Skip to main content
close search
site logo

US falters while ‘cybercriminals have been eating our lunch,’ ex-CISA chief Krebs says

A dizzying array of agencies and disorganized efforts bolsters Chris Krebs’ call for a cybersecurity governance overhaul.

Published Aug. 12, 2022
Matt Kapko's headshot
Senior Reporter
Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency.
Chris Krebs, former director of the Homeland Security Department's Cybersecurity and Infrastructure Security Agency speaks before the Senate Judiciary Committee on May 14, 2019 in Washington, DC. Tasos Katopodis via Getty Images

The U.S. government holds tremendous power and potential to better defend against and prevent cyberthreats, but bureaucratic morass and myopic thinking are getting in the way, Chris Krebs, a founding partner at Krebs Stamos Group, said Wednesday at the Black Hat USA conference in Las Vegas.

The U.S. government has struggled to establish regulation because it’s leery of stifling innovation, he said. And it’s still difficult for organizations to work with the government, let alone figure out which agency should be engaged.

Slight course corrections won’t suffice. 

“The digital environment has changed so dramatically in the last 25 years while our government hasn’t kept up pace,” Krebs, the former founding director of the Cybersecurity and Infrastructure Security Agency, said. 

A massive government reorganization is in order, he said. This should include the establishment of a digital agency focused on empowering better digital risk management across cyber, privacy, trust and safety.

“We’re not where we need to be and we’re falling behind, he said, "and Americans are suffering as a result.”

Separate CISA from Homeland Security

Absent an extensive government agency overhaul, CISA could be pulled out of the Department of Homeland Security as a sub-cabinet agency, he said. 

“Instead of going to five or six different agencies, make the front door clearly visible and as I see it that’s CISA,” Krebs said. 

This push for a reorganization, or at least further empowerment of CISA, comes as the threat landscape and group of adversaries continues to expand.

Ransomware has become such a prevalent and costly threat that it’s distracting the national security community from primarily focusing on threats from China, Russia and Iran, Krebs said. Intelligence officials have broadened their view of threat actors to include cybercriminals.

“We’ve kind of fetishized the advanced persistent threat” and overemphasized the threats posed by nation states, Krebs said. 

Meanwhile, “cybercriminals have been eating our lunch,” proving that this was the threat model for every organization all along, he said.

Any product being shipped or hosted is a target and threat actors exploit points of weakness in these dependencies and trust connections organizations have in software and technology platforms, according to Krebs.

“If you’re on the internet, you’re on the playing field for them.”

Editors' picks

Company Announcements

View all | Post a press release
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
DigiCert Releases First-of-Its-Kind Open-Source DCV Library to Elevate Industry Standards
From DigiCert
December 18, 2024
Editors' picks
Latest in Leadership & Careers
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.