An internal White House memo published today by Axios reveals that recent changes to the information operations and security organizations there have left the security team in tumult, with many members headed for the door. And the chief of the White House's computer network defense branch—who wrote the memo after submitting his resignation—warned that the White House was likely headed toward another network compromise and theft of data.

The White House Office of the Chief Information Security Officer was set up after the 2014 breach of an unclassified White House network by Russian intelligence—a breach discovered by a friendly foreign government. But in a July reorganization, the OCISO was dissolved and its duties placed under the White House Office of the Chief Information Officer, led by CIO Ben Pauwels and Director of White House IT Roger L. Stone. Stone was pulled from the ranks of the National Security Council where he was deputy senior director for resilience policy. (Stone is not related to indicted Republican political consultant Roger J. Stone.)

The resulting changes have put an emphasis more on convenience than security. The Office of Administration at the White House has reportedly been purging information security staffers while responsibility for cybersecurity is outsourced from the streamlined IT operations team. In August, White House CISO Joe Schatz left the White House for a tech consulting job. And according to the memo, senior security experts have been leaving en masse since then as the White House has become increasingly hostile to the information security team.

“Targeted for removal”

"It is my express opinion that the remaining incumbent OCISO staff is being systematically targeted for removal from the Office of Administration," departing White House network defense branch chief Dimitrios Vastakis wrote in the memo. The security team had seen incentive pay revoked, scope of duties cut, and access to systems and facilities reduced, Vastakis noted. Staffers' "positions with strategic and tactical decision making authorities" had also been revoked. "In addition, habitually being hostile to incumbent OCISO staff has become a staple tactic for the new leadership... it has forced the majority of [senior civil servant] OCISO staff to resign."

Vastakis warned that the transferral of virtually all of the White House's cybersecurity operations to the White House Communications Agency—a Defense Department organization that falls under the Defense Information Systems Agency—was in "direct conflict" with the advice of the Office of Administration's general counsel. He added that it also puts information required to be preserved by the Presidential Records Act outside of the Executive Office of the President's oversight.

"Considering the level of network access and privileged capabilities that cybersecurity staff had," Vastakis wrote, "it is highly concerning that the entire cybersecurity apparatus is being handed over to non-PRA entities."

In closing, Vastakis warned, "Allowing for a large portion of institutional knowledge to concurrently walk right out the front door seems contrary to the best interests of the mission and the organization as a whole." And reflecting on the previous vulnerabilities in White House IT operations, he noted, "given all the changes I've seen in the last three months, I foresee the White House is posturing itself to be electronically compromised once again."