Blog Posts

"Systemic Failure"

April 23, 2007

From the Oversight and Government Reform Committee:

New Evidence of Security Problems at the White House
Current and former employees of the White House Security Office have reported to Chairman Waxman that there was a systemic failure at the White House to follow procedures for protecting classified information. According to the security officers, the White House regularly ignored security breaches, prevented security inspections of the West Wing, and condoned mismanagement of the White House Security Office.

Documents and Links

  • Letter to Former White House Chief of Staff Andrew Card Regarding New Evidence of Security Problems at the White House
  • The letter to Card elaborates:

    The White House regularly ignored security breaches. The security officers described multiple instances of security breaches that were reported to the White House Security Office by concerned officials, such as Secret Service agents, but ignored by the White House Security Office. Several of the security violations involved mishandling of “Sensitive Compartmentalized Information” (SCI), the highest level of classified information, such as leaving SCI materials unattended in a hotel room.

    The White House blocked security inspections of the West Wing. According to the security officers, they were prohibited from conducting unannounced inspections of West Wing offices, which undermined their ability to assess compliance and deter violations. In addition, they reported that the White House denied the Information Security Oversight Office of the National Archives permission to inspect the West Wing, despite the fact that Executive Order 12958 gives this Archives office the authority to inspect all executive branch offices to ensure the effectiveness of security programs.

    The White House condoned mismanagement at the White House Security Office. The security officers described the leadership of the White House Security Office as poor managers who habitually flouted basic security procedures and allowed other White House officials to do the same.

    The allegations of misconduct described in this letter are serious matters with ramifications for our national security. According to the security officers, they have triggered an exodus of qualified security officials from the White House Security Office. Now that an investigation has been initiated by Congress, you have, I believe, an obligation to cooperate. I hope you will recognize this obligation and choose to appear before the Committee voluntarily, rather than under compulsory process.

    The letter also raises serious questions about White House compliance with Executive Order 12958:

    White House Security Breaches and Lack of Corrective Action
    Under Executive Order 12958 and applicable regulations, the White House must investigate security breaches, implement prompt corrective action to deter future violations, and punish violators. Federal employees who commit security violations can be subject to a range of administrative sanctions, including reprimand, suspension without pay, denial of access to classified information, and termination.

    In practice, these requirements appear to have been routinely ignored by the White House. According to the security officers who spoke with my staff, they were prohibited from investigating multiple White House security breaches that were reported to the White House Security Office by concerned officials, such as Secret Service agents. In fact, they said that the practice within the White House Security Office was not to document or investigate violations or take corrective action.

    Full letter in extended entry:

    April 23, 2007

    Mr. Andrew Card
    1207 Buchanan Street
    McLean, VA 22101

    Dear Mr. Card:

    Since I first wrote you on March 30, 2007, I have received new information that suggests there may have been a systemic failure to safeguard classified information at the White House during and after your tenure as White House Chief of Staff. Multiple current and former White House security personnel have informed my staff that White House practices have been dangerously inadequate with respect to investigating security violations, taking corrective action following breaches, and physically securing classified information. I urge you to cooperate with the Oversight Committee’s investigation into these security lapses by testifying voluntarily before the Committee.

    On March 16, 2007, the Oversight Committee held a hearing to examine the disclosure by White House officials of the covert status of CIA officer Valerie Plame Wilson. At this hearing, the current Chief Security Officer at the White House, James Knodell, testified that the White House Security Office (1) did not conduct any internal investigation to identify the source of the leak, (2) did not initiate corrective actions to prevent future security breaches, and (3) did not consider administrative sanctions or reprimands for the officials involved. The failure of the White House to take these actions appears to be a violation of Executive Order 12958, which establishes minimum requirements for safeguarding classified information and responding to breaches.

    Following the hearing, my staff heard from multiple current and former security officials who work or worked at the White House Security Office. These security officials described a systemic breakdown in security procedures at the White House. The statements of these officials, if true, indicate that the security lapses that characterized the White House response to the leak of Ms. Wilson’s identity were not an isolated occurrence, but part of a pattern of disregard for the basic requirements for protecting our national security secrets.

    Each of the multiple security officers who spoke with my staff had firsthand knowledge of the inner workings of the White House Security Office. Although they asked for anonymity to protect themselves from retaliation, they each gave consistent accounts. According to these security officers:

    The White House regularly ignored security breaches. The security officers described multiple instances of security breaches that were reported to the White House Security Office by concerned officials, such as Secret Service agents, but ignored by the White House Security Office. Several of the security violations involved mishandling of “Sensitive Compartmentalized Information” (SCI), the highest level of classified information, such as leaving SCI materials unattended in a hotel room.

    The White House blocked security inspections of the West Wing. According to the security officers, they were prohibited from conducting unannounced inspections of West Wing offices, which undermined their ability to assess compliance and deter violations. In addition, they reported that the White House denied the Information Security Oversight Office of the National Archives permission to inspect the West Wing, despite the fact that Executive Order 12958 gives this Archives office the authority to inspect all executive branch offices to ensure the effectiveness of security programs.

    The White House condoned mismanagement at the White House Security Office. The security officers described the leadership of the White House Security Office as poor managers who habitually flouted basic security procedures and allowed other White House officials to do the same.

    The allegations of misconduct described in this letter are serious matters with ramifications for our national security. According to the security officers, they have triggered an exodus of qualified security officials from the White House Security Office. Now that an investigation has been initiated by Congress, you have, I believe, an obligation to cooperate. I hope you will recognize this obligation and choose to appear before the Committee voluntarily, rather than under compulsory process.

