Summary of "Risky Bulletin" Podcast Episode: Srsly Risky Biz: Trump vs Krebs and the Sound of Silence

Release Date: April 17, 2025
Host: Patrick Gray
Guest: Tom Uren, Policy and Intelligence Editor

Introduction

In this episode of Seriously Risky Business, hosted by Patrick Gray, the discussion centers around two pivotal topics in the cybersecurity landscape: the Trump administration's actions against Chris Krebs and the implications of China's Vault Typhoon campaign as reported by the Wall Street Journal. Tom Uren, the policy and intelligence editor, delves deep into these issues, providing insightful analysis and highlighting the broader impact on the cybersecurity industry and international relations.

Trump’s Campaign Against Chris Krebs

Background and Recent Developments

The podcast begins with a detailed examination of the Trump White House's actions against Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). Patrick Gray outlines the situation:

"President Trump wrote signed a memo instructing the Department of Justice to investigate Chris for what, I'm not entirely sure... he also revoked his clearance and targeted his employer, Sentinel1, thus making his position there untenable." [01:00]

Tom Uren adds context, explaining that Trump's dissatisfaction stemmed from Krebs' public assertion that the 2020 election was the most secure in history, effectively undermining Trump's claims of election fraud.

"Trump dislikes Krebs because Krebs said that the election Trump lost, the 2020 election was the most secure in history... he could have fired him back in those days." [02:02]

Impact on the Cybersecurity Industry

The discussion highlights the chilling effect this action has on the cybersecurity sector. Uren emphasizes that such political persecution instills fear within the industry, discouraging professionals from engaging in federal service or speaking out against governmental actions.

"The manner in which this is being done is just very, very bad... it makes everyone reluctant to engage in federal service. It's not a time that the government really has a wealth of cybersecurity talent just knocking at their door." [03:05]

Patrick Gray concurs, noting that executives in cybersecurity companies are hesitant to take a stand, fearing that supporting individuals like Krebs could make their organizations targets.

"This is why I said on the weekly show yesterday that I don't think Sentinel 1 is the bad actor here... Without a unified front, there's not really much Sentinel One can do to push back on this." [06:02]

Broader Political Repercussions

The conversation extends to other sectors affected by Trump's actions, such as law firms and universities, further illustrating a pattern of political persecution that undermines democratic principles.

"Trump did a similar sort of thing. He cancelled the security clearances of everybody working at law firms that he didn't like because in one case it had done pro bono legal work for the Jack Smith investigation." [05:23]

Tom Uren reflects on the difficulties of opposing such actions, citing the lack of a collective response from the industry due to fear of repercussions.

"I'm not expecting the cybersecurity industry to do it anytime soon." [05:23]

China's Vault Typhoon Campaign and its Implications

Overview of Vault Typhoon

Shifting focus, Patrick Gray introduces the Vault Typhoon campaign, a sophisticated Chinese cyber operation aimed at pre-positioning themselves within U.S. critical infrastructure. This enables potential disruptions in the event of a military conflict in the Taiwan Strait.

"The Vault Typhoon campaign involves Chinese apt crews sort of pre-positioning themselves in US critical infrastructure... cause all sorts of disruption to American infrastructure." [05:23]

Wall Street Journal Report and U.S. Government's Stance

The Wall Street Journal reported that a Chinese official implicitly admitted responsibility for Vault Typhoon during a meeting with American officials. Tom Uren offers a skeptical perspective on this admission, suggesting it may be more about bravado than a concrete acknowledgment.

"It sounds exactly like the sort of bravado that Chinese officials are often like expected to do when." [12:06]

Uren highlights the U.S. government's uncertainty regarding the direct involvement of senior Chinese leadership, such as Xi Jinping, in the campaign.

"The US Government is not certain that there's a direct line between Vault Typhoon and Xi Jinping... U.S. wanted to get across or part of the other messages that the US wanted to get across was the hacking of civilian infrastructure is out of bounds." [14:08]

Implications for U.S.-China Relations

The admission, whether genuine or performative, has significant implications for U.S.-China relations. It underscores the lack of trust and the potential for cyber warfare in geopolitical conflicts.

"The response they got was that... the infrastructure hacks resulted from the U.S. military's backing of Taiwan... most of the American delegation thought that that meant that yes, Chinese signature leadership knows and endorses that activity." [12:49]

Furthermore, the normalization of such cyber threats as potential acts of war indicates a volatile future in international cybersecurity dynamics.

"[...] hacking of civilian infrastructure is out of bounds. Like the phrase, I think in the report was that and we'd consider it an act of war." [12:49]

Notable Quotes

• Patrick Gray [00:00]: "Regular cybersecurity news updates from the Risky Business team..."
• Tom Uren [02:02]: "If you are unhappy with the performance of a person, you could have fired them back in those days."
• Patrick Gray [03:21]: "This is really political persecution of a kind that we normally see in countries that, to put it politely, we don't really associate with good rule of law."
• Tom Uren [05:23]: "It's just bad for national security, so it's bad for the safety of the nation."
• Patrick Gray [06:02]: "It sucks because Trump got what he wanted."
• Tom Uren [12:06]: "So the US Government is not certain that there's a direct line between Vault Typhoon and Xi Jinping."
• Patrick Gray [14:19]: "That possibility hang in the air that maybe he doesn't know."

Conclusion

This episode of Risky Bulletin provides a comprehensive analysis of the ongoing political turbulence affecting the cybersecurity industry, exemplified by Trump's actions against Chris Krebs, and the escalating cyber threats posed by state-sponsored campaigns like China's Vault Typhoon. Tom Uren and Patrick Gray illuminate the intricate connections between political maneuvering, national security, and international cyber aggression, underscoring the fragile state of cybersecurity governance and the pressing need for unified industry responses.

Listeners gain a nuanced understanding of how political dynamics can undermine cybersecurity efforts and the broader implications for national and international security. The episode serves as a cautionary tale of the intersection between politics and cybersecurity, urging professionals and policymakers to navigate these challenges with vigilance and integrity.