Did SolarWinds Make the Right Move in Hiring Former CISA Director Krebs?

AP Photo/Evan Vucci

Christopher Krebs, the former director for the Cybersecurity and Infrastructure Security Agency (CISA), still finds himself at the center of American cybersecurity issues despite the fact that his run at CISA ended with his firing by President Trump after the 2020 election.

Many observers and most in the media attempted to portray the firing as a vengeful act by the outgoing president who was upset that Krebs failed to acknowledge the evidence of voter fraud that the Trump legal team has worked so hard to collect in the days following November 3, 2020. 

The incident that wound up sealing Krebs’ fate within the administration was the November 17 joint statement released on the CISA website that was attributed to the Elections Infrastructure Government Coordinating Council and the Election Infrastructure Sector Coordinating Executive Committees. The statement claimed that “The November 3rd election was the most secure in American history. Right now, across the country, election officials are reviewing and double checking the entire election process prior to finalizing the result.” 

The statement directly contradicted the earliest claims of Trump attorneys including Rudy Giuliani and Jenna Ellis, as well of some of the wilder proclamations levied against Dominion Voting Systems, the company that sells electronic voting hardware and software, including many of the voting machines and tabulators that are currently in use in the United States and Canada, by attorney Sidney Powell by saying in clear bold lettering that “There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

Despite that statement, there was at least one verified compromise against the 2020 election that the CISA- and Christopher Krebs-endorsed statement regarding 2020 election security failed to mention. That was the hacking attack against Hall County, Ga., that exposed voter data of more than 180,000 residents. 

After the ousting of Krebs at CISA, President Trump appointed Brandon Wales as the acting director for CISA as of November 17, 2020, and he remains in the position currently. Wales was certainly a highly qualified choice as he previously served as CISA’s first executive director in addition to having served as the director of the DHS Office of Cyber and Infrastructure Analysis (OCIA). OCIA provides analyzes any potential cyber or physical risks to critical American infrastructure.

As the process of finger-pointing and assigning blame for matters related to the well-documented instances of election irregularities dragged on, perhaps the most pressing cybersecurity issue for America and CISA has become the fallout from the recently discovered SolarWinds hacking attack that affected at least 2,000 networks belonging to at least 100 government and non-government entities globally. News of the hack broke within a few weeks after Krebs’ firing. 

It can be argued that Krebs, while still serving at CISA, failed to protect the United States from foreign Advanced Persistent Threats, or APTs, which have attacked American entities from countries that include Russia, China, and Iran. 

The SolarWinds attack has been attributed to a Russian hacking group known as APT29 (Advanced Persistent Threat). The group is known by several names, including the Dukes, Cozy Duke, Cozy Bear and Office Monkeys. The hackers are said to have used a new malware strain known as SUNBURST in the attack.

Interestingly enough, Krebs, who was America’s top cybersecurity official during most of the time that the attack was ongoing, has just been hired to consult for SolarWinds.

According to a statement released by the company, “We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software development company.” 

In the coming weeks, we should learn more regarding the SolarWinds attack. The company is certainly hoping that the insider knowledge possessed by Krebs will help them secure themselves and their customers from any similar attacks in the future, while discovering what vulnerabilities led to their being attacked in the first place. Whether or not Krebs is up to the task is yet to be seen, but perhaps the application of his knowledge while focusing on this singular issue in his new capacity can bring out the best in the former CISA director.    

Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including The Hill, Newsmax, The Washington Times, Real Clear Politics, Townhall, American Thinker and many others.