Words of dissent and support for former CISA director Chris Krebs are starting to emerge from a cybersecurity industry that has mostly kept quiet in the wake of President Trump’s move to remove security clearances from Krebs and his current employer, SentinelOne, and to order the Justice Department (DOJ) to launch investigations into him, his company, and CISA.

In recent days, the Electronic Frontier Foundation urged others in the cybersecurity space to speak out against the president’s April 9 memorandum, with Eva Galperin, EFF’s director of cybersecurity, and Jason Kelley, its activism director, writing that “it is critically important for us to speak up to ensure that essential work continues and that those engaged in these good faith efforts are not maligned by an administration that has tried to make examples of its enemies in many other fields.”

Similarly, Katie Moussouris, founder and CEO of Luta Security, in a blog post voiced her support for Krebs and SecurityOne and noting that she and her company – which she said is more vulnerable than others with deeper pockets – may face retaliation for doing so, but added that she hoped the column “will help encourage others with bigger boats to raise their flags in support.”

“What happened to Chris and SentinelOne won’t make our country safer or greater; it risks the opposite,” Moussouris wrote. “National security shouldn’t be a partisan issue. It should bring us together as a country instead of dividing us.”

Warnings of Other Moves

Others speaking out include Jen Easterly – Krebs’ replace as CISA director after Trump fired him in 2020 for disputing the president’s unfounded claims that his 2020 election loss to Joe Biden was due to widespread fraud and interference – and Brian Krebs, a high-profile cybersecurity expert who is no relation to Chris Krebs.

However, many others in the cybersecurity field have been silent, with some likely doing so to avoid the president’s wrath. Reuters reported the day after Trump issued his order that of almost three dozen security companies or service providers with security practice contacted by the news agency, only one offered a comment.

They also warned of other Trump actions regarding cybersecurity – including the expected mass layoffs at CISA and the firing of Gen. Timothy Haugh as National Security Agency director and head of U.S. Cyber Command – at a time of rising threats from adversaries like China and Russia.

Krebs’ Denial of Trump Claims Fuels Probes

Trump stated in his memorandum he targeted Chris Krebs for a number of reasons, including denying the 2020 election was tampered with, as well as suppressing conversative viewpoints on the election, COVID-19, and the GOP investigation into the laptop of Biden’s son, Hunter Biden.

In his memorandum, the president claimed the moves were to end censorship and ensure loyalty and accountability.

“President Trump has made clear that loyalty to the United States must come before personal or partisan agendas, taking decisive action against those who misuse their undeserved influence to deceive the American public,” the memorandum said.

Krebs has not publicly commented on the controversy. SentinelOne – Krebs its CIO and chief public policy officer – noted in a statement that fewer than 10 employees hold security clearances and that it would cooperate with any investigation by the government.

Public Outcry Needed

In their column, EFF’s Galperin and Kelley noted that Trump is using the same tactics to punish law firms that had worked on voting rights lawsuits and for political opponents and said the vocal public pushback by many in the legal field in comments and court filings was important, particularly given that several high-profile firms gave into the president’s demands.

“It is critical that the cybersecurity community now join together to denounce this chilling attack on free speech and rally behind Krebs and SentinelOne rather than cowering because they fear they will be next,” they wrote. “The White House must not be given free [rein] to turn cybersecurity professionals into political scapegoats.”

For her part, Luta’s Moussouris wrote that the targeting of Krebs and any others for doing their jobs will “have a chilling effect that makes us all less safe,” making it more difficult for skilled professionals from the public sector to be hired in the private sector and less likely that security experts will go into government jobs.

Brian Krebs wrote that Trump’s memo “stands reality on its head,” pointing out that one point the president accused Chris Krebs of promoting the censorship of information about “known risks associated with certain voting practices” while also “baselessly denying that the 2020 election was rigged and stolen.”

An Ode to Security Pros

Easterly, who left CISA just before the Trump Administration took over, in LinkedIn wrote what she titled “A Passover Poem for Cyber Defenders,” including the lines:

For those who stand and tell it plain,
Though truth may cost, though smear and strain—
For those who said: “This was secure,”
And pay the price to still endure—
Still, we can stand.

She, like Brian Krebs, warned about Trump’s moves to shrink the country’s security apparatus, writing in another LinkedIn post that “Eviscerating America’s Cyber Defense Agency will indeed result in “Open Season” on the US” and defending the professionalism and work of cybersecurity pros in government.

The moves by the administration include plans to slash another 1,300 jobs from CISA, reducing by 40% the number of its contractors, and removing civil service protections of 80% of employees remaining at CISA, which could expose them to being fired for political reasons. Brian Krebs wrote.