Srsly Risky Biz: Trump vs Krebs and the sound of silence - Risky Bulletin

Summary5 min read

Summary of "Risky Bulletin" Podcast Episode: Srsly Risky Biz: Trump vs Krebs and the Sound of Silence

Release Date: April 17, 2025
Host: Patrick Gray
Guest: Tom Uren, Policy and Intelligence Editor

Introduction

In this episode of Seriously Risky Business, hosted by Patrick Gray, the discussion centers around two pivotal topics in the cybersecurity landscape: the Trump administration's actions against Chris Krebs and the implications of China's Vault Typhoon campaign as reported by the Wall Street Journal. Tom Uren, the policy and intelligence editor, delves deep into these issues, providing insightful analysis and highlighting the broader impact on the cybersecurity industry and international relations.

Trump’s Campaign Against Chris Krebs

Background and Recent Developments

The podcast begins with a detailed examination of the Trump White House's actions against Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). Patrick Gray outlines the situation:

"President Trump wrote signed a memo instructing the Department of Justice to investigate Chris for what, I'm not entirely sure... he also revoked his clearance and targeted his employer, Sentinel1, thus making his position there untenable." [01:00]

Tom Uren adds context, explaining that Trump's dissatisfaction stemmed from Krebs' public assertion that the 2020 election was the most secure in history, effectively undermining Trump's claims of election fraud.

"Trump dislikes Krebs because Krebs said that the election Trump lost, the 2020 election was the most secure in history... he could have fired him back in those days." [02:02]

Impact on the Cybersecurity Industry

The discussion highlights the chilling effect this action has on the cybersecurity sector. Uren emphasizes that such political persecution instills fear within the industry, discouraging professionals from engaging in federal service or speaking out against governmental actions.

"The manner in which this is being done is just very, very bad... it makes everyone reluctant to engage in federal service. It's not a time that the government really has a wealth of cybersecurity talent just knocking at their door." [03:05]

Patrick Gray concurs, noting that executives in cybersecurity companies are hesitant to take a stand, fearing that supporting individuals like Krebs could make their organizations targets.

"This is why I said on the weekly show yesterday that I don't think Sentinel 1 is the bad actor here... Without a unified front, there's not really much Sentinel One can do to push back on this." [06:02]

Broader Political Repercussions

The conversation extends to other sectors affected by Trump's actions, such as law firms and universities, further illustrating a pattern of political persecution that undermines democratic principles.

"Trump did a similar sort of thing. He cancelled the security clearances of everybody working at law firms that he didn't like because in one case it had done pro bono legal work for the Jack Smith investigation." [05:23]

Tom Uren reflects on the difficulties of opposing such actions, citing the lack of a collective response from the industry due to fear of repercussions.

"I'm not expecting the cybersecurity industry to do it anytime soon." [05:23]

China's Vault Typhoon Campaign and its Implications

Overview of Vault Typhoon

Shifting focus, Patrick Gray introduces the Vault Typhoon campaign, a sophisticated Chinese cyber operation aimed at pre-positioning themselves within U.S. critical infrastructure. This enables potential disruptions in the event of a military conflict in the Taiwan Strait.

"The Vault Typhoon campaign involves Chinese apt crews sort of pre-positioning themselves in US critical infrastructure... cause all sorts of disruption to American infrastructure." [05:23]

Wall Street Journal Report and U.S. Government's Stance

The Wall Street Journal reported that a Chinese official implicitly admitted responsibility for Vault Typhoon during a meeting with American officials. Tom Uren offers a skeptical perspective on this admission, suggesting it may be more about bravado than a concrete acknowledgment.

"It sounds exactly like the sort of bravado that Chinese officials are often like expected to do when." [12:06]

Uren highlights the U.S. government's uncertainty regarding the direct involvement of senior Chinese leadership, such as Xi Jinping, in the campaign.

"The US Government is not certain that there's a direct line between Vault Typhoon and Xi Jinping... U.S. wanted to get across or part of the other messages that the US wanted to get across was the hacking of civilian infrastructure is out of bounds." [14:08]

Implications for U.S.-China Relations

The admission, whether genuine or performative, has significant implications for U.S.-China relations. It underscores the lack of trust and the potential for cyber warfare in geopolitical conflicts.

"The response they got was that... the infrastructure hacks resulted from the U.S. military's backing of Taiwan... most of the American delegation thought that that meant that yes, Chinese signature leadership knows and endorses that activity." [12:49]

Furthermore, the normalization of such cyber threats as potential acts of war indicates a volatile future in international cybersecurity dynamics.

