Ex-CISA Head Chris Krebs: ‘Impeachment Is the Right Mechanism’

It's been a busy few months for Chris Krebs. As the director of the US Cybersecurity and Infrastructure Security Agency, Krebs oversaw the country's election preparedness , grappling not only with potential foreign hacking threats but a firehose of disinformation from President Donald Trump and his associates. He spent weeks countering conspiracy theories about voter fraud and manipulated voting machines , only to be fired in a Donald Trump tweet on November 17 .Since then Krebs has remained active. He recently joined the Aspen Institute as a senior fellow, leading a commission that will study “information disorder.” He founded a consulting firm with former Facebook chief security officer Alex Stamos , and signed high-profile Russian hacking victim SolarWinds as a client. And he has remained a vocal critic of Trump and his enablers on social media and beyond. On Wednesday, Krebs joined WIRED for an interview that touched on disinformation, SolarWinds, ransomware—and what can be done to close the chasm opened by Trump's conspiracy brain.
Brian Barrett: CISA was worried rightly about misinformation from other countries, from Russia, Iran, China, but at what point did it become clear that you may have have a bigger domestic problem? And not only that, but a problem coming from the president himself?Christopher Krebs: This is a pretty timely conversation; even though the election's over and we have a very clear winner, the effects of disinformation are continuing on a daily basis. And unfortunately, it's gotten to the point where the long tail of disinfo has led to physical manifestations of violence, as we saw last week at the Capitol.
When I think back about election security and all the work we did over the last four years, the principal goal was to ensure that the voting systems themselves were as secure as possible. So, no foreign actor—Russian, Iranian, Chinese, or otherwise—could hack into systems and affect the election process. We had a pretty good sense from the beginning that the actual voting machines that the voter engages with and casts their votes on, and then the tabulators and all the other machinery or the equipment involved in the election, that they were fairly distributed in a way that it would be difficult for any foreign actor to affect the outcome of an election at scale.

But as the concern of the actual hack went down, our concern of a perception hack went up. We had spent four years effectively building every sort of scenario possible where you could see someone try to affect an election. We had dozens and dozens of these scenarios that we had red-teamed and threat modeled. All along, we unpacked them and said, OK if you were going to do this, what would be the defense against it? And then we built those defenses into our strategy.

As the spring and Covid-19 turned into the summer and we saw this expansion of mail-in and absentee votes, that's what it really became clear to us that voter confidence, manipulation, or these perception hacks in disinformation were not just going to be a foreign threat. We were seeing domestic efforts by the president and the campaign as well. So at that point we started thinking through what sort of information we get out to the public to reinforce confidence in the processes that are involved. We started pushing documents like risk assessments and the security controls in place over the summer. And then that carried through the election and the establishment of the Rumor Control website, which was very effective at pushing back against specific claims that the president and others were making.
In fact, Trump ended up clearing house at CISA to a large extent in response, including you unfortunately. You mentioned you red-teamed various scenarios leading up to the summer. Did that include something specifically like the situation we’re in right now, where Trump refuses to concede the election and claims fraud?