Internal memo warns of disturbing White House cybersecurity weaknesses: ‘This is alarming’
Cybersecurity specialists will continue to be in heavy demand in the years to come as everyone from banks to media companies worry about the possibility of their online activities being hacked. The public sector, of course, needs to be concerned about cybersecurity as well, but according to an internal memo obtained by Axios, not enough is being done to protect cybersecurity in the White House.
“The White House is posturing itself to be electronically compromised once again,” cybersecurity expert Dimitrios Vastakis warned in the memo. Vastakis, until recently, handled security for the White House’s computer systems, and according to Axios’ Alexi McCammond, the memo “doubled as a formal resignation letter.”
Vastakis worked in the Office of the Chief Information Security Officer (OCISO), which as McCammond explains, was folded into the Office of the Chief Information Officer (OCIO) in July. The OCISO was established in 2014 — back when Barack Obama was president — after White House computers were breached by Russian hackers, who gained access to sensitive information like Obama’s daily schedule.
In the memo, Vastakis noted that OSICO was created to “take on the responsibility of securing the Presidential Information Technology Community (PITC) network.” And at least a dozen officials from the former OSICO, McCammond notes, have either resigned or been pushed out.
Quoted anonymously, a source familiar with White House security matters told Axios, “you have an entire section who’s dedicated to providing counter threat intelligence information…. If you remove that, it’s like the Wild West again.”
Vastakis, in the memo, expressed concerns about the maintenance of White House records that had been covered by the Presidential Records Act (PRA). The security expert warned, “It is highly concerning that the entire cybersecurity apparatus is being handed over to non-PRA entities…. This is a significant shift in the priorities of senior leadership, where business operations and quality of service take precedence over securing the president's network. As a career cyber security professional, this is alarming.”