An internal White House memo published today by Axios reveals that recent changes to intelligence services and security organizations have left the security team in disarray, with many members heading out the door. And the head of the White House’s computer network security agency—who wrote a memo after his resignation—warned that the White House may be open to another network compromise and data theft.
The White House Office of the Chief Information Security Officer was appointed after the 2014 breach of an unclassified White House network by Russian intelligence — a breach discovered by a friendly foreign government. But in a July reorganization, OCISO was disbanded and its operations placed under the White House Office of the Chief Information Officer, managed by CIO Ben Paulels and Director of White House IT Roger L. Stone. Stone was drawn from the ranks of the National Security Council where he was the senior deputy director for resilience policy. (Stone is not related to Republican political consultant Roger J. Stone.)
The resulting changes have put more emphasis on convenience than security. The Office of Management at the White House has reportedly purged information security staff while responsibility for cybersecurity has been outsourced from the IT task force. In August, White House CISO Joe Schatz left the White House for a technology consulting job. And according to the memo, top security experts have generally been leaving since then as the White House has become hostile to the information security team.
“We aim for withdrawal”
“It is my clear opinion that the remaining OCISO staff were systematically targeted for removal from the Office of Management,” said outgoing White House cybersecurity chief Dimitrios Vastakis. wrote in a note. The security team has seen the removal of incentive pay, the completion of cut jobs, and reduced access to systems and equipment, Vastakis noted. The “employee positions including the procedure and procedure of the authorities” has also been abolished. “Additionally, corruption against incumbent OCISO officials has become a key strategy for the new leadership … it has forced most (senior) OCISO officials to resign.”
Vastakis warned that the transfer of nearly all of the White House’s cybersecurity operations to the White House Communications Center — a Defense Department organization that falls under the Defense Intelligence Agency — is in “direct conflict” with public opinion. of the Office of Administration. He added that he also submitted information required by the Presidential Records Act to be stored outside the Executive Office of the President.
“Considering the level of network access and privilege capabilities that cybersecurity personnel have,” Vastakis wrote, “it’s really concerning that all cybersecurity equipment is outsourced to non-PRA agencies.”
In closing, Vastakis cautioned, “Allowing a large portion of institutional knowledge to simultaneously walk through the front door seems to be against the best interests of the mission and the organization as a whole.” And reflecting on previous weaknesses in White House IT operations, he noted, “given all the changes I’ve seen in the last three months, I already see that the White House is proving itself to be an electronic discipline one more time.”