with Tonya Riley

News that Chris Krebs, the government's top election security official, could be ousted in a post-election firing rampage at the Department of Homeland Security sent shockwaves through Washington. 

Krebs, who has been overseeing the largest-ever operation to secure a U.S. election, has been presiding over a 24/7 war room with state and local election officials that launched on Election Day and is still operating. The Cybersecurity and Infrastructure Security Agency director is widely credited with helping states dramatically improve their defenses against hacking and keeping the election free of foreign cyberattacks

But Krebs, who scrupulously avoided partisan politics in an effort to gain confidence and cooperation from both Republican and Democratic election security officials, apparently drew the ire of White House officials with a rumor control page that knocked back phony claims about election fraud — including some made by the president, who is refusing to concede. He has told associates he expects to be fired, Nick Miroff and Ellen Nakashima reported. Reuters first reported the news of Krebs's concerns. 

I find it deeply troubling that the president doesn’t want the truth to get out there and to have fact checking going on,” Rep. Jim Langevin (D-R.I.), co-founder of the Congressional Cybersecurity Caucus, told me. “The public needs to have accurate information, and when there are rumors and disinformation and misinformation we need a trusted source in government to say, ‘Yes, this is true’ or ‘No, it isn’t.’ ” 

Drip, drip: Krebs’s deputy Bryan Ware already submitted his resignation, as CyberScoop first reported. Ware declined to comment on the terms of his departure. He told Nick: “I’m proud of the work that I did. I’m proud of what the agency accomplished and proud to have had the privilege to serve the country.” 

Valerie Boyd, the top official for international affairs at DHS, also resigned under pressure. “The requests came from the White House’s Presidential Personnel Office, whose 30-year-old director, John McEntee, has recently intensified efforts to purge appointees who have failed to demonstrate sufficient fealty to the president,” Nick and Ellen reported. 

Officials said Krebs's ouster could make the nation less secure as the election process continues. 

Although the election itself was free of foreign cyberattacks, adversaries including Russia or China could still disrupt post-election processes, including audits in numerous states, a hand recount in Georgia and certification of vote totals across the country. North Carolina and Georgia have still not been called. 

CISA said its 24/7 war room to help election officials combat such attacks on Election Day would probably remain running until the election is fully certified in December.  

“We’ve spent the last several years trying to shore up vulnerabilities in our systems in partnership with CISA. To the extent those vulnerabilities remain, that’s a concern until the election is certified,” New Mexico Secretary of State Maggie Toulouse Oliver (D) told me. “I would be concerned if the head guy in charge of ensuring our systems stay secure leaves before the election work is completed.” 

Krebs's firing could also make it easier to spread disinformation and undermine confidence in the election — both for foreign adversaries and for Trump and his supporters. That could be especially true if CISA’s rumor control page is shut down. 

“We’re probably, as election administrators around the country, experiencing a greater challenge from misinformation and disinformation now in the post-election phase than we even did in the lead-up to the election,” Toulouse Oliver said. “So, it’s important now more than ever that we have accurate information about how elections work. To me, that’s a crucial role that CISA should play in helping to decipher facts from fiction.” 

Toulouse Oliver is president of the National Association of Secretaries of State but was speaking for her state alone. 

Another major concern: Adversaries could take advantage of the disarray at CISA to launch cyberattacks targeting other parts of the nation during the transition or early in the Biden administration. 

“Any transition period is a point of vulnerability and right now we need to have all hands on deck,” Langevin told me. “We need to have dedicated professionals continuing to do their job and keeping the country safe during a transition of leadership. Just ask the 9/11 Commission about that.”

The 9/11 Commission found that the delay in beginning the Bush administration’s transition into office because of the disputed outcome of the 2000 election left that administration less prepared for the terrorist attack. 

The rumor control page marked the closest that CISA came to criticizing the president’s frequent falsehoods about the election. 

The site called out as false, for example, claims that results that are announced after election night are illegitimate and that it’s common and easy for fraudsters to vote on behalf of dead people – both claims repeatedly made by Trump and his allies. 

Krebs regularly touted the page to reporters as one of the agency’s most important innovations, but he also scrupulously refused to link any of the fact checks to Trump directly. 

“It's not my job to fact check any candidate, certainly on the presidential ticket,” Krebs said during a pre-election media event.

That position has become increasingly untenable as Trump's false claims continue. 

CISA joined leaders from the National Association of Secretaries of State, the National Association of State Election Directors and other organizations in a statement yesterday that seemed designed to knock back a false and repeatedly disproved Trump claim that a software glitch in voting machines may have altered vote counts. 

“There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised,” the statement read. It also said, “The November 3rd election was the most secure in American history.”

Krebs tweeted out the statement and declared: “TLDR: America, we have confidence in the security of your vote, you should, too.” 

Krebs, in what appeared to many as an act of defiance, also retweeted a tweet from David Becker, executive director of the Center for Election Innovation and Research, that specifically took aim at the president. Via Reuters’s Joseph Menn: 

Langevin added that Krebs “has served with great distinction and professionalism [and] hasn’t gotten involved in partisan politics. He’s kept his head down and done his job.” Langevin said he’d urge the incoming Biden administration to ask Krebs to remain in his post or return to it.  

The outrage among election officials and lawmakers shows the political risks of firing Krebs. 

“The success of the 2020 general election — in the face of disinformation campaigns and cyber threats from foreign adversaries — is owed in large part to CISA under Chris Krebs’ leadership,” California Secretary of State Alex Padilla (D) told me by email. “Firing Chris Krebs would show again how little this administration actually cares about defending our democracy. You need respected, competent leaders like Krebs, especially while votes are still being counted and audited.”

