A Senate committee has approved Christopher Krebs to be undersecretary for the Department of Homeland Security’s National Protection and Programs Directorate, a key role for the department as it tackles digital threats to infrastructure and readies a new cybersecurity strategy.
Krebs’ nomination, which President Donald Trump made in February, now goes to the Senate floor for a vote.
During an April 25 confirmation hearing, Krebs described the undersecretary position as the “pinnacle of national risk management in cyber and physical infrastructure.” He also vowed to prioritize the department’s work on election security ahead of crucial midterm elections this fall.
A group of former senior national security officials wrote to the Senate Homeland Security and Governmental Affairs Committee leadership last month in support of Krebs’s nomination, lauding his leadership during DHS’s response to the WannaCry ransomware attacks and the Meltdown and Spectre computer-chip vulnerabilities. Members of the committee, who have praised Krebs’s cybersecurity credentials, approved his nomination by voice vote.
In his first stint at DHS, beginning in 2007, Krebs served as senior adviser to the assistant secretary for infrastructure protection. After a several-year break from the department that included work as a cybersecurity executive at Microsoft and as vice chairman at the National Cyber Security Alliance, Krebs rejoined DHS in March 2017 as senior counselor to then-Secretary John Kelly.
DHS’s work to secure voting systems is in the national spotlight ahead of the mid-term elections. The U.S. intelligence community concluded that Russian hackers meddled in the 2016 presidential election, and U.S. officials have warned of more Russian information-influence leading up to the midterms.
While Jeanette Manfra, another NPPD official, recently said DHS has yet to detect Russian cyber-activity on state systems this election season, the department is engaged in a multi-front effort to help secure voting systems that includes network scans and classified briefings for state officials.
Of the 17 states that have requested vulnerability assessments from DHS, about nine had completed them, Krebs said at his confirmation hearing. In his role as acting NPPD undersecretary, Krebs has in recent weeks met with officials from the National Association of State Election Directors and southern California to discuss election security.
NPPD is awaiting a long-planned reorganization, through which it would become a dedicated cybersecurity agency with a new name: The Cybersecurity and Infrastructure Security Agency. That requires legislation. The House has passed a bill to authorize the reorganization, while a Senate version has advanced out of committee.
When NPPD launched over a decade ago, “it was a hodgepodge” of programs, Krebs said, making the case for a revamped agency. “The cybersecurity threat at the time was obviously nowhere near what it is today. The budgets alone show that.”
While it awaits reorganization, NPPD has been beefing up its supporting staff for Krebs. Last month Daniel Kroese, then the chief of staff for Rep. John Ratcliffe, R-Texas., said he would be joining NPPD as a senior adviser. Two weeks earlier, Krebs touted the hiring of Matthew Masterson, former chairman of the Election Assistance Commission.
Krebs’s confirmation process comes as DHS prepares to release a strategy that officials say will strengthen the cybersecurity support the department provides critical infrastructure firms.