Krebs Firing - Model for Cyber Maturity

The politically based removal of the most visible cybersecurity leader in the nation degrades national cyber resilience. When President Trump fired Chris Krebs as Director of the Department of Homeland Security Cyber Infrastructure and Security Agency (CISA), it left a stain on the cybersecurity tapestry. More importantly, it weakened the pillars of Democracy. 

Director Krebs’ dismissal was only disgraceful, but it undermined the complexity of the cyber threat environment. It devastated the subtle power of leadership, a skill critical to gaining compliance, and cementing non-partisan partnerships.

His tenure at CISA was critical to the growth of national cyber maturity. He assumed the reigns from his predecessors, who advanced risk management concepts to include threat identification, information sharing, risk management, response coordination and cyber awareness.

Understanding the Modern Labyrinth

For context, the ongoing cybersecurity challenge is one that all nations face. The perils of utilizing connected infrastructure remain constant across government structure, throughout private sector networks and within each internet transaction. The threats are resident in and across technology platforms. While they fly above the political spectrum, cybersecurity threats have garnered legislators’ attention from both sides of the aisle. Many have mutually agreed on the importance of a strong national cyber defense.

There are layers of risk versus reward decisions that tech leaders and system managers make daily. Interestingly, the complexity of the multi-leveled cyberspace chessboard pits chess master against the very training underpinning their cyber strategy. As an example, there are best practices for protecting health records. However, in a life or death situation, should a cyber practitioner complicate a doctor’s ability to save lives?

The risk decisions that must be made stretch the capabilities of cyber risk professionals. This dynamic is common at both the national and local levels. The labyrinth of risk management processes link and form our national network. This digital quilt, a mishmash of managed government, private sector and personal networks create a shield that constitutes a healthy national digital environment.

All elections are local; however, their implications determine national resilience. As we saw in the 2016 elections, cyber interference did not culminate into a sequence of network intrusions. Rather, a diabolical attack on people’s tendencies and emotions in local communities was hacked. This identifies a changing threat environment stretching the risk management boundaries of cyber professionals. People with similar opinions were conditioned and inspired to take physical action. It created a new spectrum of cyber-attacks. Since the physical activity of casting votes was based of subversion efforts, it became the U.S. Government’s concern.        

We Must Lead from the Front

In most sectors, Democracy affords us the personal freedoms to launch cyber protections or not. From corporate boards to individuals, the quest to build national cyber resilience is imbedded in the ability to protect assets, systems, and networks. The issue is that Americans see their digital right as Constitutional freedom.

Director Krebs assumed a role that would touch the fragile rails of our perceived rights by its very nature. He sought to recast a digital culture using authority typically framed only by laws, regulations, and liability. His efforts were launched in a politically charged time of misinformation and disinformation. The perpetrators clouding the truth were organized as any of the candidate’s running campaigns.  

His complex duties were predefined; to assure Confidentiality, Integrity, and, Availability (CIA Triad) — The Backbone of Cybersecurity. The CIA Triad offers a foundation for critical security functionality, leads to enforcement and compliance, and helps cyber professionals maintains continuity to avoid losses, reputational damages, and doubt.

The 2020 U.S. elections are reported to be the most secure in U.S. history. When Director Krebs confirmed Russia interference in the 2016 elections and abated conspiracy theories pushed by national leaders, we saw the best measure of his success as the Director of CISA. It was also the lesson every cyber professional needs to learn.

True Leadership Builds Trust

Over the last eight years, the private sector, and various user communities worked through complicated interdependencies and independencies the build cyber resilience practices. Professional leadership was the key to gaining consensus between business competitors and creating approaches to protect critical infrastructure.

Maintaining our quest for cyber maturity requires some stakeholders to take actions that go counter to immediate benefit. This might include manufacturers who profit from reducing time to market as opposed to assuring product security. Or, politicians proposing legislation that leads to cyber standards that ultimately increase a constituent’s cost of doing business.

The willingness of leaders at all levels to embrace higher standards and ethics keeps Democracy rumbling along. A continuous increase of cyber professionals who live by the Krebs model is necessary. By continuously evolving new cyber leaders who understand the value of professionalism we will see the cyber maturity necessary to nurture our young digital Democracy.