Sen. Angus King (I-Maine) called Krebs “an ideal public servant who did his job competently, didn’t seek attention and established relationships of trust with his counterparts in states and localities.” King co-chaired a major government and industry review of cybersecurity called the Cyber Solarium Commission. 

Sen. Amy Klobuchar (D-Minn.), who sponsored numerous election security bills, said on Twitter that firing Krebs would be a “gut punch to democracy.” 

Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee, called it an instance of the president's “refusal to put country before ego” that he said was damaging national security. 

Here's more from Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee:

Sen. Ron Wyden (D-Ore.), a major advocate for election security:

Rep. Kathleen Rice (D-N.Y.), who serves on the House Homeland Security Committee’s cybersecurity panel:

Key Republicans, however, have been mostly silent publicly. CISA and the White House did not respond to requests for comment. 

Election and cybersecurity experts also came quickly to Krebs’s defense. 

Susan Hennessey, a former intelligence community attorney who’s now executive editor of the Brookings Institution’s Lawfare blog:

An official comment from the Michael V. Hayden Center for Intelligence, Policy, and International Security, a think tank founded by the former NSA director:

Tarah Wheeler, a cybersecurity fellow at Harvard University’s Belfer Center for Science and International Affairs:

Eric Mill, a former technology official at the General Services Administration and in Congress who now works at Google:

Graham Brookie, director of the Atlantic Council's Digital Forensic Research Lab: 

Matthew Olney, director of threat intelligence at Cisco: 

The keys

More Republicans are calling for President-elect Joe Biden to have access to classified briefings during the transition. 

They say that giving Biden access to intelligence reports makes sense for national security — even if they aren't willing to concede he won the election, Felicia Sonmez and Mike DeBonis report.

“Well, I think that it probably makes sense to prepare for all contingencies,” Sen. John Thune (S.D.), the second-ranking Senate Republican, told CNN.

The sentiment was shared by others in the Senate who nevertheless stopped short of acknowledging Biden’s victory.

Sen. John Cornyn (R-Tex.) said that Biden should get the information in some way, even if it's a truncated version of the presidential briefing. Sen. Charles E. Grassley (R-Iowa) and Sen. Lindsey O. Graham (R-S.C.), the chairman of the Senate Judiciary Committee, also said Biden should get the briefings, as did Sen. Susan Collins (R-Maine), one of just four Republicans to congratulate Biden. 

Biden's transition has been stalled by the head of the General Services Administration's refusal to sign a letter authorizing the transition work and releasing money to fund it. The delay could leave the Biden administration less prepared to deal with cybersecurity and other national security challenges, former government officials say.

But some Republicans are siding with the administration on blocking the transition.

“He’s not president right nowdon’t know if he’ll be president January 20th. But whoever is can get the information, said House Minority Leader Kevin McCarthy (R-Calif.).

Trump will ban U.S. investments in firms owned or controlled by the Chinese military. 

The move targets 31 Chinese companies flagged by the Defense Department earlier this year, including China Telecom and surveillance technology vendor Hikvision, Jeanne Whalen and David J. Lynch report.

The move indicates that Trump won't slow down in his war against Chinese technology during the lame duck period. Biden has said he will take a tough approach on China, but he has also been critical of Trump's trade bans. He hasn't offered a specific plan for dealing with Chinese military-owned companies.

Experts are skeptical that the ban will make much of a dent outside escalating tensions with China.

The order is “not going to be a problem for China’s military and intelligence upgrading. Those do not depend on U.S. investors at all, as far as I can tell,” said Martin Chorzempa, a research fellow at the Peterson Institute for International Economics.

“It reads to me like the last attempts of an outgoing administration to do as much as they can to push a decoupling between the U.S. and China without being willing to really rattle U.S. investors,” he added.

The Commerce Department won't enforce an order to shut down TikTok. 

That could result in the future of the Chinese-owned app being decided by the Biden administration. 

If the Commerce Department had tried to enforce the order, that would have set up a showdown with a federal court that placed an injunction last month on efforts to force TikTok’s Chinese owner to sell off its U.S. assets or face a ban, John D. McKinnon at the Wall Street Journal reports

The injunction made it unclear what action the government could take to enforce its threat to shut down the app if it didn't divest its U.S. assets by yesterday.

The government claims that TikTok's Chinese owners could be compelled to share U.S. user data with the Chinese government. TikTok denies the allegations.

Securing the ballot

The Trump campaign filed five new lawsuits attempting to block ballots in Pennsylvania. 

The campaign is asking the court to block 8,349 ballots that city officials accepted, Corinne Ramey and Sara Randazzo at the Wall Street Journal report.

More cybersecurity news:

Chat room

Ever wonder how CISA landed on a purple sloth to represent Chinese hackers? CyberScoop's Shannon Vavra got to the bottom of the story and the details are too good to miss.

“We don’t want something they can put on T-shirts,” a U.S. official told Shannon. Instead, he said, he wanted an image that embarrassed or humiliated them.

The article also raised questions about the standard stock art for hacking stories of a shadowy guy in a hoodie.

Daybook

  • The Cybersecurity Coalition and the Cyber Threat Alliance will host CyberNextDC on Nov. 17-18, starting at 11 a.m.
  • USTelecom and Inside Cybersecurity will host a webinar on information technology priorities in the coming year on Nov. 17 at 2 p.m.

Secure log off