Cybersecurity under fire: CISA’s former deputy director decries post-election vilification

Matt Travis talks about CISA's role in the recent US elections and how President Trump and his surrogates have politicized the security function.

Election security  >  Backlit hand drops a vote in a ballot box with US flag + binary code overlay
JCrosemann / Traffic Analyzer / Getty Images

Matt Travis, the former deputy director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), kicked off this year’s Aspen Cyber Summit yesterday with a keynote interview by journalist Kara Swisher. Travis provided an insider’s view of the events leading up to the firing of CISA director Christopher Krebs and discussed the fallout from President Donald Trump’s attempts to undermine the agency.

The just-concluded president election represented “the most secure election in American history,” according to Krebs. Despite this achievement, or perhaps because of it, Krebs was summarily fired by Donald Trump via a tweet on November 17. Before Krebs was dismissed, the White House asked for the resignation of Brian Ware, the highly regarded assistant director for cybersecurity for CISA. After Krebs’ forced departure, Matt Travis, CISA deputy director and Krebs’ right-hand man at CISA, resigned from the agency.

On Sunday, Krebs, a lifelong Republican, told 60 Minutes’ Scott Pelley that he has complete confidence in the election outcome. He dismissed as conspiracy theories some of Trump’s increasingly convoluted stories of how President-Elect Joe Biden “stole” the election. Krebs said that Trump’s attorney Rudy Giuliani’s promotion of unproven election fraud was an “attempt to undermine confidence in the election, to confuse people, to scare people.”

Following the 60 Minutes interview, another Trump attorney, Joseph DiGenova, said that Krebs should be “taken out and shot” for contradicting Trump’s unsubstantiated claims of voter fraud. Yesterday, Krebs told CBS’s Savannah Guthrie that he is looking into potential legal action following DiGenova’s bald threat. Alex Stamos, former Facebook CISO and founder of the Stanford Internet Observatory, filed a complaint against DiGenova with the DC Bar’s Office of Disciplinary Counsel and encouraged his fellow infosec peers to do the same.

Fighting disinformation from within

Against this backdrop, Travis provided a timeline of events, noting that the days immediately following the election were initially “kind of quiet” because the mail-in votes were still being counted and no key states had been called for either candidate.

A week after the election, however, Politico ran a report that “essentially said ‘here’s a government agency you never heard of that is countering the president’s lawyers’ claims about impropriety or fraud in the election,’” Travis said. “We generally tried to fly under the radar knowing how fraught with peril this election might be because of the nontraditional way the votes would eventually be tabulated. As the days wore on and the kind of rhetoric from the president’s campaign continued to kind of contradict what we saw and knew to be the case, we could recognize the tension could probably grow.”

Trump was seemingly most irritated by CISA’s rumor control website, which was modeled after a FEMA effort and sought to bat down the false stories surrounding the election. The agency had been fully prepared for the disinformation to come from Russia but not from the White House. “We frankly expected it to be used against foreign adversaries, what we saw from Russia in 2016, the disinformation campaign of using fake personas online and putting out falsehoods,” Travis said.

CISA believes it’s the agency’s job to fight against election falsehoods and reassure voters of the electoral process's integrity. “Once the election had been conducted, and the electoral process of canvassing and certifying and counting was in place, we felt it was our role to be articulating the ground truth on what these processes entailed and what security protections had been built into these systems.”

The politicization of security

It was precisely that ground truth that prompted Trump to fire Krebs on Twitter without a phone call or conversation of any kind, sparking a firestorm of breaking news reports and disbelief at the relatively staid and unknown agency. “There was a surreal nature to it when Chris’ firing was all over the news,” Travis said. “We are a component of a department. When my resignation hit the press, I think Don Lemon broke in, and my name was on the chyron. In what bizarre world does the deputy director of a DHS component warrant prime time?”

The politicization of what has traditionally been a non-political, bi-partisan issue disturbs Travis. “The first principle of what a government should be doing [is] protecting those systems and activities that enable our economy. That is what we are protecting at CISA,” he said. “What we were hearing from the Trump campaign was in effect politicizing the security of a subsector of infrastructure, namely the election system.”

Threats of physical violence against Krebs

Regarding DiGenova’s call for Krebs to be shot, “it’s egregious. A loss of words for just how absurd and offensive those comments are,” Travis said. “What happened to shame? What happened to Mr. DiGenova? Is he not ashamed of this kind of language? He’s a small man with a small mind.”

Travis’s strong words have been echoed by many leading cybersecurity experts. “Chris demonstrated moral courage, and the administration fired him for it, unceremoniously and continuing the degradation of norms they’ve exhibited for the past term,” Bryson Bort, founder and CEO of SCYTHE and chairman of GRIMM, tells CSO. “Furthermore, the threats continue as the president stokes his base for his own personal reasons— it’s unconscionable,” Bort adds. “CISA, along with multiple federal agencies, state and local officials, and numerous volunteers, ensured an overall proper election process.”

Hope that CISA returns to normal operations

Travis hopes that the drama of the past few months dies down so that the agency can go back to fulfilling its mission of protecting 16 critical infrastructure sectors. “We certainly never expected CISA, its mission, its people to be under attack like this. I hope it ends soon.”

The smoke has yet to clear around the agency, so it’s not easy to see how well CISA bounces back once it does. “Certainly, there are costs to losing the leadership and vision,” Bort says, predicting that the agency will return to form under the incoming Biden administration. “The team provided great cover for the organization to do what needed to be done. CISA will continue because it’s got a great foundation and the momentum of public-private partnerships.”

Copyright © 2020 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.