{"id":2854,"date":"2025-04-18T00:53:32","date_gmt":"2025-04-18T00:53:32","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2854"},"modified":"2025-04-18T00:53:32","modified_gmt":"2025-04-18T00:53:32","slug":"will-politicization-of-security-clearances-make-us-cybersecurity-firms-radioactive","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2854","title":{"rendered":"Will politicization of security clearances make US cybersecurity firms radioactive?"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

With the US government now tying security clearances to the support of specific political positions, many in the security community fear it may tar US vendors with the same brush as their Russian and Chinese counterparts. Will enterprise CISOs now have to worry about whether they can rely on American threat intel?<\/p>\n

More broadly, will security vendors, many of whom absolutely need security clearances for financial survival, take problematic positions to retain or obtain those clearances?\u00a0<\/p>\n

\u201cThe reality is that I don\u2019t think CISOs are cognizant of the implications here. The fact that Trump cozies up to Russia is problematic at best,\u201d said serial enterprise security chief Jim Routh. Routh has held CISO and other senior cybersecurity roles at MassMutual (CISO), CVS (CSO), Aetna (at different times, both CSO and CISO), KPMG (CISO), American Express (CISO) and JP Morgan Chase (Global Head of Application, Mobile and Internet Security). Today he serves as the chief trust officer at security vendor Saviynt.<\/p>\n

Routh argued that threats from Russia, China, North Korea, and Iran are much more important today than a few years ago. With government intelligence resources being sharply cut back, that means that enterprises must rely far more on commercial cybersecurity intelligence and services. Those are the firms that need security clearances, and what the White House did is politicize the process, Routh said.\u00a0<\/p>\n

\u201cThis is an issue that CISOs need to worry about, and I don\u2019t think they are,\u201d Routh said.\u00a0<\/p>\n

Risk that CISOs will lose faith in US firms<\/h2>\n

The risk with the politicization of security clearances is that CISOs around the world, including CISOs representing American enterprises, are going to start losing faith in the integrity of information coming from US cybersecurity companies.\u00a0<\/p>\n

Routh said that he believes that, because he did it himself. When he was the CISO at Aetna, the team was evaluating Russian cybersecurity firm Kaspersky.\u00a0<\/p>\n

Even though the technology was excellent and the group had heard nothing specifically bad about Kaspersky, they knew that it was tightly integrated with the Russian government, and they simply didn\u2019t trust the Russian government. \u201cI remember bouncing Kaspersky from everything in our enterprise,\u201d Routh said.<\/p>\n

\u201c[Kaspersky] had some good capabilities but it was simply not worth it. We made a tradeoff decision,\u201d Routh said, describing the relationship between Kaspersky and Russia as \u201ccloudy and uncertain, very similar to China and ByteDance.\u201d<\/p>\n

Beauceron Security CEO David Shipley echoed and extended Routh\u2019s concerns.<\/p>\n

\u201cWhat happens if [the Trump administration] asks you to look the other way on something?\u201d such as the deletion of Russian state actor cyber attacks from threat intel files, Shipley asked. \u201cLet\u2019s say that certain exploits are being designed by [now friendly governments] and they say, \u2018Don\u2019t report this in your EDR.\u2019\u201d<\/p>\n

He said that Trump\u2019s actions are, perhaps unintentionally, a massive gift to cybersecurity firms elsewhere \u2014 from Canada, Australia, Israel, India, Germany and Japan, places that would love to displace US cybersecurity firms.<\/p>\n

\u201cThe American tech brand itself just suffered a brutal beating. If I was a global CISO, I would be re-evaluating where I am sourcing my technology from to make sure that they are not being interfered with by their government,\u201d Shipley said. \u201cPeople have to start planning to switch technology vendors to those based in countries where the rule of law still exists and democratic norms still exist. The damage to the American technology brand will be incalculable. CISOs need [cybersecurity vendors] that are not following the political whims of whoever is in office.\u201d<\/p>\n

Other than Kaspersky, Shipley, and others, referred to Chinese security equipment maker Nuctech<\/a> as another good example of a security company tainted by its relationship with its government.\u00a0<\/p>\n

What brought this on<\/h2>\n

This is mostly a reaction to a White House order<\/a> on Wednesday that tied security clearances to supporting political concepts.\u00a0<\/p>\n

The order chastised Chris Krebs, the former head of Trump\u2019s Cybersecurity and Infrastructure Security Agency (CISA).\u00a0<\/p>\n

