Cyber Memo Warns of New Cybersecurity Risks to White House Network
An internal memo on cybersecurity, obtained by Axios, warns that the White House is posturing itself to be electronically compromised once again.
According to Axios, at least a dozen top- or high-level officials have resigned or been pushed out of a cybersecurity mission that was established under Barack Obama to protect the White House from Russian hacking and other threats.
The Office of the Chief Information Security Officer (OCISO) was absorbed into the Office of the Chief Information Officer (OCIO) in July. In a memo, doubled as a formal resignation letter by its author, Dimitrios Vastakis, who was the branch chief of the White House computer network defense, said this was a "significant shift in the priorirties of senior leadership where business operations and quality of service take precedence over securing the President's network. As a career [cybersecurity] professional, this is alarming. Also of concern is the metric leadership is leveraging to gauge success of the cybersecurity program. Measuring the success of your security staff by the frequency major compromises are identified versus the duration of time since the last compromise is absurd."
The memo reads:
"It is my express opinion that the remaining incumbent OCISO staff is being systematically targeted for removal from the Office of Administration (OA) through various means, such as: revocation of incentives, reducing the scope of duties, reducing access to programs, revoking access to buildings, and revoking positions with strategic and tactical decision making authorities. In addition, habitually being hostile to incumbent OCISO staff has been a staple tactic for the new leadership. It has forced the majority of GS-14 and GS-15 staff to resign. It is for this very reason why I submitted my resignation today. It is why the remaining OCISO staff will continue to resign.
"I have seen the planned organizational structure for the cybersecurity mission going forward. It essentially transfers the entire mission to the White House Communications Agency (WHCA). All key decision making roles and leadership will no longer [be] staffed by EOP individuals. To me, this is in direct conflict with the recommendations made by the OA Office of General Counsel (OA GC). The main concern of OA GC was the oversight of the PRA data and records. Considering the level of network access and privileged capabilities that cybersecurity staff have, it is highly concerning that the entire cybersecurity apparatus is being handed over to non-PRA entities.
"They say that history repeats itself. Unfortunately, given all of the changes I've seen in the past three months, I foresee the White House is posturing itself to be electronically compromised once again. Allowing for a large portion of institutional knowledge to concurrently walk right out of the front door seems contrary to the best interests of the mission and the organization as a whole."