leadership,” Daniel said. “By stripping CISA of its well-respected, capable leadership and acting irresponsibly with respect to the transition, this administration has increased the likelihood that an adversary will try to take advantage of the situation.” 

Adversaries have increasingly shown their willingness to hit the U.S. in cyberspace, most famously through targeting election infrastructure. CISA was among the agencies that responded to recent successful efforts by Russia and Iran to gain access to U.S. voter registration data in three states.

Kiersten Todt, who served as executive director of former President Obama’s Commission on Enhancing National Cybersecurity, described the situation as “dangerous,” but emphasized that CISA itself had a “strong infrastructure” to continue to confront threats. 

“From a strictly national security level, it’s not ideal, but we’re okay,” Todt said. “From a political perspective, it doesn’t seem like it was necessary."

Other Democratic members of Congress have also spoken out this week about concerns over national security, including Sen. Angus KingAngus KingLeadership changes at top cyber agency raise national security concerns Top cybersecurity official ousted by Trump Republicans start turning the page on Trump era MORE (I-Maine). King caucuses with Democrats and is reportedly under consideration by President-elect Joe BidenJoe BidenTrump rages against '60 Minutes' for interview with Krebs Cornyn spox: Neera Tanden has 'no chance' of being confirmed as Biden's OMB pick Five things to know about Georgia's Senate runoffs MORE to serve as director of national intelligence.

“By firing Mr. Krebs for simply doing his job, President Trump is inflicting severe damage on all Americans – who rely on CISA’s defenses, even if they don’t know it,” King said in a statement after Krebs was fired. 

House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonDangerously fast slaughter speeds are putting animals, people at greater risk during COVID-19 crisis House Democrats subpoena private prison operator in forced hysterectomy case Trump relents as GSA informs Biden transition to begin MORE (D-Miss.) and cybersecurity subcommittee Chairwoman Lauren UnderwoodLauren UnderwoodLeadership changes at top cyber agency raise national security concerns Trump's cyber firing stirs outrage Hillicon Valley: Zuckerberg and Dorsey return for another hearing | House passes 5G funding bill | Twitter introduces 'fleets' MORE (D-Ill.), put out a joint statement accusing Trump of “making America less safe” through firing Krebs. 

They said that Trump’s decision did “nothing to defend our state and local governments and critical infrastructure against malicious cyber campaigns from Russia, China, and Iran."

One key increasing threat to U.S. critical networks during the COVID-19 pandemic has been debilitating ransomware attacks on hospitals and cyber targeting of groups involved in vaccine research. 

Sen. Gary PetersGary PetersRepublican John James concedes in Michigan Senate race Hillicon Valley: YouTube suspends OANN amid lawmaker pressure | Dems probe Facebook, Twitter over Georgia runoff | FCC reaffirms ZTE's national security risk Democrats urge YouTube to remove election misinformation, step up efforts ahead of Georgia runoff MORE (D-Mich.), the ranking member of the Senate Homeland Security and Governmental Affairs Committee, accused Trump of not doing enough to respond to this threat, and of making the situation worse by gutting CISA's leadership.

“While I have full confidence in the dedicated workforce at CISA to continue to execute their mission despite your actions, the removal of these individuals invites attacks from our adversaries based on a perception of instability, rather than prevent them,” Peters wrote in a letter to Trump. 

ADVERTISEMENT

Some GOP members of Congress have pushed back against Trump in the days following Krebs’s ouster, though most have stuck to praising Krebs’s work to advance the nation’s cybersecurity defenses. 

“I think what he was trying to do in an unprecedented way was to connect with every state in the country, and give them what they needed to protect and have a firewall in place to protect against cyberattacks,” Sen. Rob PortmanRobert (Rob) Jones PortmanBiden says transition outreach from Trump administration has been 'sincere' The Hill's 12:30 Report: Trump holds his last turkey pardon ceremony The Hill's Morning Report - Presented by the UAE Embassy in Washington, DC - Trump OKs transition; Biden taps Treasury, State experience MORE (R-Ohio), a member of the Senate Homeland Security Committee, told CNN earlier this week. 

In an email obtained by The Hill and confirmed by a CISA spokesperson, CISA Executive Director Brandon Wales — who stepped in as acting director of the agency following the departures of Krebs and Travis — sought to reassure employees. 

“A change in leadership is not a change in mission,” Wales wrote in the email, sent to CISA employees last week. “It is vital for all of us to remain focused on our mission. At a critical time in the response to COVID-19, with a potential vaccine around the corner, we must continue to support healthcare systems and vaccine manufacturers in their defense against ransomware attacks and foreign adversaries.”

Wales emphasized that as long as he led the agency “we will maintain a laser focus on our mission to Defend Today and Secure Tomorrow.”

Beyond CISA, cybersecurity leadership at the federal level could be threatened by moves against leaders of other agencies as well.

ADVERTISEMENT

Trump has reportedly been considering firing both FBI Director Christopher Wray and CIA Director Gina HaspelGina Cheri HaspelCongress set for chaotic year-end sprint A strong, committed intelligence community is part of America's good fortune Women set to take key roles in Biden administration MORE as he continues to make sweeping changes to leadership following the election. Both agencies have cybersecurity missions, with Wray one of the key leaders working to enhance election security over the past four years.

“If those firings do happen, I think it’s irresponsible leadership on the part of the president, it certainly puts this nation in a less than desirable position,” Todt said. 

Despite this, she noted that she had confidence in the federal workforce to help carry the country’s cybersecurity mission forward until Biden takes office in January.

“You just hope that doesn’t happen all at once, but if it does, I have confidence in the civil workforce, and hopefully they won’t have to carry the water too long before we see a transition happen,” Todt said.