CISA head’s firing shines light on critical infrastructure security agency’s importance

critical infrastructure security agency

Critical Infrastructure Security Agency –  “Honored to serve. We did it right. Defend Today, Secure Tomorrow. #Protect2020.”

On November 12, Reuters published a report claiming Christopher Krebs, who heads the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, expected to be fired over comments he made about the recent United States election. Days later, on November 17, he was.

“Honored to serve. We did it right. Defend Today, Secure Tomorrow. #Protect2020,” Krebs said in a tweet after his firing was announced.

The move came after the critical infrastructure security agency released a statement saying the recent November election was the “most secure in American history.”

“Right now, across the country, election officials are reviewing and double checking the entire election process prior to finalizing the result,” the statement said. “When states have close elections, many will recount ballots. All of the states with close results in the 2020 presidential race have paper records of each vote, allowing the ability to go back and count each ballot if necessary. This is an added benefit for security and resilience. This process allows for the identification and correction of any mistakes or errors. There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

The statement wasn’t issued by Krebs’ agency alone. It was a joint statement by members of the Election Infrastructure Government Coordinating Council Executive Committee – CISA Assistant Director Bob Kolasky, U.S. Election Assistance Commission Chair Benjamin Hovland, National Association of Secretaries of State President Maggie Toulouse Oliver, National Association of State Election Directors President Lori Augino, and Escambia County (Florida) Supervisor of Elections David Stafford. The statement was also approved by members of the Election Infrastructure Sector Coordinating Council – Chair Brian Hancock (Unisyn Voting Solutions), Vice Chair Sam Derheimer (Hart InterCivic), Chris Wlaschin (Election Systems & Software), Ericka Haas (Electronic Registration Information Center), and Maria Bianchi (Democracy Works).

“Other security measures like pre-election testing, state certification of voting equipment, and the U.S. Election Assistance Commission’s (EAC) certification of voting equipment help to build additional confidence in the voting systems used in 2020,” the statement said. “While we know there are many unfounded claims and opportunities for misinformation about the process of our elections, we can assure you we have the utmost confidence in the security and integrity of our elections, and you should too. When you have questions, turn to elections officials as trusted voices as they administer elections.”

In a pair of tweets on November 17, U.S. President Donald Trump announced Krebs’ firing. critical infrastructure security agency krebs fired

“The recent statement by Chris Krebs on the security of the 2020 Election was highly inaccurate, in that there were massive improprieties and fraud – including dead people voting, Poll Watchers not allowed into polling locations, “glitches” in the voting machines which changed…” Trump tweeted. “…votes from Trump to Biden, late voting, and many more. Therefore, effective immediately, Chris Krebs has been terminated as Director of the Cybersecurity and Infrastructure Security Agency.”

The joint statement issued by CISA and others wasn’t the agency’s first on the election. On November 4, following the final day of voting, Krebs, issued his own statement.

“Over the last four years, the Cybersecurity and Infrastructure Security Agency (CISA) has been a part of a whole-of-nation effort to ensure American voters decide American elections. Importantly, after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies,” the statement said.

In October, CISA issued several announcements on election infrastructure security. These included a graphic novel about the dangers and risks associated with dis- and misinformation campaigns. CISA also launched the #Protect2020 Rumor vs. Reality campaign to address common election-related rumors. They provided factual information, and listed resources to support their facts.

“We are only here because of the hard work of state and local election officials and private sector partners who have focused efforts on enhancing the security and resilience of elections. The United States government supported these partners throughout the election, bringing the full range of capabilities to bear in securing systems and pushing back against malicious actors seeking to disrupt our process and interfere in our election. CISA will continue to support our state and local partners as they move toward their certification deadlines and the official outcome of the 2020 election,” Krebs said in the November 4 statement. “We will remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results. The American people are the last line of defense against foreign influence efforts and we encourage continued patience in the coming days and weeks. Keep calm, continue to look to your state and local election officials for trusted information on election results and visit CISA.gov/rumorcontrol for facts on election security.”

In the hours since Krebs’ firing was announced, many have come out to express support for the former CISA director and highlight the importance of the critical infrastructure security agency.

critical infrastructure security agency krebs fired“Chris Krebs is an incredibly bright, high-performing, and dedicated public servant, who has helped build up new cyber capabilities in the face of swiftly-evolving dangers. This year’s robust election security and public awareness campaign exceeded our expectations, especially given the unique political and technological challenges. Equally important is the less publicized work CISA has done to protect our nation’s other critical infrastructure assets. We should be empowering Chris and his team to do more, not punishing them for their doing their job,” U.S. Senator Angus King said in a statement. “By firing Mr. Krebs for simply doing his job, President Trump is inflicting severe damage on all Americans – who rely on CISA’s defenses, even if they don’t know it. If there’s any silver lining in this unjust decision, it’s this: I hope that President-elect Biden will recognize Chris’s contributions, and consult with him as the Biden administration charts the future of this critically important agency.”

CISA is often called the nation’s risk advisor. The critical infrastructure security agency works to build the United States’ capacity to defend against cyber attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard government networks that support the essential operations. Trump created CISA in November 2018 with the Cybersecurity and Infrastructure Security Agency Act.

“The men and women of the new Cybersecurity and Infrastructure Security Agency will be on the front lines of our cyber defense. They will partner with the private sector, and all levels of government, to defend America’s power grids, banks, telecommunications, and other critical parts of our economy,” Trump said at the time. “So as the cyber battlespace evolves, this new agency will ensure that we confront the full range of threats from nation-states, cyber criminals, and other malicious actors, of which there are many.”

Since then, CISA has created two chief centers aimed at fulfilling the critical infrastructure security agency’s mission. The National Cybersecurity and Communications Integration Center provides 24×7 cyber-situational awareness, analysis, incident response and cyber-defense capabilities to the federal government; state, local, tribal and territorial governments; the private sector; and international partners. Additionally, the National Risk Management Center serves as a planning, analysis and collaboration hub for identifying and addressing the most significant risks to the nation’s critical infrastructure.

CISA has also launched a number of initiatives including efforts to identify and develop collaborative solutions to global supply chain risk and the Automated Indicator Sharing program, which is an early warning system that allows a company or federal agency to share information in real-time following a compromise attempt. The critical infrastructure security agency currently has more than 250 organizations connected to its AIS server and more than 4,000 third-party AIS connections.

critical infrastructure security agency

“As we’ve said many times, our adversaries are capable, imaginative and aim to disrupt essential services, so it is important that we make sure we are staying ahead of them.” Bryan Ware, Assistant Director for Cybersecurity, CISA said in a July statement. “Our goal at CISA is to lead and encourage a proactive ‘whole community’ assessment and response to significant threats and ensure we provide the right tools and services at the right time.”

CISA is also tasked with securing the nation’s industrial control systems. To this end, earlier this year, the critical infrastructure security agency released a five-year plan intended to help architects, owners and operators, vendors, integrators, researchers, and others in the ICS community build capabilities that lead to more secure ICS operations.

“In recent years, we have seen industrial control systems around the world become a target for an increasing number of capable, imaginative adversaries aiming to disrupt essential services,” Krebs said in a July statement. “As attackers continue trying to exploit vulnerabilities in ICS, we need to make sure we’re staying ahead of them. Together with our partners in the ICS industry and the security community, this strategy will lead us to new, unified initiatives and security capabilities that will markedly improve the way we defend and secure ICS.”

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp

Author

Join 10,000 OT/ICS Security professionals

Get the latest industrial cybersecurity news and insights direct to your inbox.