"[...] hacking of civilian infrastructure is out of bounds. Like the phrase, I think in the report was that and we'd consider it an act of war." [12:49]

Notable Quotes

Patrick Gray [00:00]: "Regular cybersecurity news updates from the Risky Business team..."
Tom Uren [02:02]: "If you are unhappy with the performance of a person, you could have fired them back in those days."
Patrick Gray [03:21]: "This is really political persecution of a kind that we normally see in countries that, to put it politely, we don't really associate with good rule of law."
Tom Uren [05:23]: "It's just bad for national security, so it's bad for the safety of the nation."
Patrick Gray [06:02]: "It sucks because Trump got what he wanted."
Tom Uren [12:06]: "So the US Government is not certain that there's a direct line between Vault Typhoon and Xi Jinping."
Patrick Gray [14:19]: "That possibility hang in the air that maybe he doesn't know."

Conclusion

This episode of Risky Bulletin provides a comprehensive analysis of the ongoing political turbulence affecting the cybersecurity industry, exemplified by Trump's actions against Chris Krebs, and the escalating cyber threats posed by state-sponsored campaigns like China's Vault Typhoon. Tom Uren and Patrick Gray illuminate the intricate connections between political maneuvering, national security, and international cyber aggression, underscoring the fragile state of cybersecurity governance and the pressing need for unified industry responses.

Listeners gain a nuanced understanding of how political dynamics can undermine cybersecurity efforts and the broader implications for national and international security. The episode serves as a cautionary tale of the intersection between politics and cybersecurity, urging professionals and policymakers to navigate these challenges with vigilance and integrity.

