WASHINGTON — Christopher Krebs is a 43-year-old former Microsoft executive who had the unenviable government job of protecting the nation’s election machinery from manipulation by Russia or other foreign hackers. It turns out, though, that some of the most dangerous interference has come not from the Kremlin but from the White House, where the president called the election “rigged” before a single vote was cast.
Mr. Krebs’s organization, the Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency, has systematically shot down Mr. Trump’s false claims — that mail-in ballots would lead to extensive fraud and that voting machines were programmed to give votes to Joseph R. Biden Jr. — as part of its “rumor control” initiative to keep Americans from doubting the integrity of the election system.
To no one’s surprise, speculation swept through cybercircles in Washington on Thursday that Mr. Krebs was high on President Trump’s list of officials to be fired after his agency, known as CISA, released a statement from a government-led coordinating council saying that “there is no evidence” any voting systems were compromised and that the 2020 election “was the most secure in American history.” This occurred only hours after Mr. Trump had repeated a baseless report that a voting machine system had “deleted 2.7 million Trump votes nationwide.”
As of Friday night, Mr. Krebs was still employed, and still at his office, and shrugging it all off. As a father of five children, ages 2 through 10, he says he is used to living in chaos.
His department’s rumor control website, he said, was never devised with the president in mind. It was instead for “inoculating the American public” to make clear that even if there were fake websites created by the Russians and Iranians to stir up divisions before the election, “it wouldn’t mean that votes were affected, or tabulations were wrong.” A case in point: An Iranian effort to imitate the far-right Proud Boys was caught by American intelligence, and threatening emails the group had supposedly sent voters were debunked.
If anyone believed the warnings about false information posted on the website were about the president, he said, that was their interpretation. “We’ll stand up for all our work,” he said.
Few in the White House are buying it. In the West Wing, Mr. Krebs’s agency is regarded as a deep-state stronghold, an antagonist that has contradicted Mr. Trump’s false claims that fraud was rampant, software mistakes were vast and the election was stolen. It did not help that as Mr. Krebs gave speeches and interviews around the country about election security, he rarely, if ever, mentioned Mr. Trump’s name.
All of this has put Mr. Krebs in a highly public political standoff that he had no way to see when he started at the Department of Homeland Security as a contractor during its infancy in the George W. Bush administration.
He said his closest connection to computers growing up in Atlanta was Nintendo games. “I could wire stuff up,” he said, “but coding wasn’t really available” at his high school. He went on to the University of Virginia, where he was a pole-vaulter, and the George Mason University law school.
At homeland security, he worked in what was then called the National Protections and Programs Directorate, a predecessor bureaucracy in the days before protecting computer networks seemed central to the department’s mission.
He ended up as a political employee until President Barack Obama’s election sent him back to the private sector, at consulting companies and ultimately in Microsoft’s Washington office, where he directed cyberpolicy.
He joined as North Korea’s hacking of Sony was underway and developed a reputation for crisis management as one breach after another unfolded across American companies and government networks. Among the policies he worked on at Microsoft was a 2015 cybersecurity information act, which formalized the mechanism by which private companies like Microsoft could share threat intelligence with the federal government and vice versa. Lobbyists watered down the bill at every pass, but Mr. Krebs was determined to see it through.
Just after the 2018 midterm elections, Mr. Trump signed into law the Cybersecurity and Infrastructure Security Agency Act, elevating a dedicated digital security agency in the Department of Homeland Security with more budget and resources. Mr. Krebs was named as director and charged with defending an election for a president who did not want to discuss what the Russians did in 2016 and helping states, including his native Georgia, that did not want federal help.
He has received high marks for his preparations for the election this year. “We had four years to prepare for the 2020 election, and that meant we had time to do threat models and figure out the potential actors who would enter the fray,” he said.
For two years, Mr. Krebs quietly assembled a team of deputies to travel the country offering help to secure state election machines, registration systems and polling procedures. Many states, particularly conservative-leaning ones, perceived any kind of federal assistance as its own kind of election interference.
Mr. Krebs and his team decided to pivot to handling ransomware — cyberattacks that hold data hostage until victims paid up. Throughout 2019, digital extortionists were holding up American cities, towns, counties and clerks, be it in Atlanta, Baltimore or small towns in Texas. Soon states and counties began signing up for help to safeguard their systems.
Mr. Krebs’s team worked with states to scan and patch systems for vulnerabilities, lock up voter registration databases and voter rolls, change default passwords, turn on two-factor authentication, and print out paper backups, all to build up “resilience” in case of attack. He was protecting, he said, “the crown jewels of election administration.”
When the pandemic upended everything, Mr. Krebs’s team shifted focus to securing vote-by-mail systems, despite the president’s campaign again them. That was when Mr. Krebs’s agency got in the White House’s cross hairs.
In interviews, Mr. Krebs countered Mr. Trump by saying mail-in voting would make the election more secure by creating a paper trail, critical for audits to establish that every legal ballot was correctly counted.
It also made state registration databases more critical: an attack that froze or sabotaged voter-registration data — by switching addresses, marking registered voters as unregistered or deleting voters entirely — risked mass digital disenfranchisement. Mr. Krebs made it his personal mission to see to it that every last registration database was sealed up.
When Mr. Trump called mail-in voting a “fraud” in his televised debate with Mr. Biden, now the president-elect, in September, Mr. Krebs contradicted the president at every turn, again without mentioning his name.
“We’ve got a lot of confidence that the ballot’s as secure as it’s ever been,” Mr. Krebs told any reporter who asked.
On Election Day, Mr. Krebs and senior officials held briefings with reporters every few hours to apprise them of any threats. Chad Wolf, the secretary of homeland security, a Trump loyalist and Mr. Krebs’s boss, even appeared at one to praise Mr. Krebs’s work. Despite small hiccups, Mr. Krebs reassured journalists that there was no major foreign interference or signs of systemic fraud.
“It’s just another Tuesday on the internet,” he said.