Chris Krebs Keynotes CyberWarCon 2021
In recent years ahead of Thanksgiving, I’ve made an effort to attend one of the newest CONs on the circuit and maybe now my favorite – CyberWarCon. Unfortunately, the protracted pandemic robbed us of an opportunity to meet in 2020, so I was especially amped that 2021 was a "go" and excitedly so knowing that Chris Krebs would be keynoting and he did not disappoint. A year removed from the 2020 elections, Krebs took the stage, noting it was CISA’s 3rd year in existence. Ironically, with comedic flair, Krebs reminded us that the day also marked the one-year anniversary of his unceremonious firing from his role as head of the agency, resulting in laughs and smiles all around. We settled in, and Krebs began his remarks.
Three Key Issues that Rivals Exploit
In his estimation, three issues that embolden our adversaries and currently impact our decision calculus should be top of mind for anyone engaged in the fight against them.
Distraction. Dilution. Permissive environments.
- First, increased aggression by opposing forces (e.g., Federal Security Service (FSB) brute-forcing) has caused significant distractions. Loss of signal due to the noise of state and non-state sponsored actors and expanded aggression diverts attention from the defense of critical assets. He pointedly noted that we don’t have enough incident responders—some stay in IR roles because they love the public mission. In contrast, others tire due to fatigue or are lured away by lucrative offers in other sectors.
- Second, the government is experiencing a diluted talent pool. “The havoc it creates” has resulted in a seismic shifting of finite resources to fill defensive gaps. Krebs noted that entities are especially suffering from a lack of red team capabilities.
- Third, our infrastructures/environments are “too permissive.” Other presenters echoed similar sentiments. As a result, we suffer from “Unthinkable complexity” and the inability to defend our government, institutions, and commercial entities.
Key Takeaways
In the end, the growing complexity of the digital world is contributing to the burnout of network owners and operators. Krebs suggests that we can improve our odds by collectively addressing systemic access issues in software, reviewing the effectiveness of our disinformation and countering disinformation strategies, and boost ransomware preparedness.
Each of these recommendations resonate with me and line up with client needs that come up during engagements.
Lares empathizes with organizations bearing the brunt of defending assets and tasked with brand protection.
We remain committed to delivering quality services to help organizations to incorporate the recommendations
Krebs has highlighted. Further, we are constantly aiding IR and red teams keen on shoring up their capabilities in the face of global threats. What do you think about the issues Krebs raises? We’d love to hear from you. Last, let us know if we can help your team(s) in any way. We are here to help.
If you are celebrating Thanksgiving this week or simply spending time with family, have an amazing time!
Cheers!!
From the website – CYBERWARCON is a one-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities. CYBERWARCON is not a hacker conference, or an ICS conference, or an international policy conference. The central purpose of this conference is to identify and explore threats. Participants and attendees come from a spectrum of backgrounds, including the military and government, academia, the media, and the private sector.

Mark Arnold has a 15+ cybersecurity career, serving 8 of those years in leadership roles. As a transformational leader, Mark has built security teams and programs, authored maturity model blueprints to optimize risk management processes, and implemented security domain practices at large enterprises and service providers. Mark’s areas of interest include cloud security, threat intelligence, and vulnerability research, nation-state attack methods and related activities (e.g. information operations and disinformation campaigns) and their collective impact on nations and society. Mark recently completed an executive education cohort on the intersection of cybersecurity and technology at Harvard’s Kennedy School.