Chris Krebs was fired by then-President Donald Trump from his post as director of the U.S. Cybersecurity Infrastructure Security Agency (CISA), after creating a CISA website to refute the false claims of voter fraud during the 2020 election.  Now a cybersecurity consultant, Krebs appeared at the Kennedy School’s Institute of Politics John F. Kennedy Jr. Forum to discuss secure elections, endangered commerce, hacked utilities, and pineapple pizza.

In a spirited discussion with Joan Donovan, research director of the Shorenstein Center on Media, Politics and Public Policy at HKS, Krebs explained that while his public service career was lost by “taking the hit for integrity” over the election, it was the right thing to do. “It’s defending democracy,” he said. “Can you take anything more seriously? And that was the mentality across the entire CISA team: if we do anything meaningful in the entirety of our careers or our lifetimes, this is it.” And while he declared the 2020 election “the most secure in American history”, he stills feels misinformation, disinformation, and the internet's infrastructure can—and will—continue to wreak havoc and disrupt our lives. 

“The point of technology is to make things easier, to make things more efficient,” he said. “The problem though, is that there are downsides that allow bad actors who want to monetize the technology pieces. It gives them plenty of opportunity. The best case study for that right now is ransomware.” He pointed to this past summer when Colonial Pipeline, the transcontinental gas utility, went offline for several days due to a ransomware lockdown.  “Why don't we address the vulnerabilities? The benefits of technology still far outweigh the downside. Even with hacking, even with this information, the benefits we derive are still so far out in front. So, we are left with this broad attack surface.”

Joan Donovan and Chris Krebs at the JFK Jr. Forum.
“It’s defending democracy. Can you take anything more seriously?”
Chris Krebs

And the attacks can come from all directions. “When you think about a critical infrastructure that connects people, then you have to worry about power,” he noted, recalling the hours-long blackout that Facebook, Instagram, and other social media platforms suffered this month. “So, I’m Instagram,” he continued, “a massive, massive commerce tool. That’s where a lot of small businesses market their goods and how they conduct daily business operations. That was a significant outage for a lot of infrastructure, and we don't always see those connective tissues. We just think about goofy dog tapes and beach pictures, but there's a lot of commerce that rides behind that.”

Krebs also highlighted something he has viewed for some time: a foreign adversary getting on a platform and amplifying or manipulating information, disrupting the intelligence community. “I honestly don't think we know enough about how the platforms operate right now to make meaningful regulation, meaningful legislation, to then inform regulation,” he said.  Donovan agreed. “We have to have more required disclosures from the platforms, much more research on the harms caused by these platforms, like financial fraud or personal injury. And then of course there are collective social injuries, like the January 6th insurgency,” she said.

Trying to explain how misinformation leads to divisiveness, the CISA team launched the “war on pineapple campaign,” an internet test to increase awareness on how disinformation campaigns influence operations work. Why pineapple? “It was in the wake of 2016, looking at the techniques that the Russians used to amplify a kind of social discord. We needed an issue to test where people were clearly on one side it of or the other. It couldn’t be political—that turns off 50% of people. As we discussed what that issue could be over a pizza lunch, there it was: whether you liked pineapple on your pizza or not. It actually was a coordinated behavior campaign to drive home the idea that Americans will argue over simple things, like a pizza topping.”

Despite all the work Krebs and his team at CISA did to authenticate the 2020 elections and disprove the claims of voting fraud, he remains a fan of paper ballots. “Paper gives you the ability to audit,” he stated. “When the claims began in the 2020 election that the system was rigged and we’re adjusting the vote counts, we said, ‘Ok, how about we count it?’ So Georgia counted, they counted their vote three times, and it was consistent every single time. We need as close to a hundred percent paper as possible.”

Photographs by Martha Stewart

Get smart & reliable public policy insights right in your inbox.