Former CISA Director Chris Krebs has called for public outrage over proposed cuts to federal cybersecurity teams, warning that reductions in staffing coincide with escalating threats from Chinese state-sponsored hacking groups. Speaking at the RSA Conference on April 28, 2025, Krebs framed the issue as a direct national security concern, particularly citing the activities of groups like Volt Typhoon targeting U.S. critical infrastructure1.
Executive Actions Threaten Cyber Workforce
The Trump administration’s April 9 executive order revoked Krebs’ security clearance and initiated a probe into his CISA tenure, alleging “federal censorship.” This move precedes planned layoffs of up to 1,300 CISA employees (50% of staff) and 40% of contractors. Two senior “Secure by Design” officials have already resigned in protest2. The cuts are part of a broader DHS restructuring under Secretary Kristi Noem, who aims to refocus the agency on “hardening IT systems” rather than broader cybersecurity oversight.
Krebs emphasized the operational impact during his RSA speech:
“Cybersecurity is national security… We should be outraged. Absolutely outraged.”
He specifically criticized the politicization of cybersecurity, referencing the firing of NSA Cyber Command chief Gen. Timothy Haugh and the near-cancellation of MITRE’s CVE Program contract3.
Technical and Operational Consequences
The workforce reductions come at a time when Chinese APT groups have increased attacks on U.S. infrastructure. Krebs highlighted that CISA’s diminished capacity affects:
- Critical vulnerability coordination through programs like CVE
- Threat intelligence sharing with private sector partners
- Incident response capabilities for infrastructure operators
Security professionals have raised alarms about the March 19, 2025 incident where CISA instructed terminated employees to email sensitive personal data (including SSNs and DOBs) in password-protected attachments, with passwords likely included in plaintext4. This demonstrates degraded operational security practices during the transition.
Industry and Legal Response
The Electronic Frontier Foundation (EFF) organized an open letter signed by over 200 cybersecurity experts urging the administration to rescind the executive order. Krebs left his position at SentinelOne to independently challenge the administration’s actions5. The letter argues that the cuts will:
| Impact Area | Consequence |
|---|---|
| Critical Infrastructure | Reduced capacity to defend against state-sponsored attacks |
| Workforce Development | Loss of institutional knowledge and training pipelines |
| Public-Private Partnerships | Weakened collaboration with ISACs and major tech firms |
These developments occur alongside other controversial policies, including the January 2025 dissolution of the Cyber Safety Review Board and changes to immigration enforcement that have seen U.S. citizen children deported6.
Security Implications for Professionals
The reduction in federal cybersecurity capabilities creates several challenges for security teams:
1. Threat Intelligence Gaps: With fewer analysts at CISA tracking emerging campaigns, private sector teams will need to increase their own collection efforts through ISACs and commercial feeds.
2. Standardization Issues: The potential degradation of programs like CVE could lead to inconsistent vulnerability tracking, requiring organizations to implement additional verification steps.
3. Incident Response Delays: Reduced federal capacity may lengthen response times during major incidents, placing more responsibility on internal SOC teams.
Krebs specifically warned about the need for more Cyber Command personnel rather than cuts, stating: “We need more Cyber Command warfighters, not less” during his RSA Conference address1.
Conclusion
The proposed federal cybersecurity cuts represent a significant shift in U.S. cyber defense posture at a time of increasing threats. While the administration frames these changes as eliminating redundancy, security professionals express concern about losing critical capabilities. The coming months will reveal whether legal challenges and industry pressure can alter the current trajectory, or if organizations will need to adapt to operating with reduced federal support.
References
- “People should be ‘outraged’ at efforts to shrink federal cyber teams, former CISA head says,” Nextgov/FCW, Apr. 28, 2025. [Online]. Available: http://www.fcw.com/cybersecurity/2025/04/people-should-be-outraged-efforts-shrink-federal-cyber-teams-former-cisa-head-says/404906/
- “Krebs: Outrage at efforts to shrink federal cyber workforce,” The Record, Apr. 28, 2025. [Online]. Available: https://therecord.media/krebs-outrage-efforts-to-shrink-federal-cyber-workforce
- “Chris Krebs speaks out on Trump cuts to digital defense,” NBC News, Apr. 27, 2025. [Online]. Available: https://www.nbcnews.com/politics/national-security/chris-krebs-speaks-cuts-trump-cuts-digital-defense-rcna203427
- “DOGE to fired CISA staff: Email us your personal data,” KrebsOnSecurity, Mar. 19, 2025. [Online]. Available: https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/comment-page-1/
- “Former cyber official Chris Krebs to leave SentinelOne in bid to fight Trump pressure,” Nextgov, Apr. 15, 2025. [Online]. Available: https://www.nextgov.com/cybersecurity/2025/04/former-cyber-official-chris-krebs-leave-sentinelone-bid-fight-trump-pressure/404634/
- “Two children, U.S. citizens 4 and 7 years old, deported to Honduras,” NBC News, Apr. 22, 2025. [Online]. Available: https://www.nbcnews.com/politics/immigration/two-children-us-citizens-4-and-7-year-old-deported-honduras-rcna203208
