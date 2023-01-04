Comment on this story Comment Gift Article Share

Welcome to The Cybersecurity 202! What in the actual heck is happening with the NBA lately? First Luka Doncic goes for a 61-point triple double, then Donovan Mitchell gets 71 in a near-triple double? It’s crazy when Klay Thompson’s 54-point game is the second best game of the night. Wp Get the full experience. Choose your plan ArrowRight Below: Twitter’s former security chief has a new job, and Russia blames soldiers’ use of cellphones for a deadly military strike. First:

Krebs testified to the Jan. 6 committee about his firing. Here’s what he said

When a coalition of government and industry officials declared the 2020 election “the most secure in American history," it at least partially triggered former President Trump’s firing of Cybersecurity and Infrastructure Security Agency Director Chris Krebs.

But Krebs already had been a worrisome figure for some within the Trump administration, on thin ice over perceptions that he wasn’t loyal enough to Trump.

Advertisement

Those are some of the cybersecurity-related details unearthed by the congressional Jan. 6 committee in testimony it released over the holidays, including testimony from Krebs himself.

The way it played out publicly in 2020 was that President Donald Trump fired Krebs over Twitter, explicitly connecting his decision to the Nov. 12 statement on the security of the 2020 race. Trump said it was Krebs’s statement, although in actuality it was a joint statement by CISA, the Election Assistance Commission, state and local election officials and voting machine vendors — and Krebs’s name wasn’t even in the statement. The name of another CISA official, Bob Kolasky, was in the statement.

The Krebs view

To hear Krebs tell it, he didn’t even have a role in drafting the joint statement. He only approved its release after the practitioners brought it to him and sought his approval, he said. Krebs does think he asked Kolasky and a top deputy, Matt Masterson, whether any of the election coordination committees were going to put out a statement.

Advertisement

He thought it would be “helpful,” he told the Jan. 6 panel, because “there were a bunch of claims” about how “machines had been compromised and votes were being flipped and things of that nature.”

But Krebs did have a sense that the White House was unhappy with him before then, which he heard through whispers rather than direct communication.

“I was aware that there was, you know, some skepticism of my loyalty to the president,” he testified.

Krebs knew the administration wanted to fire Bryan Ware , who was serving as assistant director of cybersecurity at CISA at the time. The administration later asked Ware to resign.

Krebs said he spoke with a White House liaison, Josh Whitehouse , about his personnel: “He interviewed me, and I tried to get him not to take personnel action against some of my employees.”

Through the “political apparatus,” Krebs heard the White House was unhappy with a CISA risk assessment about mail-in voting in the summer of 2020 that discussed some of “the security controls that were in place.” That contradicted Trump’s pronouncements about mail-in voting insecurity.

“My response to that was, if someone has a concern with that product, they will come talk to me about it and we’ll have a discussion about whether it stays up or stays down,” Krebs said. “Nobody ever came to me.”

The “rumor control” website CISA was operating also sometimes contradicted the president on election security, but Krebs said “It was not rebutting specific examples or statements by any individual.”

It’s possible that Krebs wasn’t fired exclusively by tweet, he said. Krebs didn’t recall seeing a termination letter on Nov. 17 that John McEntee, director of the White House Presidential Personnel Office, sent to him. (McEntee told the committee the termination letter was “simultaneous with the tweet.”)

Advertisement

Before that point, then-Department of Homeland Security secretary nominee Chad Wolf appeared to mostly back up the notion that the election was secure, Krebs said. At a news conference on Nov. 3, Wolf declared the presidential contest was “the most secure election in U.S. history.”

When the coalition of officials released a similar statement Nov. 12, Krebs said, Wolf questioned him about “what if evidence comes along later that may disprove that statement?” Krebs answered that, based on available evidence, the statement was true, and if later information came up, the statement could be amended.

Krebs said he didn’t get a specific explanation of why he was fired, and Wolf only told him, “Oh, God, that wasn’t supposed to happen like that.” But it was “fairly obvious” to Krebs that he was fired because CISA was “providing factual information about the security of the election.”

The view of DHS leadership

Wolf told the committee he had some issues with the language of the Nov. 12 statement about the security of the election.

“This is in a time when there’s a lot of different allegations, a lot of different things that are going on at the time,” Wolf said. “And to have someone from CISA say that it’s the most secure election and not really be altogether that precise in their language gave me a lot of concern.”

Advertisement

“CISA’s authorities have to do with cybersecurity on election infrastructure,” Wolf testified. “So if you want — perhaps that language should have said the most secure election from a cybersecurity standpoint. That I could understand.”

Asked about the fact that the statement included remarks from other kinds of officials and whether they had a “broader aperture,” Wolf answered, “They have a broader view. I don’t know that they have broader responsibilities.”

