In the world of cybersecurity, where truth is paramount and trust is everything, silence can be louder than an alarm.
President Trump issued an executive order earlier this month accusing Chris Krebs—his former appointee and ex-director of the Cybersecurity and Infrastructure Security Agency—of abusing his authority during the 2020 election. The order directs the Department of Homeland Security and the Attorney General to investigate Krebs and discourage federal contracts with entities linked to him, specifically naming SentinelOne, the $5.6 billion cybersecurity firm where he served as chief intelligence and public policy officer. On Wednesday, Krebs announced his resignation.
Krebs, who oversaw the federal investigation into voter fraud and called the 2020 election “the most secure in American history,” was fired by Trump shortly after making that statement.
This executive order targeting a private citizen—particularly one who publicly refuted false claims—raises serious constitutional concerns. The move appears retaliatory and may infringe on First Amendment and due process protections. Yet despite the stakes, the cybersecurity industry has remained largely silent.
What Happened in 2020?
Krebs wasn’t acting as a partisan. He was Trump’s own appointee to lead CISA—the agency charged with protecting the nation’s critical infrastructure, including elections. In the run-up to the 2020 presidential election, Krebs and his team worked tirelessly with state and local election officials to safeguard systems against foreign interference and domestic cyber threats.
When the votes were counted and no credible evidence of widespread fraud emerged—despite a tidal wave of disinformation—CISA issued a joint statement declaring the 2020 election “the most secure in American history.” Over 60 lawsuits attempting to challenge the results were dismissed across the country—primarily due to a complete lack of evidence to support the claims. Many of those decisions came from Republican-appointed judges. The facts were clear.
But truth, in today’s climate, has become a political liability.
For doing his job—and doing it well—Krebs was fired via tweet. And now, years later, he has been further targeted by an Executive Order that effectively seeks to blacklist him, his employer, and his professional associates. The message is unmistakable: disloyalty to the narrative will be punished.
In the years since, Trump has continued to claim the election was stolen. Now, those claims have escalated into formal retaliation through executive action.
Is the Executive Order Even Legal?
While opinions differ on the legality of the Executive Order, legal scholars warn that it sets a troubling precedent.
At its core, it appears to punish a private citizen for protected speech, which violates the First Amendment. Krebs was fired from his role at CISA for publicly affirming that the 2020 election was secure—an assessment backed by dozens of court rulings and independent audits. Now, years later, he’s the subject of an order that calls for a federal investigation and labels him a “bad-faith actor” for doing his job.
According to Petra Molnar, a professor and author of The Walls Have Eyes: Surviving Migration in the Age of Artificial Intelligence, “targeting former officials perceived to be in opposition to the current administration is not constitutional.” She adds that the Executive Order “undermines the crucial separation of powers between the President’s Executive Office, the Legislative Branch, and the Justice Department.”
The Constitution explicitly forbids Congress from issuing bills of attainder—laws that single out individuals for punishment without trial. While that restriction technically applies to the Legislative branch, the spirit of it clearly applies here. The Supreme Court emphasized in Cummings v Missouri, “The Constitution deals with substance, not shadows. Its inhibition was leveled at the thing, not the name. It intended that the rights of the citizen should be secure against deprivation for past conduct by legislative enactment, under any form, however disguised.”
Harold Hongju Koh argues in a post on Just Security, “The Trump administration’s claim that the president alone can issue what would be forbidden bills of attainder if enacted by legislation represents a dangerous misreading of the Constitution’s history.”
The Cybersecurity Community’s Deafening Silence
While some leaders have spoken out, far too many in the cybersecurity community have remained silent—perhaps hoping to avoid attention, or unsure of how to respond.
There are admittedly a few brave voices—like Katie Moussouris of Luta Security, cybersecurity journalist Brian Krebs (no relation to Chris Krebs), Richard Stiennon, chief research analyst with IT-Harvest, and a smattering of others. In general, however, the cybersecurity industry has largely stayed quiet. In fact, many sources I reached out to refused to comment on the record for this story.
No public statements from RSAC conference organizers. No press releases from leading vendors. No formal pushback from industry alliances. It’s not just disappointing—it’s damning.
Many organizations seem to believe they can sidestep this conflict by remaining neutral. But neutrality in the face of injustice is a choice—it’s a choice to appease. And appeasement doesn’t work.
The Illusion of Safety Through Silence
We’ve seen this play out in other sectors. Columbia University has faced intense scrutiny and backlash not for what it said, but for what it failed to say—and the compromises it made to stay in the good graces of political power. Paul Weiss, once a symbol of legal prestige, has come under fire for pulling away from defending academic clients under political pressure.
Contrast that with Harvard University, which has rejected demands from the Trump administration and publicly defended democratic norms. Or Perkins Coie, the law firm that continues to represent election officials and fight disinformation, even under threat.
Where are the Harvard Universities and Perkins Coie law firms of the cybersecurity world?
The Krebs case is a crucible. It reveals who is willing to stand for principle—and who is hoping the storm passes them by. But that’s not how this works. You don’t avoid authoritarianism by looking the other way. You feed it. You enable it.
Silence Equals Consent
It is standard in parliamentary procedure that silence gives consent. In other words, if nobody speaks up to object, the action or motion is considered approved. That same general philosophy applies to the world at large.
History has shown that when institutions remain silent as others are targeted, it rarely stops with the first. Silence signals permission, not neutrality.
Anecdotally, it seems that most people have gone through the thought exercise at some point of considering what they would have done if they lived in Germany during Hitler’s rise. History often challenges us with the same question: What do we do when truth is under attack and democratic norms are eroded? Today, we’re no longer imagining that test—we’re living it.
People don’t ponder these questions and think, “I would remain silent.” They ponder them and imagine themselves as a noble hero—standing up for truth, liberty and freedom.
And yet, here we are.
Freedom isn’t free and actions have consequences. Will there be repercussions for organizations that defy Trump’s whims? Maybe. Current events suggest the odds are good.
But, millions of Americans have given their lives to support and defend the Constitution and stand up for democracy and freedom. The least cybersecurity vendors, law firms, universities, and other targeted organizations can do is risk sacrificing government contracts and revenue to stand up for their principles and the rule of law.
If a former CISA director, a nationally respected cybersecurity expert, can be targeted for doing his job and speaking the truth, what makes you think you’ll be safe when your turn comes?
The Stakes Are Bigger Than One Person
This is not about left or right. It’s not about politics. It’s about whether we allow power to dictate truth, or whether we stand up to defend it—even when it’s hard. Especially when it’s hard.
The cybersecurity industry has always portrayed itself as the vanguard—defenders of infrastructure, truth, and resilience. But right now, it’s at risk of becoming just another silent institution, hoping the monster it won’t name doesn’t notice it.
Remaining silent in moments like this risks normalizing retaliation. It’s time for the industry to reclaim its voice.
A Call to Speak
The industry has a choice to make. Speaking out now may feel risky, but staying silent could cost far more. This is a moment to lead—not just for one person, but for the principles that define the work cybersecurity professionals do.
Too many in the industry have stayed quiet—now is the time to speak up.
