The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Chris Krebs fiercely defends election while President Trump’s attacks on it get weirder

with Tonya Riley

Christopher Krebs last night offered a cool, rational defense of the election’s integrity in his first interview since President Trump fired him as the nation’s top election security official. 

It was a stark contrast with President Trump, whose attacks on the 2020 contest are becoming increasingly fantastical. 

Krebs, who led the government’s Cybersecurity and Infrastructure Security Agency, gave “60 Minutes” interviewer Scott Pelley a point-by-point refutation of the unfounded election fraud claims made by Trump and his allies, which he called “nonsense” and “farcical.”

Those baseless claims include a conspiracy theory positing that Democrats operated a secret algorithm changing how machines recorded votes on an extensive scale and that votes were mysteriously tabulated overseas. 

Krebs’s bottom line: Such fraud claims fail the smell test because, as of 2020, there are paper records for 95 percent of ballots cast by American voters. And hand counts of those ballots in Georgia, Wisconsin and elsewhere show no significant difference between what was tabulated by machines. 

“The proof is in the ballots,” he said. “The recounts are consistent with the initial count. To me that’s further evidence, that’s confirmation that the systems used in the 2020 election performed as expected and the American people should have 100 percent confidence in their votes.”

That’s been a consistent message for Krebs, who has trumpeted the importance of paper ballots and post-election audits as vital protections against election hacking or other malfeasance for more than three years. Trump, by contrast, has  frequently shifted his claims about election fraud depending on where he thinks he can gain an edge.

Krebs lashed out at Rudy Giuliani and Trump’s other lawyers who have peddled such claims.

He savaged a news conference in which the lawyers alleged without evidence that Dominion Voting Systems’ machines somehow changed votes, calling it an attempt “to undermine confidence in the election, to confuse people to scare people.” 

There’s no evidence Dominion machines, which were used in Georgia and other states to mark and record votes, were compromised. Dominion has produced a 15-point refutation of the claims. 

“What it was actively doing was undermining democracy, and that’s dangerous,” Krebs said. 

He also called it “a travesty” that doubts about the election’s integrity have led to attacks, including death threats, against secretaries of state and other election officials

“They’re defending democracy. They’re doing their jobs,” he said. 

Here are more details from Krebs's interview from Jaclyn Peiser

Trump, meanwhile, doubled down on his baseless claims. 

In his first TV interview since the election, he casually suggested to Fox News Channel’s “Sunday Morning Futures” host Maria Bartiromo that the Justice Department and the FBI might have been part of a broad conspiracy to rig the election. 

He also repeated debunked claims, including that large numbers of ballots were cast on behalf of the deceased, and pledged he was “going to use 125 percent of my energy” to continue to contest President-elect Joe Biden’s win, Felicia Sonmez reports

Trump claimed that foreign leaders have been calling and telling him this was the most “messed-up” election they have ever seen, but he did not name any of the leaders.

The president also lashed out after Krebs’s “60 Minutes” interview. 

He tweeted, calling U.S. election security “an international joke” and describing the 2020 election as “probably our least secure EVER!”

In another tweet, Trump promised “some big things happening in our various litigations on the Election Hoax. Everybody knows it was Rigged.”

Twitter flagged both tweets as containing “disputed” claims.

The president’s apparent concern about election security is undermined by the fact he held only one Cabinet-level meeting on election security during his presidency. He also did not endorse Democratic-led efforts to increase funding to further secure voting such as paper ballots and post-election audits. 

But Trump’s legal paths to reversing Biden’s win are fast vanishing. 

Wisconsin completed a recount in its two largest counties that reconfirmed Biden’s victory in the state, and Pennsylvania’s Supreme Court dismissed with prejudice an effort to invalidate Biden’s win in that state. 

Observers are also warning an effort to invalidate Biden’s win in Georgia could dissuade Republicans from voting in upcoming runoffs to determine control of the Senate

That case was brought by Trump ally Sidney Powell, who claims without evidence the Dominion voting system used in the state was corrupted in a widespread conspiracy that included Georgia’s Gov. Brian Kemp (R) and Republican Secretary of State Brad Raffensperger, who has defended the integrity of the state’s election results. 

Trump’s official legal team, led by Giuliani, has distanced itself from Powell and the suit, but Trump has tweeted approvingly about the case. He has also frequently repeated the Dominion conspiracy theory and suggested Georgians’ votes in the runoff won’t be tallied accurately. 