\u201cKrebs\u2019 misconduct involved the censorship of disfavored speech implicating the 2020 election and COVID-19 pandemic. CISA, under Krebs\u2019 leadership, suppressed conservative viewpoints under the guise of combatting supposed disinformation, and recruited and coerced major social media platforms to further its partisan mission,\u201d it read.<\/p>\n

Trump then announced the punishment: \u201cThose who engage in or support such conduct must not have continued access to our Nation\u2019s secrets. Accordingly, I hereby direct the heads of executive departments and agencies (agencies) to immediately take steps consistent with existing law to revoke any active security clearance held by Christopher Krebs<\/a>. I further direct the Attorney General, the Director of National Intelligence, and all other relevant agencies to immediately take all action as necessary and consistent with existing law to suspend any active security clearances held by individuals at entities associated with Krebs, including SentinelOne, pending a review of whether such clearances are consistent with the national interest.\u201d<\/p>\n

On Thursday, Krebs resigned from SentinelOne<\/a>, presumably hoping that Trump would then spare the company and not remove its employees\u2019 security clearances.\u00a0<\/p>\n

The current status of the security clearances for both Krebs and SentinelOne is unclear. The White House statement said the agency heads should revoke Krebs\u2019 credentials, but it never said if that had happened yet. The same situation exists with SentinelOne. Neither the White House press office nor the media relations contact at SentinelOne commented on the clearance\u2019s current status.\u00a0<\/p>\n

Kurtis Minder, the CEO of GroupSense, a Virginia company that sells threat intel to enterprises, said that the kind of wholesale switching of cybersecurity companies described is difficult, but it may ultimately happen.<\/p>\n

\u201cWhen CISOs have to start taking into account the pedigree of the [security vendor\u2019s] leadership and the political positions that they have held in the past, in my mind that becomes untenable,\u201d Minder said. \u201cIt may have to happen, and that is a bad thing.\u201d<\/p>\n

\u201cUS CISOs would have to start wondering if those companies were safe bets,\u201d he said, and \u201cit would resurface concerns\u201d about governments asking for spyware and backdoors<\/a>.\u00a0<\/p>\n

Minder was one of several cybersecurity executives who are waiting to see if the SentinelOne incident proves to be isolated, or the beginning of a trend.<\/p>\n

\u201cDepending on how this one is pushed, and if it happens to another cybersecurity company for any reason,\u201d Minder said, \u201cthis is the first volley and we\u2019ll have to wait and see where it lands.\u201d<\/p>\n

Minder was candid when asked what his firm would do if a government asked them to do something that he felt would hurt their customers, and threatened to yank security clearances if they refused.\u00a0<\/p>\n

He said that he would bring it to the company\u2019s board, and all options would be evaluated in line with fiduciary obligations.\u00a0<\/p>\n

Could just be payback<\/h2>\n

But not everyone interpreted the security clearance order as especially problematic.<\/p>\n

\u201cI think this is primarily an issue with Trump and Chris specifically. It has to do with the election issue. SentinelOne is just temporary collateral damage,\u201d said Steve Zalewski, the former CISO at Levis Strauss. He has held senior cybersecurity roles at both Pacific Gas & Electric and Kaiser Permanente; today he is a cybersecurity advisor for S3 Consulting.<\/p>\n

\u201cTrump is just being a New Yorker who does not forget a slight. Chris crossed him and this is payback,\u201d Zalewski said. \u201cWhat if he does it to other security companies? I don\u2019t think that is in [Trump\u2019s] mind. I don\u2019t think he\u2019s trying to make a deal. He\u2019s just doing a little payback.\u201d<\/p>\n

Most analysts declined to comment on the Trump efforts, but Will Townsend, a principal analyst with Moor Insights & Strategy, said he doubts that the order will have much of an impact on the industry.<\/p>\n

\u201cThe US boasts the most cybersecurity companies in the world, led by Microsoft, Cisco, CrowdStrike, Palo Alto Networks, and Zscaler, among many others including SentinelOne. I don\u2019t foresee CISOs moving their business to other regions based on what\u2019s materialized with Krebs resignation,\u201d Townsend said. \u201cMany may speculate that the pressure on Krebs was politically motivated, since he led CISA, but only those with security clearances will know the truth, and if SentinelOne truly poses any risks as a security provider to the US federal government.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

With the US government now tying security clearances to the support of specific political positions, many in the security community fear it may tar US vendors with the same brush as their Russian and Chinese counterparts. Will enterprise CISOs now have to worry about whether they can rely on American threat intel? More broadly, will […]<\/p>\n","protected":false},"author":0,"featured_media":2805,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2854"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2854"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2854\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2805"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}