{"id":2729,"date":"2025-04-10T09:00:00","date_gmt":"2025-04-10T09:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2729"},"modified":"2025-04-10T09:00:00","modified_gmt":"2025-04-10T09:00:00","slug":"trump-revokes-security-clearances-for-chris-krebs-sentinelone-in-problematic-precedent-for-security-vendors","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2729","title":{"rendered":"Trump revokes security clearances for Chris Krebs, SentinelOne in problematic precedent for security vendors"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

In an ominous development for the cybersecurity industry, US President Donald Trump revoked the security clearance of former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs, now chief intelligence and public policy officer at cybersecurity giant SentinelOne. Trump also revoked any active security clearance held by individuals at entities associated with Krebs, including those of Krebs\u2019 SentinelOne colleagues.<\/p>\n

Trump revoked Krebs\u2019 security clearance in an executive order, the first direct presidential action against any US cybersecurity company. The EO says the revocation of clearances for SentinelOne workers is pending a review of whether such clearances are consistent with the national interest.<\/p>\n

Dan Meyer, national security attorney for law firm Tully Rinckey, paints an unpleasant scenario for SentinelOne. Although security clearances are revoked routinely, Meyer said it\u2019s highly unusual for them to be revoked by presidential executive order. \u201cThe fact that you\u2019re doing this by an executive order is odd,\u201d he said.<\/p>\n

\u201cYou cannot just revoke the clearance without going through the process, even if you\u2019re the president. The first thing that should happen is there should be a security review, maybe interrogatories, then a statement of reasons, and then you respond to the statement of reasons.\u201d <\/p>\n

\u2014 Dan Meyer, Equity Partner,
Tully Rinckey PLLC<\/p>\n

This adds a layer of complexity to what will likely be a lengthy administrative and legal process facing both Krebs and SentinelOne. \u201cYou cannot just revoke the clearance without going through the process, even if you\u2019re the president. The first thing that should happen is there should be a security review, maybe interrogatories, then a statement of reasons, and then you respond to the statement of reasons,\u201d Meyer said. \u201cIf you\u2019re a contractor, you can eventually go in front of a judge, have a hearing, and appeal, and the judge makes the final decision on the clearance.\u201d<\/p>\n

Retribution for Krebs\u2019 role in vouching for the 2020 election<\/h2>\n

Chris Krebs, the founding director of CISA who is well-respected among cybersecurity professionals, was fired<\/a> by Trump in 2020 for vouching for the integrity of the 2020 election<\/a>, which Trump lost to Joe Biden.<\/p>\n

In his order, Trump offers a litany of disjointed allegations against Krebs, whom he calls a \u201cbad faith\u201d actor. He accuses Krebs of denying that the 2020 was rigged, \u201cblinding\u201d the American public about the controversy over Hunter Biden\u2019s laptop, and skewing \u201cthe bona fide debate about COVID-19.\u201d<\/p>\n

He also calls for a review of Krebs\u2019s role as a government employee, including his leadership of the CISA, and a comprehensive evaluation of \u201call of CISA\u2019s activities over the last 6 years\u201d to \u201cidentify any instances where Krebs\u2019 or CISA\u2019s conduct appears to be contrary to the administration\u2019s commitment to free speech and ending federal censorship.\u201d<\/p>\n

In a Fox News video of the EO\u2019s signing appearing on X<\/a>, Trump again wrongly claimed that the 2020 election was \u201cbadly rigged\u201d and called Krebs \u201ca wise guy.\u201d<\/p>\n

\u201cThe overwhelming balance of the evidence before the public today suggests that Trump is using the powers of the presidency to single out Krebs for retaliation because Krebs did his job.\u201d<\/p>\n

Dakota S. Rudesill, associate professor at Moritz College of Law<\/p>\n

However, \u201cDespite the accusations of the White House, we have no hard evidence of actual wrongdoing by Krebs from what I can tell,\u201d Dakota S. Rudesill, associate professor at Moritz College of Law and national security simulation director at the Mershon Center for International Security Studies at Ohio State University, told CSO.<\/p>\n

\u201cInstead, the overwhelming balance of the evidence before the public today suggests that Trump is using the powers of the presidency to single out Krebs for retaliation because Krebs did his job,\u201d Rudesill added. \u201cHe did so in the face of threats and did not back down even after Trump fired him in November 2020. He ought to be celebrated.\u201d<\/p>\n