Loading summary

Transcript26 lines

[00:00]
Patrick Gray
Foreign and welcome to another edition of Seriously Risky Business, the podcast we do here at Risky Biz hq, which is all about policy and intelligence. My name is Patrick Gray. We would like to thank the William and Flora Hewlett foundation for supporting this podcast and also Lawfare Media, which syndicates the column or newsletter on which this discussion is based. That is the Seriously Risky Business newsletter. And if you're not already subscribed, head over to Risky Biz and subscribe to it there. We also have a sponsor for this week's podcast edition, and that is Airlock Digital, one of my favorite cybersecurity companies. They do allow listing software that works across Linux, Mac and Windows. It actually works at scale. They've got it in places with a hundred thousand plus endpoints and it works really well. It is a sensational product if you're looking to tighten up your endpoint security. Definitely check them out. I'm joined now by our policy and intelligence editor, Mr. Tom Uren. Hello, Tom.
[01:01]
Tom Uren
G'day, Patrick. How are you?
[01:02]
Patrick Gray
Good, good. It's been, it's been quite the week, Right. And we're going to continue talking about the big story of the last week or so, which is this extraordinary action by the Trump White House against Chris Krebs, who is a friend of the show, you know, for those who were, you know, hiding under a rock, I guess the last week President Trump wrote signed a memo instructing the Department of Justice to investigate Chris for what, I'm not entirely sure. But it also revoked his clearance and targeted his employer, Sentinel1, thus making his position there untenable. I predicted yesterday in the show that he would be forced to resign. And in fact, that has just happened, Tom. And you know, you've led with that in this piece of analysis here. But this is pretty grim reading. Like what you've written up this week is really that, like we're not really expecting the industry to all sort of rally behind Chris. Everybody's just trying not to be the next target.
[02:03]
Tom Uren
Yeah, pretty much. So there's one part of there are a few people who've spoken up in support and basically their argument, which I buy by the way, is that people need to speak up because the action is just outrageous. So the background is that Trump dislikes Krebs because Krebs said that the election Trump lost, the 2020 election was the most secure in history. And he has been quite public about saying that the election, it was well done. And the key thing here is that that was Krebs job. It was his job to do the election. Well, make sure it was secure. And at any time, if Trump was unhappy with him, he could have fired him back in those days. So that would be the air quotes, right thing to do. If you are unhappy with the performance of a person, just fire them, move on. But he's managed to save up this anger for five years.
[03:06]
Patrick Gray
Well, I mean, he did. He did fire him. Like after Chris came out and said it was the most secure election in American history, when Trump was trying to undermine the result, he wound up firing him by tweet. So this is. This is Krebs sort of second. Second go around on all of this?
[03:22]
Tom Uren
Yeah, yeah, that's right. So the. Also, the way it was done just has a chilling effect on the industry because it makes everyone afraid. So I think the weather, like, totally leaving aside whether Chris did a good job, it's. The manner in which this is being done is just very, very bad. So the, the people who have spoken out have pointed out that it makes everyone reluctant to engage in federal service. It's not a time that the government really is, you know, has a wealth of cybersecurity talent just knocking at their door. And so it's. It's just bad for national security, so it's bad for the safety of the nation. And so it would be, in an ideal world, good if companies were speaking out against this action, saying it's bad for these reasons. That's not the way that we operate, of course, because it is a chilling action. No one is doing that and no one, basically, no one wants to stick their head above the parapets. So I also talk about the broader context that this is happening in. So it's not even that Krebs is like, I think, what, number five, number six on Trump's priority list. So he's also gone after law firms, universities. And on the same day, a number of other.
[04:50]
Patrick Gray
There's another. There was another official, Miles Taylor, who was a DHS person who wrote a book under an anonymous, you know, byline. And, yeah, he's gone after him as well. But look, I mean, I hear you, right, because the whole thing here, I mean, it doesn't exactly scream due process. I mean, this is really. This is political persecution of a kind that we normally see in countries that, to put it politely, we don't really associate with good rule of law. Right. This is not something you expect to see from a functioning democracy.
[05:24]
Tom Uren
No, that's right. I don't know what else I can say about it. It's the sort of thing where people think that they should speak out against it. I'm in two minds. I don't know if it makes any difference for a start. And there's signs that some of the institutions are pushing back. I think there's a moment when it becomes safe and very desirable to speak out. So I guess it's just picking that moment. And I'm not expecting the cybersecurity industry to do it anytime soon.
[06:02]
Patrick Gray
No, I mean, I think one of the things here is that this isn't so much an attack on the cyber security industry as an attack on one individual within the industry. Right. Which means that for most executives who are running these companies, they're looking at this and thinking, we just don't need to get involved in this because ultimately it's affecting one person and not us. And that sucks for him. But we don't want to be next. We don't want to pull ourselves into a situation we're not already involved in. I mean, this is why I said on the weekly show yesterday that I don't think Sentinel 1 is the bad actor here. I mean, clearly there is a bad actor and it is Donald Trump. It is the White House doing this to him. And without a unified front, there's not really much Sentinel One can do to push back on this. Right. Because they're going to be on their own. So it's just, it's, you know, it sucks because what Trump, Trump has achieved, the effect he was going for here with Chris Krebs resignation, and I predicted that he would, you know, it's not like he, he and I talked and I'm like, oh, I got the scoop on that. I just predicted it. Like, his position was untenable. There was no way he be able to stay there and then risk that company losing all of its federal government business. You know, destruction of shareholder value, impact on staff, like just. I do know Chris a bit. I just, I could not see him sticking around for that. So I think the thing that's upsetting here is that, is that Trump got what he wanted. And I can't imagine, I can't imagine another high profile, you know, big ticket cybersecurity company saying, hey, Chris, I see you've left Sentinel 1. Do you want to come and join our board? Do you want to come and be an executive with us? Like that ain't going to happen because they'll be targeted next.
[07:39]
Tom Uren