Here’s David Becker, executive director of the Center for Election Innovation and Research:

And my colleague Amy Gardner:

Sens. David Perdue (R-Ga.) and Kelly Loeffler (R-Ga.), who are defending their seats in those runoffs, have both called for Raffensperger’s resignation, citing “mismanagement and lack of transparency,” but they haven’t specifically described what Raffensperger did wrong. 

Krebs singled out Raffensperger in his “60 Minutes” interview, praising him for “putting country before party.” 

The keys

The Supreme Court will hear arguments today in a case that could significantly limit the nation’s main anti-hacking law.

If the justices rein in the Computer Fraud and Abuse Act, that would be a huge win for ethical hackers who say the broad interpretations of the law frequently limit legitimate cybersecurity research. 

As it’s currently interpreted, the law makes it a crime to violate a website or product’s terms of service. Critics say that gives companies far too much leeway to threaten researchers who search for bugs in their products with civil lawsuits or criminal prosecution. 

The court will review the case of a former Georgia police officer convicted in 2017 under the law for allegedly selling information from a police database. Critics say lower courts interpreted the law too broadly because the officer didn’t hack into the database. He just misused his legitimate access to it.

Suspected North Korean hackers attempted to steal research from coronavirus vaccine developer AstraZeneca.  

The hackers don’t appear to have been successful, sources with knowledge of the matter told Jack Stubbs at Reuters. It’s the latest in a string of alleged attacks by government-backed hacking groups against researchers and drugmakers working on a vaccine.

The hackers posed as recruiters offering jobs to employees of the British pharmaceutical company. The group’s tools and techniques resemble those U.S. officials have attributed to North Korean hackers, officials told Stubbs. Microsoft also recently identified attempts by North Korean hacking groups to steal coronavirus research in multiple countries. 

Baltimore County schools failed to safeguard sensitive information before a devastating ransomware attack.

The ransomware attack will prevent the school district from offering distance classes for its 115,000 students through at least Tuesday, school officials announced.

Police are investigating the attack, which first knocked the county’s school systems offline on Wednesday. It’s unclear whether the “significant risks” detailed in a state audit released the day before the attack contributed to the hacker’s success, Alison Knezevich at the Baltimore Sun reported.  

The audit found that the school system lacked a system for detecting “untrusted traffic.” The audit also found that the school system failed to adequately isolate its publicly available servers from its internal network, exposing it to increased risk.

Baltimore's city IT system was devastated last year by a ransomware attack. 

Transition news

Biden will nominate Neera Tanden to be director of the White House Office of Management and Budget. 

Tanden is currently chief executive of the left-leaning Center for American Progress think tank. If confirmed, she would have a hand in setting telecommunications and cybersecurity policy for federal agencies. Tanden would be the first woman of color to serve in the role, Annie Linskey and Jeff Stein report

Tanden is no stranger to hacking scandals. Her personal correspondence with Hillary Clintons campaign chairman, John Podesta, was revealed in hacked emails posted by WikiLeaks during the 2016 election.

Cyber insecurity

British officials are investigating a cyberattack against the Manchester United soccer team.  

The United Kingdom’s top cybersecurity agency is working with the team to secure its network before switching it back online, Jamie Jackson at the Guardian reports

The incident has made email and some other internal systems unavailable. No fan data was compromised by the attack, the club says. The club did not comment on who was behind the attack.

More cybersecurity news:

20 days of fantasy and failure: Inside Trump’s quest to overturn the election (Philip Rucker, Ashley Parker, Josh Dawsey and Amy Gardner)

UK won’t change Huawei stance post-Trump, says former cyber chief

US Fertility says patient data was stolen in a ransomware attack (TechCrunch)

Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattack (The New York Times)

Chat Room

As director of CISA, Krebs drew Trump's ire by running a rumor control page  knocking back election conspiracy theories. Stanford University's Alex Stamos thinks the incoming Biden administration should pick up the idea. 

Krebs is pushing for a rumor control effort aimed at disinformation and conspiracy theories about coronavirus vaccines.


  • Washington Post Live will host a conversation with former CISA director Christopher Krebs on Wednesday at 11 a.m.
  • The Institute for Security and Technology is hosting a discussion, “Biden Administration Cyber Agenda,” on Wednesday at 2:30 p.m.
  • The Senate Homeland and Governmental Affairs federal spending oversight subcommittee will hold a hearing on “Defending Our Communities from Cyber Threats amid covid-19” on Wednesday at 2:30 p.m.
  • MIT Technology Reviews CyberSecure conference will take place Dec. 2-3.
  • The Atlantic Council will hold an event on the incoming U.S. administration and the future of supply chains in the Americas on Dec. 9 at 2 p.m.

Secure log off