A voter fills out a ballot at Edmondson High School in Baltimore, Md., on April 28, 2020. (Photo By Tom Williams/CQ-Roll Call, Inc via Getty Images)
WASHINGTON - Earlier this month, President Donald Trump was predicting on Twitter that this election would be “the most corrupt” in American history. A day later, the head of an obscure government agency he created offered a much different message.
Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency, closed an online conference with a warning about “bad guys, whoever they are,” trying to “sow chaos, sow doubt” about the integrity of the U.S. election.
“I have confidence that your vote is secure, that state and local election officials across this country are working day in and day out, 24/7, that the 2020 election is as secure as possible,” Krebs said.
It was just one of many ways that CISA has been offering a counternarrative as it works behind the scenes to not only help safeguard the election but also to reassure the public despite messages to the contrary from the White House.
That conflict could be on display on Election Day. Krebs and CISA will be in the national spotlight, monitoring the election amid the inevitable voting glitches and delays, which could be worsened by the coronavirus pandemic, under a president who has said he might not respect the results if he loses.
Krebs warned voters this week to “be prepared for efforts that call into question the legitimacy of the election” without mentioning that it's the president who has questioned mail-in voting and has called attention to relatively minor incidents in which a small number of ballots had apparently been discarded.
That conflict is all the more notable since CISA was signed into existence by Trump in November 2018 as part of the Department of Homeland Security, which itself has been accused of politicizing its missions under this administration.
Krebs and Ken Cuccinelli, the acting deputy secretary of DHS, spoke to journalists Thursday and said that, with tens of millions of votes already cast, there has been no sign of any foreign interference, unlike in 2016.
Still, there have been attempts to disrupt the election, including a campaign to send threatening emails to voters in several states that CISA and other federal agencies attributed to Iran, and election security is a widespread concern.
“It is true that the defense has gotten better since 2016, but it’s also true that the offense has gotten better still," said Tom Warrick, a former deputy assistant secretary for counterterrorism policy at DHS who is now with the Atlantic Council. “I don’t know of anyone who has absolute confidence that this is all going to go well from an election process standpoint.”
CISA has been largely out of the public eye. It works with the state and local officials who run U.S. elections as well as private companies that supply voting equipment to address cybersecurity and other threats while monitoring balloting and tabulation from a control room at its headquarters near Washington.
Krebs, who with his collar-length hair looks more like a tech executive than a senior Trump administration official, also keeps a low profile. His carefully calibrated remarks at government or cybersecurity conferences rarely make major headlines.
That has helped him avoid the wrath that Trump has directed at FBI Director Chris Wray for saying there was little evidence of fraud with mail-in balloting, among other things.
Krebs should be praised for “staying focused on the mission and not getting caught up in the fray,” said Kiersten Todt, managing director of the nonprofit Cyber Readiness Institute.
“The importance of him staying in this job certainly through elections is pretty critical, and I think he feels that, too," she said.
CISA also enjoys a good reputation among its core constituency — the state and local election officials who rely on its advice and services at a time of near-constant cyberattacks.
“They have really established themselves as kind of partners and facilitators,” said Trevor Timmons, chief information officer for Colorado’s secretary of state. “I have been really impressed with how CISA has really upped their game in the face of what is a threat to our democracy.”
The agency emerged from rocky beginnings. Just before President Barack Obama left office, the U.S. designated election systems as critical national security infrastructure, like dams or power plants, as a result of the interference by Russia, which included the penetration of state elections systems as well as massive disinformation.
Some state election officials and Republicans, suspicious of federal intrusion on their turf, were opposed to the designation. The National Association of Secretaries of State adopted a resolution in opposition to the move in February 2017.
But the Trump administration supported the designation, and, eventually, skeptical state officials welcomed the assistance. West Virginia Secretary of State Mac Warner said a turning point was when CISA and DHS began providing election officials with previously tightly held information on foreign threats.
“We started seeing DHS more as an ally or a friend than another one of the frustrations we had to deal with,” Warner said.
CISA, which has about 2,000 employees and a budget of around $2 billion, deploys advisers throughout the country. It hasn't received anywhere near the criticism directed at DHS, which has been blasted by former senior officials and members of Congress for seeming to push the administration's political agenda on immigration and civil unrest. But there are still concerns.
“We have seen DHS involved with activities outside of CISA that I found, and most people in the country found, extremely troubling and inappropriate, and I think that does pose a challenge for CISA,” said Phil Reitinger, the president of the Global Cyber Alliance and a former federal official and prosecutor.
Todt, who as a congressional aide helped craft the legislation that created the Department of Homeland Security in the wake of the Sept. 11, 2001, attacks, said it may be time to either make CISA a standalone agency or at least give it a more prominent role within DHS given the extent of the threat.
“CISA has had four years to build out this capability, but I think we absolutely have to allocate resources to election infrastructure moving forward," she said.