Yeah, I think in the piece I hit on like critical interests and I totally agree, like, Krebs is not a critical interest for anyone in the cybersecurity industry, not even Sentinel One. And that's not an indictment. You look at some of the other industries that have been targeted, like law firms, I think it is that kind of action is a central attack on what law firms represent. And so some law firms have fired back with lawsuits. And that's kind of what you're talking about. If it's a central attack on what you represent, like they swear an oath to the Constitution, then you'll get some people fighting back. Yeah. And like, well, then you get others.
[08:28]
Patrick Gray
Grovel and cut a deal. So we've seen both responses. But you know, you are right. And for those who don't know what we're talking about with the law firms, Trump did a similar sort of thing. He cancelled the security clearances of everybody working at law firms that he didn't like because in one case it had done pro bono legal work for the Jack Smith investigation. So he's just like, ok, they can, you know, just lose their clearances and that would mean they lose a lot of government work and you know, just petty stuff and extremely not great. But look, let's move on to our other topic, right, because we, we have talked about this a lot on yesterday's show and now, now again today and I'm sure we'll be talking about it again before the year is through. But you've done another write up here and I found this very interesting actually, because the Wall Street Journal wrote this breathless report about how China had admitted that it was behind the Vault Typhoon campaign. Now, of course, the Vault Typhoon campaign involves Chinese apt crews sort of pre positioning themselves in US critical infrastructure. And the idea is if there is some sort of military conflict in the Taiwan Strait, that they can flip the switch and cause all sorts of disruption to American infrastructure. So it's an alarming campaign, it's been covered at length. But China, of course, they always deny this. Now we get this Wall Street Journal report about a meeting between Chinese and American officials in which the Chinese official apparently admitted that the Chinese government was behind Vault Typhoon. Now you're sort of taking, you're taking a more sceptical view about what that Chinese official was doing. But before we even get to that, I think one thing that's really interesting here is one of the reasons the US Government was raising Vault Typhoon in this meeting is because the US Government wasn't entirely sure that senior leadership in Beijing was actually aware that Vault Typhoon was a real thing that was being done by its military, you know, to the United States. And they just wanted to make it 100% clear to the delegation this is your government doing it. We are briefing you on your own intelligence or own sort of cyber operations here, just so you 100% know. Anyway, you take it from here because it's a, it's a complicated one, this one, but go.
[10:34]
Tom Uren
Yeah, yeah, yeah. So that, that I found extremely fascinating. So that like it tells you, the US Government is not certain that there's a direct line between Vault Typhoon and Xi Jinping, for example. And so I think there's a huge difference between Vault Typhoon is some over eager branch of the PLA that's doing something under direction obviously, but they haven't told Xi Jinping to the other case where Xi Jinping has said go do this thing. I think there's a huge difference there. And that's part of the reason that the US raised it is to figure out who's directly responsible for it, Middle management or senior leadership. Now the, the response they got was that, and I'll just quote here, a top cyber official with China's Ministry of Foreign affairs. So would the MFA know, I don't know. Indicated that the infrastructure hacks resulted from the U.S. s military's backing of Taiwan, an island Beijing claims as its own. Now the interpretation is that most of the American delegation thought that that meant that yes, Chinese signature leadership knows and endorses that activity. But to me it sounds exactly like the sort of bravado that Chinese officials are often like expected to do when.
[12:07]
Patrick Gray
Yeah, it's sort of like that wolf warrior, the wolf warrior tub thumping thing. Right. Which is of course, these terrible things would not happen to your country if you did not show support for Taiwan. It kind of has that, that feel as well. Right. But you know, the Wall Street Journal report says, and this is what you've written here says a former US Official said most of the American delegation interpreted the comments as a tacit admission. Right. And yet, you know, the headline, which is what everyone's paying attention to is, oh, the Wall Street Journal, you know, has reported that the Chinese privately admitted to Vault Typhoon. And I guess what you're saying is like, did they, did they, did they? Yeah, I mean what you're saying is like someone may have heavily implied it, but might not even know.
[12:50]
Tom Uren
Yeah, yeah. So I just found the whole thing fascinating. So part of the other motivation that the US Wanted to get across or part of the other messages that the US Wanted to get across was the hacking of civilian infrastructure is out of bounds. Like the phrase, I think in the report was that and we'd consider it an act of war. And, like, you're clearly not considering it an act of war because they're doing it and you're not responding in a warlike manner. So I thought, I mean, if your response.
[13:21]
Patrick Gray
If your response is getting gruff in a. In a meeting with some officials, you know, that's not war. That's not war. That's not what war really looks like. But I mean, I was just thinking, right, it's kind of ironic, you know, we were just talking about how much trouble Chris Krebs is in. I reckon this official who said that is in more trouble than Chris Krebs, this Chinese official.
[13:41]
Tom Uren
Chinese.
[13:42]
Patrick Gray
Can you imagine?
[13:43]
Tom Uren
Well, I'm wondering whether he's, like, getting pats on the back as well, like. Oh, good Wolf Warrior there.
[13:48]
Patrick Gray
Yeah, yeah. God, it's hard to know, isn't it?
[13:51]
Tom Uren
So I just. I thought it was really interesting report. I think Dustin Vaults, who wrote it. It was. It was very nuanced report. And then the headline gets summarized into the most.
[14:02]
Patrick Gray
Yeah, we can blame a sub editor for that, I'm sure, having had dealings with them in the past.
[14:08]
Tom Uren
So my. My takeaway message is, well, now the US believes that Xi Jinping. Xi Jinping is behind this activity, which I think is a more dangerous place than having that.
[14:19]
Patrick Gray
That possibility hang in the air that maybe he doesn't know. Right.
[14:23]
Tom Uren
Yeah.
[14:24]
Patrick Gray
Yeah. Well, I think that is an excellent distillation there. And I think we've just coined a new term, which is that guy's in more trouble than Chris Krebs. Oh, dear. All right, mate. Well, we're going to wrap it up there. Keep it a brief one this week, but, Tom, you're in. Thank you so much for walking us through what you've written in your newsletter this week. It's always great to walk through it and chat to you about it. And I'll look forward to doing it again with you in two weeks because I'm on leave next week, but, yeah, thanks again.
[14:53]
Tom Uren
Thanks, Patrick.