Chris Krebs wants to establish a new agency to focus on privacy, data and cyber risks facing the U.S., or to pull the Cybersecurity and Infrastructure Security Agency from under the Department of Homeland Security.
The federal government should establish a new "U.S. Digital Agency" to counter risks associated with emerging digital threats and to further bolster national security around privacy and data management, according to the first-ever director of the Cybersecurity and Infrastructure Security Agency.
Former CISA chief Chris Krebs called on Congress to "make a smarter, more efficient, more organized government" by reassessing how federal agencies confront digital challenges, as well as the organizational structures that make up the federal cyber landscape.
Krebs told an audience at the Black Hat computer security conference on Wednesday that he was working with a digital team at the global nonprofit Aspen Institute to provide lawmakers with recommendations on how the U.S. can better protect its cyber assets and public digital privacy, including a new agency "focused on empowering better digital risk management services."
Krebs called for the new agency he was envisioning to take elements from CISA, the National Institute of Standards and Technology, the National Telecommunications and Information Administration, the Department of Energy and National Labs, as well as the Federal Communications Commission and Federal Trade commission, to cover areas including cyber, privacy, trust and digital safety.
"We're not where we need to be," Krebs said about the current organizational structure and state of federal cybersecurity. "We're falling behind and America is suffering as a result."
As the first director of CISA, Krebs was appointed by former President Donald Trump in 2018 to lead the agency, and later fired following remarks he made to CBS' "60 Minutes" in which he described the 2020 election as "the most secure in American history" and refuted Trump's false widespread voter fraud claims.
Krebs said Wednesday he wasn't confident the current Congress could deliver on establishing a new agency to handle emerging threats and cyber risks. As an alternative, he offered a simpler solution: "Pulling CISA out of the Department of Homeland Security."
The former head of the agency said CISA has the authority to serve as an operational agency on its own and could become a sub-cabinet agency if removed from DHS.
The key in what path Congress takes, he added, is to determine what the federal government wants to optimize for, from public-private partnerships to new regulatory frameworks.
"We have to take a harder look at the way we're organized," Krebs said.