Ordering investigations and revoking security clearances for former CISA director Chris Krebs, along with several other employees of federal contractor SentinelOne is but the latest step downward for US credibility. President Donald Trump bears the entire responsibility for the decline into membership in a new “axis of evil.” It may be time for the cybersecurity industry to recognize that the US government is not a customer it wants for the next two to four years.
President George W. Bush coined that term in 2002 that included certain countries, including Iran and North Korea, as the “Axis of Evil” in the world for their support of terrorism. The current administration’s ignorance of security in “Signalgate”, the decimation the US intelligence infrastructure, and a growing trade war, all give credence to US the image of a new source of international danger in both incompetence and intent. Cyber Protection Magazine is not the only publication to point this out.
Few will speak out
This latest attack on free speech and truth in the Krebs memorandum was met with almost total silence from the US cybersecurity industry. Several prominent voices responded to our requests for comment. All requested anonymity because their livelihood depend on the “good graces” of Donald Trump.
One of the few brave souls willing to speak was Matt Blaze, McDevitt Professor of Computer Science and Law at Georgetown University. On a Mastodon post last week he said, “Trump’s official denouncement of former CISA director Chris Krebs is chilling in substance and utterly Stalinesque in tone. By threatening anyone who hires him, it aims to render Krebs effectively unemployable.”
Even SentinelOne’s official statement was a bloodless capitulation to the order, rather than a defense of its employees.
Outside of the US, there is greater freedom to comment, a statement we never thought we would say in our lifetime.
“The old relationship we had with the United States, based on deepening integration of our economies and tight security and military co-operations, is over,” said Mark Carney, Prime Minister of Canada. “The time will come for a broad renegotiation of our security and trade relationship.”
Writing about the reversal of support for Ukraine, Janet Daley an American-born conservative journalist writing for The Telegraph in the UK asked, “If the American president is deliberately choosing to damage the security of a nation, which we unambiguously regard as friendly to defend itself against an invading enemy, can we trust the US government with the security information which we would once have expected to share in our mutual interest?”
Disgraceful and dangerous
“The EO targeting Krebs and SentinelOne is disgraceful and dangerous,” James Bore, a UK cybersecurity consultant and speaker, wrote to us. “Politicizing national security tools, and persecuting cybersecurity professionals actively fighting known disinformation, is a direct attack on our field. It places the infrastructure of the US at greater risk purely to satisfy a personal vendetta. This precedent is chilling for all who work in security, knowing their work is at the mercy of this level of petty vengeance.”
In a recent podcast, Bore agreed with some pundits that Krebs and the other SentinelOne employees being targeted are in danger of incarceration without trial, especially in light of President Trump’s interest in sending dissidents to an El Salvador prison. “If I were them, I’d be making flight reservations now.”
That leads to asking, for at least the next two years, if it makes sense for the cybersecurity industry to do business with the federal government.
The experts providing anonymous insight rejected the idea that cybersecurity companies should or will step away from those contracts. One of the few that did comment publicly was Ian Thornton-Trump, CISO of MSSP Inversion6.
Greed ‘trumps’ accountability
“Tech drives the US Government and will continue to be one of the largest customers,” he said. “Corporate greed seems to win over altruism nearly every single time.” But Thornton-Trump disagreed that this changes US security posture.
“US security remains in great shape. What has been removed is any sense of accountability for a security failure or violation. CISA never had enforcement powers, so the dismantling or reduction in capabilities will have a minimal impact on the overall cybersecurity posture of the USA, mostly because government-funded programs compete with commercial offerings.”
However, Thornton-Trump calls the memorandum “pure mob boss” mentality. “Chris got political by accident or design and has now paid the iron price.”
Outside naked greed, does it make sense to support the Trump administration? The US is not just the federal government. There are state, county and municipal governments needing security services. Adjusting marketing targets for that business could more than make up the loss of revenue from the federal revenue.
Like much of the world is discovering, there is business outside of Washington, D.C. It might be time to hedge the bets.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.