Companies Must Prepare for Cyberthreats, Specifically From China, Ex-CISA Director Says

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
2 min read
A picture of former CISA Director Chris Krebs speaking at the Black Hat conference.

Former CISA Director Chris Krebs speaks to the crowd at Black Hat.

CNET/Bree Fowler

What's happening

Speaking at the Black Hat cybersecurity conference, former CISA Director Chris Krebs says US companies need to boost their cyberdefenses and think about the future.

Why it matters

Cyberthreats from state-sponsored hacking operations, as well as sophisticated cybercrime gangs, continue to rise.

Companies need to be thinking about the future when making  security  decisions today, as threats from around the world continue to rise, the former director of the US Cybersecurity and Infrastructure Security Agency said.

The ranks of cybercrime groups continue to grow, as do the state-sponsored hacking operations of countries like Russia, China, North Korea and Iran, along with less obvious ones, Chris Krebs told a crowd during the opening keynote of the Black Hat cybersecurity conference Wednesday.

The annual Las Vegas, Nevada, event brings together thousands of hackers and other security professionals each August, though attendance appeared down a bit from past years, with some regular attendees opting instead for the online version of the conference in the wake of the global pandemic.

Krebs, who oversaw election security during the 2020 presidential election and was fired by tweet from his post by President Donald Trump, currently runs a security consultancy with former Facebook Chief Security Officer Alex Stamos. At CISA, Krebs ran a government website debunking false claims of election fraud. His firing received backlash from the cybersecurity community and lawmakers.

Specifically, Krebs said Wednesday that every company needs to be thinking about how their security could be affected by a Chinese invasion of Taiwan. While he doesn't know if it will happen tomorrow or six months from now, Krebs said that based on conversations he's had with national security officials, Chinese military action is all but inevitable.

Meanwhile, corporate computer systems are becoming increasingly complex and companies collecting more data than ever, making the idea of attacking them more enticing.

"We have a pathological need to connect things to the internet," Krebs said, noting that the average person has data-collecting devices in their cars and homes, as well as in and on their bodies.

"These things are generating an incredible amount of data exhaust, digital exhaust," he said, adding that overall those devices are becoming more complex, not less.

Krebs said that CISA, under the leadership of current director Jen Easterly, is doing a lot to secure both government agencies and companies, while still managing to remain nonpartisan and nonpolitical. But he said it will be largely up to cybersecurity professionals, like those at Black Hat, to get the hard work done. 

"I'm confident we can fix this," he said. "We can move forward and get those security outcomes that we're trying to."