Risky Business Podcast Summary
Episode: Wide World of Cyber: How the Trump Admin Is Changing the Cybersecurity Landscape
Host: Patrick Gray
Guests: Chris Krebs (Director of Policy and Intelligence, SentinelOne), Alex Stamos (Chief Security Officer, SentinelOne)
Release Date: April 10, 2025
1. Introduction and Context
Patrick Gray opens the episode by addressing a notable timing detail: the podcast was recorded shortly before President Donald Trump signed a presidential memorandum targeting Chris Krebs. Gray emphasizes that this context is essential for understanding the discussion's limitations and omissions.
2. Changing Leadership at the NSA
The conversation delves into the recent dismissals of NSA Director Tim Hoare and Deputy Director Wendy Noble under the Trump administration. Gray questions the reasons behind their removal, citing sources that suggest it wasn't due to policy disagreements but rather a political purge.
Chris Krebs (03:48):
"Everyone works at the direction and discretion of the president. They serve at the pleasure of the president."
Krebs explains that leadership positions within the NSA are highly influenced by presidential directives, highlighting the potential shift towards appointing a Trump-aligned figure to head the NSA. He underscores the significance of the NSA's role in the intelligence community and criticizes the administration's decision to remove capable leaders like General Hawk and Joe Hartman.
3. Project 2025 and Its Implications
Gray brings up Project 2025, a policy roadmap for the Trump administration, and its possible influence on NSA leadership changes.
Chris Krebs (08:23):
"Both the intelligence and defense chapters say we got to call the ball here."
Krebs suggests that Project 2025 indicates a strategic move to split the NSA and Cyber Command, necessitating legislative action. He expresses concern over the removal of experienced leaders, implying that this is a prelude to significant organizational changes that may destabilize current cybersecurity efforts.
4. US Trade War and Its Impact on Global Cloud Computing
The discussion shifts to the United States' initiation of "Liberation Day" tariffs, effectively sparking a broad trade war affecting global relations, including with allies like Australia and European nations.
Alex Stamos (11:49):
"This time it's different because European policymakers now totally understand that their businesses run on the American cloud."
Stamos elaborates on Europe's intensified focus on developing independent cloud computing infrastructures. Unlike the previous focus on consumer data privacy (post-Snowden revelations), the current push is driven by the need for competitive independence in cloud services and AI development.
5. Europe's Response: Building Independent Cloud Infrastructure
Gray discusses the European Union's potential shift towards creating its own cloud computing stacks in response to US tariffs and mistrust.
Alex Stamos (17:19):
"European companies are not allowed to use American computers and American companies are not allowed to operate in Europe unless we have fully European compute stacks."
Stamos explains that Europe is considering stringent measures to ensure data sovereignty, which may involve developing or heavily regulating cloud services to comply with European Union Court decisions on data privacy.
6. Potential Models for European Cloud Providers
The conversation explores how Europe might establish its cloud infrastructure without replicating the complexity and security of American giants like AWS, Azure, or Google Cloud.
Alex Stamos (20:04):
"American companies could build European facilities that are okay to the Europeans by having a separation of control."
Stamos suggests joint ventures or partnerships with European tech firms (e.g., Deutsche Telekom, Siemens) to create cloud services that adhere to European regulations while leveraging existing American technologies.
7. Security Implications of Rapid Cloud Development
Gray raises concerns about the security robustness of hastily developed European cloud infrastructures compared to their American counterparts, which have evolved over two decades.
Alex Stamos (21:12):
"European companies will be paying twice as much per minute to use local data centers instead of US-based ones."
Stamos acknowledges that while Europe can develop its cloud services, matching the security and functionality of established American platforms will be challenging, potentially leading to vulnerabilities.
8. CISA's Staff Cuts and Future Role
The discussion turns to the substantial reduction in CISA's workforce, potentially up to a 40% headcount decrease, and its implications for national cybersecurity.
Chris Krebs (29:35):
"CISA as we knew it over the last several years is, at least for the foreseeable future, not a thing as we knew it."
Krebs explains that the Trump administration aims to streamline CISA to focus primarily on serving as the federal CISO for civilian agencies, reducing its broader mission that included public-private partnerships and information sharing, areas he critiques as having been ineffective.
9. Impact on Threat Environment and Chinese Cyber Threats
Gray and his guests analyze how these administrative and policy changes might influence the broader threat landscape, particularly concerning Chinese cyber activities.
Alex Stamos (34:40):
"There's no way she's going to say anything about that. That's like a fundamental problem."
Stamos expresses skepticism about whether European and American tech sectors can maintain integrated services amidst rising political tensions, likening potential separations to the bifurcated offerings seen with platforms like TikTok.
Chris Krebs (39:16):
"Adversaries worldwide are getting more active. We're only plugging more things in. We're only more interdependent."
Krebs emphasizes that increasing cyber interdependence and adversarial activities worldwide mean that cybersecurity threats will continue to escalate, exacerbated by the administrative shifts discussed.
10. Conclusions and Final Thoughts
As the episode wraps up, Krebs and Stamos reflect on the unpredictable nature of the current geopolitical climate and its implications for cybersecurity.
Chris Krebs (42:52):
"I'm actually of the mind that the invasion timeline moved up."
Krebs speculates that geopolitical tensions, such as China’s potential actions towards Taiwan, may be influenced by the altered US cybersecurity and trade policies, though he acknowledges the unpredictability of such events.
Alex Stamos (41:19):
"There's nothing going to be holding back Chinese threat actors."
Stamos concludes that the current policy environment provides little deterrence against aggressive cyber operations from China, stressing the urgency for robust cybersecurity measures.
Patrick Gray (43:21):
"Alex Stamos, Chris Krebs, thank you so much for joining me for another fascinating discussion."
Gray closes the episode by highlighting the critical insights shared, underscoring the complexity of the evolving cybersecurity landscape influenced by political and economic shifts.
Notable Quotes:
-
Chris Krebs (03:48):
"Everyone works at the direction and discretion of the president." -
Alex Stamos (11:49):
"European policymakers now totally understand that their businesses run on the American cloud." -
Chris Krebs (29:35):
"CISA as we knew it over the last several years is, at least for the foreseeable future, not a thing as we knew it." -
Alex Stamos (34:40):
"There's no way she's going to say anything about that. That's like a fundamental problem." -
Chris Krebs (39:16):
"Adversaries worldwide are getting more active. We're only plugging more things in. We're only more interdependent."
Key Takeaways:
-
Leadership Changes and Policy Shifts: The Trump administration is making significant changes in cybersecurity leadership, potentially signaling a shift towards more offensive cyber strategies and organizational restructuring.
-
Global Trade War Implications: The US-led tariffs are prompting Europe to consider developing independent cloud infrastructures, raising questions about data sovereignty, security, and the feasibility of competing with established American cloud providers.
-
CISA's Transformation: Massive staff cuts at CISA aim to streamline its operations, focusing more on serving as the federal CISO for civilian agencies, which may impact national threat visibility and response capabilities.
-
Heightened Cyber Threats: Increased geopolitical tensions and administrative changes are likely to exacerbate the global cyber threat landscape, with Chinese threat actors remaining a significant concern.
-
Future Outlook: The evolving intersection of politics, trade, and cybersecurity necessitates ongoing vigilance and adaptation within the industry to address emerging threats and maintain robust security postures.
This summary encapsulates the critical discussions and insights from the "Wide World of Cyber" episode, providing a comprehensive overview for those who have not listened to the podcast.
