Risky Business #788 -- Trump targets Chris Krebs, SentinelOne
Apr 16, 2025
auto_awesome
Rob Joyce, former NSA Cybersecurity Director, discusses the fallout from Trump targeting Chris Krebs for his election security stance. The implications for the cybersecurity industry are alarming, with potential chilling effects on public safety. Fletcher Heisler, CEO of Authentik, dives into the complexities of the identity ecosystem and how innovative solutions are emerging to tackle these challenges. They also touch on recent cyber threats, including ransomware trends and the ongoing push for accountability in the spy industry.
Trump's targeting of Chris Krebs raises concerns about the intersection of politics and cybersecurity governance, potentially intimidating officials from asserting factual narratives.
Senator Ron Wyden's intention to block Trump's CISA nominee until transparency on telecommunications vulnerabilities emphasizes the need for increased governmental oversight in cybersecurity.
The potential U.S. participation in the Pall Mall Pact reflects a bipartisan recognition of the urgent need for regulations on spyware proliferation and accountability.
Deep dives
Political Targeting of Cybersecurity Officials
The recent presidential memorandum issued by former President Trump targets Chris Krebs, the inaugural director of CISA, and revokes the security clearances of him and employees at his current employer, SentinelOne. Krebs was criticized for affirming the security of the 2020 election, a statement that contradicted Trump's claims of election fraud. This political maneuvering raises serious concerns about the implications for cybersecurity governance, as it blurs the lines between politics and essential cybersecurity roles. The move has left Krebs's professional future uncertain and may intimidate other cybersecurity officials from voicing facts that contradict political narratives.
Concerns over CISA Director Nomination
Senator Ron Wyden has expressed the intention to block Trump's nominee for the next CISA director until the Department of Homeland Security releases a crucial report regarding telecommunications security vulnerabilities. This report, dating back to 2022, raises questions about the weaknesses in SS7 and Diameter protocols, which have significant implications for network security. Wyden's insistence on transparency is indicative of a larger concern surrounding governmental oversight of cybersecurity infrastructures. The delay in appointing a permanent CISA director could pose additional risks to national cybersecurity efforts during this critical period.
Pall Mall Pact on Spyware Regulation
The Pall Mall Pact, aimed at regulating spyware proliferation and promoting accountability, has emerged as a significant step in combating the widespread issues associated with commercial spyware. Initial reports suggested that the U.S. would not join the pact, but indications now show a potential reversal on that stance. This non-binding agreement represents a proactive approach among nations to address the dangers posed by unchecked spyware use. The move reflects a bipartisan consensus in the U.S. regarding the need for regulations surrounding the sale and usage of spyware technologies.
Challenges in the TLS Certificate Ecosystem
The CA Browser Forum has voted to reduce the maximum validity of TLS certificates from 398 days to just 47 days, signaling a shift towards more frequent updates and potential automation of certificate issuance. This change addresses longstanding issues around the effective mechanisms for certificate revocation, fundamentally impacting how organizations manage their TLS practices. While this move aims to enhance security by limiting the lifespan of potentially compromised certificates, it highlights the need for systems that can efficiently manage these frequent renewals. There's optimism that the industry will adapt and innovate towards making this transition seamless and beneficial for cybersecurity overall.
The Rise of Browser Extension Threats
A researcher has uncovered numerous malicious Chrome extensions, which, despite having millions of installations, remain obscure and unlisted in the Chrome Web Store. These extensions pose significant risks as they can potentially capture sensitive user data without alerting users, emphasizing the need for vigilance when installing browser extensions. This situation highlights a broader trend in which attackers leverage browser environments to exploit user trust and access sensitive information. The findings underscore the necessity for improved security protocols and awareness around browser extension installations to mitigate emerging cyber threats.
On this week’s show Patrick Gray talks to former NSA Cybersecurity Director Rob Joyce about Donald Trump’s unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne.
They also talk through the week’s cybersecurity news, covering:
Mitre’s stewardship of the CVE database gets its funding DOGE’d
The US signs on to the Pall Mall anti-spyware agreement
China tries to play the nationstate cyber-attribution game, but comedically badly
Hackers run their malware inside the Windows sandbox, for security against EDR
This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins to talk through the increasing sprawl of the identity ecosystem.
