Scoop: Cyber memo warns of new risks to White House network

An internal memo on cybersecurity, obtained by Axios, warns that "the White House is posturing itself to be electronically compromised once again."

The state of play: That's after at least a dozen top- or high-level officials have resigned or been pushed out of a cybersecurity mission that was established under Barack Obama to protect the White House from Russian hacking and other threats, according to conversations with several current and former officials.

Why it matters: Warnings by officials from the former Office of the Chief Information Security Officer (OCISO) — which in July was folded into the Office of the Chief Information Officer (OCIO) — suggest new intelligence vulnerabilities. One White House official familiar with the developments said the consolidations could lead to a "Wild West" atmosphere.

Details: Many of the concerns are detailed in an Oct. 17 internal memo written by a senior White House cybersecurity director who is among the officials who have left the mission.

• The memo doubled as a formal resignation letter by its author, Dimitrios Vastakis, who was the branch chief of the White House computer network defense. Vastakis did not respond to requests for comment.
• Vastakis worked in the OCISO, established after Russian hackers breached some White House computers in 2014.
• OCISO was created to "take on the responsibility of securing the Presidential Information Technology Community (PITC) network," per the internal memo.

The White House did not immediately respond to requests for comment.

• A White House source familiar with the plans told me: "You have an entire section who’s dedicated to providing counter threat intelligence information" and "if you remove that, it’s like the Wild West again."

The president's team is trying to force out the career staff, especially the expert staff hired under Obama, according to another source familiar with the changes. They said the effects could leave the White House vulnerable to a "network compromise."

The organizational structure for the cybersecurity mission going forward also raises questions about the continuity, oversight and retention of records that had been covered by the Presidential Records Act (PRA).

• "It is highly concerning that the entire cybersecurity apparatus is being handed over to non-PRA entities," the memo says.
• "This is a significant shift in the priorities of senior leadership, where business operations and quality of service take precedence over securing the President's network," the memo says. "As a career cyber security professional, this is alarming."

Some cybersecurity officials feel they're being pushed out.

• OCISO staff are "systematically being targeted for removal from the Office of the Administration (OA) through various means," the memo says. Those included "revocation of incentives, reducing the scope of duties, reducing access to programs, revoking access to buildings, and revoking positions with strategic and tactical decision making authorities."
• Several sources described growing internal resentment after it was announced two months ago that staff would no longer be receiving their annual bonuses on Oct. 1.
• Others have left voluntarily for different opportunities. Joe Schatz, the former White House Chief Information Security officer, left the team in August for a technology consulting firm, according to a news release.

Read the memo