    White House Security Breaches and Lack of Corrective Action

    Under Executive Order 12958 and applicable regulations, the White House must investigate security breaches, implement prompt corrective action to deter future violations, and punish violators. Federal employees who commit security violations can be subject to a range of administrative sanctions, including reprimand, suspension without pay, denial of access to classified information, and termination.

    In practice, these requirements appear to have been routinely ignored by the White House. According to the security officers who spoke with my staff, they were prohibited from investigating multiple White House security breaches that were reported to the White House Security Office by concerned officials, such as Secret Service agents. In fact, they said that the practice within the White House Security Office was not to document or investigate violations or take corrective action.

    Under the Executive Order, the designation of Sensitive Compartmented Information (SCI) is the highest level of security classification. Security officers told my staff that the White House has not adequately safeguarded SCI materials, and they provided several examples of White House security breaches involving SCI. For example, according to one officer, a junior White House aide reported that a senior assistant to the President improperly disclosed SCI to him, even though he had no security clearance. According to this officer, the White House Security Office took no steps to investigate or take corrective action.

    Another security officer reported that a White House official left SCI material behind in a hotel room during a foreign trip with the President. Although the CIA recovered the SCI material and reported the incident, the White House Security Office did not investigate, seek remedial action, or discipline the responsible official.

    The security officers also described numerous examples of White House officials failing to physically secure classified information within the White House in accordance with applicable security requirements. The officers related that they had received numerous reports of White House officials leaving classified information out on their desks, rather than in secure locations. Yet according to the officers, the White House Security Office made no effort to investigate these violations or implement any remedial actions.

    Prohibition on West Wing Inspections

    The West Wing of the White House contains the offices of many of the most powerful officials in government. Your office was located in the West Wing, as are the offices of the President’s other top advisors. The officials with offices in the West Wing routinely receive access to the nation’s most sensitive national security secrets. For this reason, ensuring that all West Wing officials follow appropriate procedures for securing classified information is an important national security priority.

    During the previous administration, security specialists working for the White House Security Office were given access to all White House offices, including those in the West Wing. Under the Bush Administration, however, access for security officers was revoked. As a result, only the senior management of the White House Security Office (such as the Director and Deputy Director) retained the authority to enter the West Wing without advance notice to and assistance from West Wing personnel.

    According to the security officers, the denial of access to the West Wing has had serious adverse effects. The officers report that they and other security officers working in the White House Security Office do not have the ability to perform basic security functions, such as conducting unannounced inspections of West Wing offices. As a consequence, the security officers said that the White House Security Office could learn about West Wing security violations only when such incidents were self-reported by the violators or happened to be noticed and reported by Secret Service officials.

    Executive Order 12958 gives an arm of the National Archives, the Information Security Oversight Office, government-wide authority to conduct on-site inspections of all executive branch offices and agencies to ensure that security programs are effective. Yet according to the security officers, this Archives office was also denied access to the West Wing.

    The security officers said that the Information Security Oversight Office informed the White House Security Office in 2005 that it would be conducting an inspection of offices within the White House. The security officers reported that after an initial meeting, a senior White House official intervened and instructed the White House Security Office to block any inspection of the West Wing. The security officers expressed shock that the Information Security Oversight Office was not permitted to conduct an inspection.

    Mismanagement at the White House Security Office

    The current and former security officials were highly critical of the senior management of the White House Security Office for failing to act as an independent watchdog to ensure that effective security practices are implemented and followed in the White House. According to the security officers, James Knodell, the Director of the White House Security Office, and Ken Greeson, the Deputy Director, are poor managers who are unwilling to assert authority over White House security practices because they are loath to inconvenience or embarrass White House officials. The security officers also said that Mr. Knodell and Mr. Greeson lack experience and understanding regarding classified information controls because their previous experience was at the Secret Service, not in an information security office.

    One serious concern of the security officers is that Mr. Knodell and Mr. Greeson routinely violate basic security guidelines. Security procedures prohibit bringing electronic communication devices into a sensitive compartmented information facility (SCIF). The security officers said that Mr. Knodell and Mr. Greeson habitually violate this prohibition by bringing Blackberry devices and cell phones into the SCIF in the White House Security Office and allowed others, such as visiting White House personnel, to do the same. They said that this practice continued even after security officers repeatedly informed Mr. Knodell and Mr. Greeson that the practice violates security rules and sets a poor example. In addition, the security officers said that Mr. Greeson was reported to have improperly placed classified information on an unsecure computer.

    According to the security officers, the poor management and bad examples set by Mr. Knodell and Mr. Greeson caused extreme frustration and plummeting morale among White House security officers, resulting in the departure of more than half of the White House security officers within the last year.

    Conclusion

    The allegations of the security officers raise many questions about White House security procedures during and after your tenure as White House Chief of Staff. They describe a systemic neglect of the basic rules for protecting our nation’s national security secrets. As you can surely understand, investigating these allegations and ensuring that appropriate procedures are in place at the White House is a priority for the Oversight Committee.

    I hope you will recognize that you have an obligation to cooperate in this inquiry and agree to appear voluntarily before the Committee. It would be regrettable if you were to resist responsible oversight of these alleged abuses and require the Committee to issue a subpoena to compel your attendance at a Committee hearing.

    Sincerely,

    Henry A. Waxman
    Chairman

    cc: Tom Davis
    Ranking Minority Member