What Trump’s Move Against Krebs, SentinelOne Means For The Cybersecurity Industry: Analysis

The maxim that cybersecurity is a bipartisan issue faces a major threat from the White House memorandum this week.

In the wake of President Trump’s memorandum this week targeting ex-CISA Director Chris Krebs and his current employer, SentinelOne, a Reuters report pointed out that the major U.S. cybersecurity vendors have had nothing to say publicly about the matter.

A few brave cybersecurity professionals did, however, speak out after the White House revoked active security clearances still held by Krebs and suspended security clearances held by individuals at cybersecurity vendor SentinelOne, pending a review.

In comments provided to SC Media, Deepwatch Field CTO Chris Gray called the move a “potential serious setback for industry and national cyber defensive capabilities.”

“These changes have been executed in conflict with previous operational procedures [and] demonstrate a personal history against those who the administration have considered to be enemies,” Gray said.

Perhaps even more concerningly, the targeting of a major security vendor “risks dividing both the economy generally and cybersecurity firms specifically into ‘Republican’ and ‘Democrat’ when the work really is non-partisan,” said John Bambenek, president of Bambenek Consulting, in comments to the outlet.

It’s easy to understand why none of this is in any way good for U.S. cyber defense — something that, of course, is a core part of national security at this point.

The big issue here is not the direct impact of the White House action. SentinelOne’s statement indicates that fewer than 10 people at the company have held such clearances, and says it expects the move will not “materially impact our business in any way.”

Rather, it’s the symbolic message of this move by Trump, which has impacts not just for SentinelOne but for all cybersecurity vendors, that we most need to be worried about.

In addition to the points made by Gray and Bambenek, I would add that Trump’s order aims to force cybersecurity vendors from now on to think twice about hiring talent that has clashed with him or his administration in the past (not exactly a short list of people).

This is far from ideal since it’s the security vendors that today deliver so much of the innovation necessary for countering growing cyberthreats, and making the best possible hiring decisions is paramount for such vendors.

Thus, if more security vendors were going to say anything about this action, it should probably be to simply underscore that cybersecurity needs to remain a bipartisan issue — and that politicization of this critical area is bad for everyone.