(Repeated recounts and court cases have turned up no evidence of widespread irregularities that could’ve affected the 2020 presidential race. And the back half of CISA’s name, “Infrastructure Security,” indicates that its authorities aren’t only cyber-related.)

Wolf also confirmed his concerns about the statement coming out so quickly after the election.

Wolf declined to answer some questions from the committee, saying that Trump had not waived executive privilege.

Ken Cuccinelli, who served as deputy secretary at DHS at the time, also told the committee that he didn’t agree with the Nov. 12 statement.

“I agree with it insofar as the federal responsibilities were concerned,” he said. “We are not in a position at the federal level to comment on the rest of the election.”

Before his firing, Krebs was already “looking at the door” because “he was clearly very unhappy in his role,” Cuccinelli said. Cuccinelli also said he knew the White House was unhappy with him.

That said, Cuccinelli didn’t believe Krebs should be fired. “The negatives of letting him go outweighed the positives of keeping him,” Cuccinelli testified. Those positives included the successful partnerships CISA had created with state officials.

Advertisement

Still, Cuccinelli disagreed with how Krebs was approaching other parts of his role.

“Elections aren’t over until all the litigation is over and the certifications all happen and et cetera, and that was all still going on,” he said. “But he was still, effectively, insisting on putting his thumb on the scale in that debate.”

The White House view

The decision to fire Krebs was “collaborative,” McEntee said. The president and his chief of staff, Mark Meadows, “all [were] made aware of it and discussed it a few times.”

What bothered the White House was when the joint official statement about the security of the election came out, McEntee told the committee. “This was still November, and they thought it was too early to put out a statement like that when it appeared things were still up in the air, or at least investigating the portion that he’s saying was so secure,” he said.

Advertisement

The committee quizzed McEntee about a document about Krebs he acknowledged had come from his office that suggested the 2020 election statement wasn’t the only beef the White House had with Krebs. Here’s what other bullets said:

“Wife posted a family photo on Facebook with the Biden-Harris logo watermarked at the bottom.” McEntee said it “seems odd, you know.”

“Permitted a Black Lives Matter town hall to take place in June.” Said McEntee: “Yeah, that would probably cause concern. That doesn’t seem like something that should be taking place at the Department of Homeland Security.”

“Has protected never-Trump appointees like Bryan Ware and pushes other appointees to the side.”

“Employs Matt Masterson as the senior adviser and lead on election security. Masterson was the head of Obama’s Election Assistance Commission as an appointment then.” Explained McEntee, “Usually, being an appointee in a Democratic administration would — we’d have to look into it, yeah.”

The keys

Twitter whistleblower joins cybersecurity firm

Peiter “Mudge” Zatko, the former security chief of Twitter whose claims about the company have triggered multiple investigations, is joining Boston-based cybersecurity firm Rapid7, Joseph Menn reports. It’ll be his first full-time role since he was fired by Twitter around a year ago after clashing with chief executive Parag Agrawal about which security details the company’s board should have been told about.

Zatko will report to Rapid7 chief executive Corey Thomas and will be “executive in residence” at the company. Zatko plans to work with chief information security officers and boards that are “hungry for how to evaluate their investments in cyber — is it paying off, can they predict the likelihood of problems.”

Advertisement

Rapid7, which serves 44 percent of the Fortune 500 largest companies by revenue, isn’t afraid of controversy. The company maintains Metasploit, an open-source hacking tool that quickly adds new hacking techniques to its arsenal.

Russia says devastating New Year’s Day strike was caused by soldiers’ cellphone use

Russia’s Defense Ministry has said that at least 89 soldiers died in a Ukrainian missile strike in an occupied town in Ukraine’s Donetsk region on Sunday, Mary Ilyushina reports. But Ukraine — which hasn’t confirmed its involvement — said at least 400 soldiers were killed.

In a statement, the Russian Defense Ministry “blamed the attack in part on the ‘massive use … by personnel of mobile phones,’” Mary writes. “The signals alerted the Ukrainians to the garrison’s location, the statement said, adding that a commission is working to investigate the incident.”

“Some bloggers described the allegation that Russian troops had given away their location by defying a ban on cellphone use as an attempt by Moscow to shift blame for its poor operational security,” Mary writes. “A high death toll of new conscripts could prove particularly problematic for the Kremlin, which has faced fierce criticism for sending poorly equipped and untrained draftees into battle.”

Global cyberspace

Cyber insecurity

Industry report

Daybook

Jen Easterly CISA Director speaks at the CES conference in Las Vegas at 10 a.m. local time on Thursday.

Secure log off

When it’s too early to wake up.. 😅 pic.twitter.com/sHeEaIzWCc — Buitengebieden (@buitengebieden) January 2, 2023

Thanks for reading. See you tomorrow.

GiftOutline Gift Article