Like living \u2018in Stalin\u2019s Soviet Union\u2019<\/h2>\n

At the same time Trump revoked security clearances from Krebs and SentinelOne, he issued another executive order<\/a> revoking the security clearance of former Department of Homeland Security official Miles Taylor, as well as any entities associated with him, including the University of Pennsylvania.<\/p>\n

Taylor is\u00a0a veteran of multiple Republican administrations who served as chief of staff to Homeland Security\u00a0Secretary John Kelly during Trump\u2019s first administration and then wrote a tell-all book entitled A Warning<\/em> under the pen name Anonymous. Trump\u2019s EO regarding Taylor likewise presents a string of jangled allegations against his former official and calls for an investigation into Taylor\u2019s activities as a government employee.<\/p>\n

Moreover, simultaneously with the EOs against Krebs, Taylor, and their associates, Trump signed a third order<\/a> stripping the security clearances from prominent law firm Susman Godfrey, restricting its access to government buildings, and threatening to cancel federal contracts held by the firm\u2019s clients.<\/p>\n

\u201cWith each new executive order stripping or suspending security clearances, the language becomes more personal and less professional and in violation of existing law.\u201d <\/p>\n

Mark Zaid, managing partner of Mark S. Zaid, P.C.<\/p>\n

Susman Godfrey was just the latest<\/a> in a string of clearance revocations hitting law firms and political \u201cenemies,\u201d such as President Joe Biden and former Vice President Kamala Harris.<\/p>\n

All these punitive actions are highly concerning to security clearance experts. \u201cWith each new executive order stripping or suspending security clearances, the language becomes more personal and less professional and in violation of existing law,\u201d Mark Zaid, security clearance expert and managing partner of Mark S. Zaid, P.C., told CSO.<\/p>\n

\u201cIt is particularly egregious that innocent people who are nothing but associated with the targeted person are being punished as if they were guilty of something,\u201d Zaid said. \u201cWe might as well live in Stalin\u2019s Soviet Union.\u201d<\/p>\n

Problematic precedent for cybersecurity vendors<\/h2>\n

As bad as the EO is for Chris Krebs, it poses a highly problematic situation for SentinelOne. Cybersecurity vendors depend on security clearances to provide contracted services to the government and to obtain or discuss frequently classified or sensitive government intelligence for research they provide to clients.<\/p>\n

SentinelOne is a federal government contractor offering its Singularity Platform<\/a> to various government agencies, including CISA. The platform is designed to \u201cachieve zero trust, secure the cloud, and maximize data value.\u201d<\/p>\n

In SentinelOne\u2019s most recent earnings call, CEO Tomer Weingarten predicted solid growth in the company\u2019s government business despite the cost-slashing work of Elon Musk\u2019s DOGE initiative. \u201cWe\u2019ve actually seen our federal pipeline expand,\u201d he said. \u201cIt\u2019s a definite source of demand for us.\u201d<\/p>\n

However, Trump\u2019s order holds profound concerns for how SentinelOne conducts its business until it challenges the clearance revocation and goes through a long, time-consuming, well-established administrative and legal process \u201cdesigned for the analog era,\u201d as Tully Rinckey\u2019s Meyer puts it. \u00a0<\/p>\n

\u201cIf you lose the personnel security clearance of your team management officials in these companies, they lose their facilities clearance, which [is required] to contract for classified work.\u201d Without that clearance, \u201cevery contract you have is now void, and you can\u2019t perform on it\u201d without going through the process, which can take months or even years, Meyer says.<\/p>\n

In a statement, SentinelOne told CSO, \u201cRegarding the Executive Order dated April 9, 2025, which focused on Chris Krebs in his prior role as a government employee, we will actively cooperate in any review of security clearances held by any of our personnel \u2014 currently less than 10 employees overall \u2014 only where required by existing government processes and procedures to secure government systems. Accordingly, we do not expect this to materially impact our business in any way.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

In an ominous development for the cybersecurity industry, US President Donald Trump revoked the security clearance of former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs, now chief intelligence and public policy officer at cybersecurity giant SentinelOne. Trump also revoked any active security clearance held by individuals at entities associated with Krebs, including those […]<\/p>\n","protected":false},"author":0,"featured_media":2701,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2729","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2729"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2729"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2729\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2701"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}