Calling him a “significant bad-faith actor who weaponized and abused his government authority,” President Donald Trump on April 9 called for the Justice Department and the Director of National Intelligence to “take all appropriate action” to suspend security clearances for Chris Krebs and his associates at cybersecurity firm SentinelOne.
Trump made the move in a stunning memorandum, in which he claimed that misconduct by the former director of the Cybersecurity and Infrastructure Security Agency involved the censorship of disfavored speech implicating the 2020 election and Covid-19 pandemic.
The President claimed that under the leadership of Krebs, CISA suppressed conservative viewpoints under the guise of combating “supposed disinformation,” and recruited and coerced major social media platform to further its partisan mission.
Few would dispute that the main reason for Trump’s memo was retribution for Krebs speaking out about the security of the 2020 election.
A Nov. 13, 2020, CISA statement said: “There is no evidence that any voting system deleted or lost votes, changed votes or was in any way compromised.”
Krebs was repeatedly quoted in the press that the 2020 election, in which Joe Biden defeated Trump for the White House, “was the most secure in American history.”
For the security industry, it’s bad enough that Krebs was singled out in this manner, but to tie the memorandum to the staff at SentinelOne sent a chill throughout the industry. Wednesday’s news came on the heels of Elon Musk’s so-called "Department of Government Efficiency" team said it planned to cut 130 positions at CISA, and the April 4 firing of Gen. Tim Haugh, who led the National Security Agency and U.S. Cyber Command.
Few contacted by SC Media were willing to comment on yesterday’s news.
For its part, SentinelOne released a tepid response, saying it would cooperate in any review of security clearances held by any of its personnel, which the company said was less than 10 employees overall and only where required to secure government systems.
“Accordingly, we do not expect this to materially impact our business in any way,” read the SentinelOne statement.
“The revocation of clearances for Krebs and his team are all highly concerning,” said Chris Gray, Field CTO at Deepwatch. “These changes have been executed in conflict with previous operational procedures, demonstrate a personal history against those who the administration have considered to be enemies, and pose a potential serious setback for industry and national cyber defensive capabilities.”
Gray added that the standard process for removing security clearances involves extensive reviews, including appeals and judicial decisions. While granting and revoking such clearances is not at all uncommon, it's very rare for such actions to be executed by executive order, said Gray.
“Even in this case, the suspension must move through the normal channels,” said Gray. “This will not likely be a quickly closed scenario. The immediate result, however, is plain: Krebs and his team are shut down and the administration has targeted a major player in the cyber security industry in doing so.”
John Bambenek, president at Bambenek Consulting, pointed out that SentinelOne had no role in the dispute between the Trump administration and Krebs as the cybersecurity firm purchased the Krebs Stamos Group advisory group in 2023.
“Therefore, targeting them seems gratuitous even under the ‘new rules’ and risks dividing both the economy generally and cybersecurity firms specifically into ‘Republican’ and ‘Democrat’ when the work really is non-partisan," said Bambenek. "I don’t ask my employers, clients, or coworkers what their political beliefs are, and I don’t want to start now.”
For security pros, Bambenek said the situation adds another layer to their research before taking on a client. He said security pros now need to ask if there any partisan political implications of any specific job or contract.
“If I had been considering that for the past 10 years, there are likely a few projects I wouldn’t have taken on as a result,” said Bambenek.
