The people tasked with keeping the country safe from foreign government hackers and cybercriminal gangs say they feel like they’re under attack, not from their usual adversaries but from the administration they work under.
President Donald Trump’s Wednesday order calling for a Justice Department investigation into Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), has sent fresh shock waves through that agency’s hallways, according to five employees who spoke with NBC News. Each spoke on the condition of anonymity because they were not authorized to speak publicly.
The order comes as the White House is downsizing the agency for at least the third time in three months.
“It’s a really tough time for all of us right now,” said one employee. “Every day feels somehow more bizarre than the last. It is incredibly difficult to focus on our mission.”
Krebs, whom Trump appointed as CISA’s inaugural director during his first term, quickly built the agency into the country’s front-line digital defender of critical systems. But he also emerged as a surprising counterpoint to the president, particularly around his efforts to advance false claims that the 2020 presidential election was stolen.
The order Trump signed cites Krebs’ insistence that there is no credible evidence of widespread fraud in the 2020 election, despite Trump’s false but often-repeated claims. Also signed by the homeland security secretary, it directs the attorney general to “take all appropriate action to review” Krebs’ activities.
Employees who spoke to NBC News largely believe Trump’s action was politically motivated. Trump also revoked Krebs’ security clearance.
“I feel so sickened by this. It’s a shocking abuse of power,” one said.
Trump’s moves on Krebs and CISA come as the U.S. faces mounting cybersecurity challenges, most notably from China, which has in just the last two years shown its capability to penetrate deep into sensitive U.S. infrastructure as well as government systems, federal officials say. For-profit hackers have also turned ransomware into a billion dollar criminal enterprise that shuts down hospitals, schools and many businesses.
Republicans quickly coalesced around Trump’s election claims and politicized the agency’s efforts to coordinate with technology companies to secure elections, including how to counter the spread of foreign propaganda.
Under Krebs, CISA coordinated a unified response from government agencies and states disputing false claims of election fraud, many of which Trump and his allies used to justify his attempts to stay in office. Trump fired Krebs two weeks after that election.
“This EO targeting former director Krebs seems based in personal vendetta, and no American should be comfortable with that,” another CISA employee said.
Krebs declined to comment. On Wednesday evening, he reposted to X the message he first published in 2020 after Trump fired him: “Honored to serve. We did it right. Defend Today, Secure Tomorrow. #Protect2020.”
The Trump administration is also currently purging CISA’s workforce, according to emails to staff obtained by NBC News. The Department of Homeland Security, CISA’s parent agency, sent a memo Monday evening that encouraged employees to retire early or take a buyout package by Monday.
A second email, sent by CISA acting director Bridget Bean, reiterated that offer. Trump has nominated a permanent director, Sean Plankey, who has yet to be confirmed by the Senate. A CISA spokesperson declined to comment. The White House didn’t respond to a request for comment.
A DHS spokesperson declined to share how many employees it expected to cut, but said in an emailed statement: “Every dollar spent and position filled at DHS should be focused on our core mission of securing our homeland and keeping the American people safe.”
Those buyout offers echo a round of emails that DHS sent to CISA employees in February. A DHS spokesperson told NBC News that month it had also cut more than 130 employees who had probationary status and that it deemed “non-mission critical personnel.”
On Sunday, before the Krebs news and as rumors spread that the second round of buyout offers was going out, Jen Easterly, who succeeded Krebs as CISA’s director under President Joe Biden, posted to LinkedIn about why the cuts could hurt U.S. security.
“Degrading the capability and capacity of the federal cyber ecosystem—whether by laying off hundreds of highly talented cyber professionals at America’s cyber defense agency or by decapitating the highly effective, nonpartisan, and principled leadership of America’s most important technical intelligence agency—will only make Americans less safe and more vulnerable to our adversaries,” Easterly wrote.
One CISA employee said the repeated staff reductions hampered the agency’s ability to secure critical infrastructure, which often relies on experts who are familiar with highly specialized computer programs and operating systems.
“The cuts that happened initially have already severely degraded our capacity to defend critical infrastructure,” the employee said. “The cuts that may come — I don’t know what the numbers are going to look like — but they without a doubt will further degrade our ability to defend critical infrastructure.“
Trump’s executive order also suspended the security clearances of employees at the cybersecurity company where Krebs works, SentinelOne.
SentinelOne released a statement Thursday evening it would “actively cooperate in any review of security clearances held by any of our personnel” and that it views “the White House as a crucial collaborator.” It did not defend Krebs.
Another CISA employee said Trump’s decision to target SentinelOne could start a chilling effect where employees feel pressured to ignore software vulnerabilities that might upset the president.
“Will there be pressure to not have a public vulnerability in a car company if the CEO is close to the president?” the employee said. “It’s like Iraq war intelligence. We’re only going to say what they want to be the message, rather than telling the country about real threat.”
