Lieu seeks answers from White House about cybersecurity purge

A member of Congress wants Acting White House Chief of Staff Mick Mulvaney to answer for recent reports that indicate the White House's cybersecurity team has been gutted.

In an Oct. 25 letter, Rep. Ted Lieu (D-Calif.) references an Oct. 17 memo from Dimitrios Vastakis, former Branch Chief of White House Computer Network titled "Cyber Security Personnel Leaving Office of the Administration at an Alarming Rate."

Vastakis, complains that his Office of the Chief Information Security Officer had been absorbed into the CIO office and claims officials White House have been "systematically" targeting security personnel with “hostile” actions meant to drive them out and objected to changes in organizational structure that would put the team’s actions under a White House entity not covered by the Presidential Records Act.

The memo, obtained and first reported on in Axios, claimed that these tactics included revoking incentives, reducing the scope of duties, reducing access to programs and buildings and revoking positions with strategic and tactical decision-making authorities. It notes that these tactics have "forced the majority of GS-14 and GS-15 OCISO staff to resign."

"While the immediate concern of a potential network breach is paramount, cyber infiltration can also result in a long-term serious threat to national security," Lieu wrote. "Additionally, the apparent effort to move cybersecurity operations into an office exempt from the Presidential Records Act fits the President’s history of obstructing and hiding transcripts and government business by manipulating internal bureaucratic procedures."

The memo has raised alarm in some quarters about whether the changes will make White House systems more vulnerable to compromise from foreign intelligence agencies and hacking groups. Those concerns are only heightened going into a 2020 Presidential election cycle that U.S. officials have said are already being targeted by Russia, Iran and others. Recently, Microsoft revealed that an Iranian group had targeted 241 Microsoft email accounts associated with U.S. government officials, journalists and a presidential campaign later identified as the Trump 2020 campaign.

Lieu, who sits on the House Foreign Affairs and Judiciary Committees, asks Mulvaney whether he is aware of efforts to oust White House cybersecurity officials, what steps he’s taking to find replacements, why an organizational change was made to put the team under an entity not covered by the Presidential Records Act, whether intelligence agencies have weighed in on the changes and if he will commit to provide Congress with documents related to the decision.

"A White House data breach would give our adversaries an untold advantage in almost every foreign policy and national security matter," he wrote.