Rep. Ted Lieu, D-Calif., wants the White House to respond to reports that it’s forcing high-ranking officials in the Office of the Chief Information Security Officer to step down.
One lawmaker is taking the Trump administration to task over allegations that it’s forcing senior White House cybersecurity officials to resign from their posts.
On Friday, Rep. Ted Lieu, D-Calif., demanded the White House offer an explanation for the recent exodus of cybersecurity officials from the Office of the Chief Information Security Officer. The request came days after reports that more than a dozen high-ranking cyber officials had left their roles under pressure from the White House, which sought to purge the office of Obama-era staffers.
In a letter to the president’s acting Chief of Staff Mick Mulvaney, Lieu voiced concerns over the administration’s handling of its cybersecurity wing, arguing the loss of institutional knowledge could leave the White House vulnerable to attacks.
“A White House data breach would give our adversaries an untold advantage in almost every foreign policy and national security matter,” Lieu wrote.
The Office of the Chief Information Security Officer was created after a 2014 incident where Russian hackers breached the White House’s unclassified computer network, and in the years since, the group served as the primary coordinator for the White House’s digital networks. But according to recent reports, organizational changes are slowly stripping the office of its teeth.
In an email obtained last week by Axios, Dimitrios Vastakis, former branch chief of the White House computer network defense, said the administration is engaging in a coordinated campaign to oust career cybersecurity officials. According to the email, staffers are “systematically being targeted for removal” through strategies that include “revocation of incentives, reducing the scope of duties, reducing access to programs, revoking access to buildings, and revoking positions with strategic and tactical decision making authorities.”
As a result, Vastakis said, “the White House is posturing itself to be electronically compromised once again.”
Lieu referenced Vastakis’ allegations in the letter and pressed Mulvaney to disclose any attempts by the administration to remove career cyber staff “without good cause.” He went on to ask whether the White House plans to fill the newly vacated positions.
Though every administration has “the prerogative to pick their team,” it takes time to rebuild institutional knowledge, according to Cyxtera Federal Group President and former Federal Chief Information Security Officer Greg Touhill. Until that happens, he said, organizations might find themselves less prepared to respond to incidents.
“That kind of experience doesn’t come overnight. It certainly takes a long time to get used to what the lanes in the road are or could be,” Touhill said in a conversation with Nextgov. “Any time you have any transitions of personnel, you’re going to have to deal with some loss of organizational prowess, skill, knowledge, and your reaction time does go down. It takes longer to make better-informed decisions when you lose that institutional knowledge and have to play catch up.”
Lieu also questioned the administration’s decision to fold its cybersecurity office into the White House’s Office of the Chief Information Officer, which exempts the group from a law requiring officials to archive records. He said the move “fits the President’s history of obstructing and hiding transcripts and government business by manipulating internal bureaucratic procedures,” and the White House should provide its rationale for the decision to Congress.