Chris Krebs, former CISA Director, became a symbol of truth in cybersecurity after affirming the … More
In the world of cybersecurity, where truth is paramount and trust is everything, silence can be louder than an alarm.
When President Trump issed an Executive Order targeting Chris Krebs—a respected cybersecurity leader and the first director of the Cybersecurity and Infrastructure Security Agency—the cybersecurity industry should have responded with a unified voice of outrage and support. But instead, it largely whispered… or worse, said nothing at all.
This moment is not just about Krebs. It’s a constitutional stress test. A moral gut check. And the cybersecurity industry is failing it.
What Happened in 2020?
Chris Krebs isn’t a political agitator. His role and actions in 2020 were not partisan. He was Trump’s own appointee to lead CISA, the agency charged with protecting the nation’s critical infrastructure, including elections. In the run-up to the 2020 presidential election, Krebs and his team worked tirelessly with state and local election officials to safeguard systems against foreign interference and domestic cyber threats.
When the votes were counted and no credible evidence of widespread fraud emerged—despite a tidal wave of disinformation—CISA issued a joint statement declaring the 2020 election “the most secure in American history.” Over 60 lawsuits attempting to challenge the results were dismissed across the country—primarily due to a complete lack of evidence to support the claims. Many of those decisions came from Republican-appointed judges. The facts were clear.
But truth has become a political liability.
For doing his job—and doing it well—Krebs was fired via tweet. And now, years later, he has been further targeted by an Executive Order that effectively seeks to blacklist him, his employer, and his professional associates. The message is unmistakable: disloyalty to the narrative will be punished.
Is the Executive Order Even Legal?
The Executive Order targeting Chris Krebs is not just a political stunt—it raises serious constitutional red flags.
At its core, it punishes a private citizen for protected speech, which violates the First Amendment. Krebs was fired from his role at CISA for publicly affirming that the 2020 election was secure—an assessment backed by dozens of court rulings and independent audits. Now, years later, he’s the subject of an order that calls for a federal investigation and labels him a “bad-faith actor” for doing his job.
According to Petra Molnar, a professor and author of The Walls Have Eyes: Surviving Migration in the Age of Artificial Intelligence, “targeting former officials perceived to be in opposition to the current administration is not constitutional.” She adds that the Executive Order “undermines the crucial separation of powers between the President’s Executive Office, the Legislative Branch, and the Justice Department.”
This is more than overreach—it’s retaliatory use of executive authority without legal basis. And while politically motivated targeting isn’t new, Molnar notes that what’s unprecedented is “the escalation of retribution campaigns against individuals perceived to be against the goals of the Trump Administration.”
The Constitution explicitly forbids Congress from issuing bills of attainder—laws that single out individuals for punishment without trial. While that restriction technically applies to the Legislative branch, the spirit of it clearly applies here. A president cannot simply declare someone an enemy of the state for contradicting a political narrative. That’s not national security—it’s authoritarianism, dressed up in executive language.
The Cybersecurity Community’s Deafening Silence
You’d think an industry built around defending truth, integrity, and the sanctity of systems would rally around one of its own. There are admittedly a few brave voices—like Katie Moussouris of Luta Security, cybersecurity journalist Brian Krebs (no relation to Chris Krebs), and a smattering of others. Richard Stiennon, chief research analyst with IT-Harvest and author of Security Yearbook 2025, shared a video of Trump signing the Executive Order on LinkedIn with the statement, “This abhorrent president lashing out at those that served the country is sickening.”
In general, however, the cybersecurity industry has largely stayed quiet. In fact, many sources I reached out to refused to comment on the record for this story.
No public statements from RSAC conference organizers. No press releases from leading vendors. No formal pushback from industry alliances. It’s not just disappointing—it’s damning.
This is not how you defend your values.
Many organizations seem to believe they can sidestep this conflict by remaining neutral. But neutrality in the face of injustice is a choice—it’s a choice to appease. And appeasement doesn’t work. Just ask Neville Chamberlain.
The Illusion of Safety Through Silence
We’ve seen this play out in other sectors. Columbia University has faced intense scrutiny and backlash not for what it said, but for what it failed to say—and the compromises it made to stay in the good graces of political power. Paul Weiss, once a symbol of legal prestige, has come under fire for pulling away from defending academic clients under political pressure.
Contrast that with Harvard University, which has rejected demands from the Trump administration and publicly defended democratic norms. Or Perkins Coie, the law firm that continues to represent election officials and fight disinformation, even under threat.
Where are the Harvard Universities and Perkins Coie law firms of the cybersecurity world?
The Krebs case is a crucible. It reveals who is willing to stand for principle—and who is hoping the storm passes them by. But that’s not how this works. You don’t avoid authoritarianism by looking the other way. You feed it. You enable it.
“First They Came…”
We all know Niemöller’s haunting poem:
“First they came for the socialists, and I did not speak out—because I was not a socialist…”
It has become the go-to cautionary tale for the dangers of silence in the face of rising authoritarianism. And yet, here we are—living it in real time—and most of the cybersecurity industry is failing the test.
They came for Krebs. And most watched. Quietly. Uncomfortably. Passively.
Everyone—or at least almost everyone over the age of 40—has probably wondered how Germany allowed Hitler to rise to power. We have gone through the thought exercise at some point of considering what we would have done if we lived in Germany during Hitler’s rise. People don’t ponder that question and think, “I would have remained silent.” They ponder that question and imagine themselves as a noble hero—standing up for liberty and freedom.
And yet, here we are.
Freedom isn’t free and actions have consequences. Will there be repercussions for organizations that defy Trump’s whims? Maybe. Current events suggest the odds are good. But, millions of Americans have given their lives to support and defend the Constitution and stand up for democracy and freedom. The least cybersecurity vendors, law firms, universities, and other targeted organizations can do is risk sacrificing government contracts and revenue to stand up for their principles and the rule of law.
If a former CISA director, a nationally respected cybersecurity expert, can be targeted for doing his job and speaking the truth, what makes you think you’ll be safe when your turn comes?
The Stakes Are Bigger Than One Person
This is not about left or right. It’s not about politics. It’s about whether we allow power to dictate truth, or whether we stand up to defend it—even when it’s hard. Especially when it’s hard.
The cybersecurity industry has always portrayed itself as the vanguard—defenders of infrastructure, truth, and resilience. But right now, it’s at risk of becoming just another silent institution, hoping the monster it won’t name doesn’t notice it.
That’s not defense. That’s surrender.
A Call to Speak
To every cybersecurity leader, CISO, vendor, and industry body: this is your moment. Not just to protect one man’s reputation, but to show what kind of industry we want to be.
Because if we can’t defend the truth—if we won’t even defend one of our own when truth itself is under attack—then what exactly are we protecting?
Silence isn’t safe.
Silence is surrender.
