Mar-a-Lago Arrest Shines Light On Security

Today in Security: Mar-a-Lago Arrest Shines Light On Security

A Chinese woman carrying a device containing malware was arrested at Mar-a-Lago earlier this week, stoking concerns about security and access at U.S. President Donald Trump’s resort.

U.S. Secret Service agents arrested Yujing Zhang on Saturday after she bluffed her way through perimeter checkpoints by telling one agent she wanted to use the resort’s pool and another that she was attending a United Nations Chinese American Association event. No event was scheduled, however, and the agents escorted her from the premises and arrested her.

​They later discovered that Zhang was carrying four cellphones, a hard drive, a laptop, and a USB drive containing malware.

“Federal officials said they were still investigating Ms. Zhang and what kind of malware was on her thumb drive,” according to The New York​ Times. “It was not yet clear whether she was just a striver seeking selfies at the president’s resort or whether she had links to Chinese intelligence.”

 Zhang was charged with making false statements and entering a restricted area; she’s being held in custody before a court hearing next week, which the Chinese Consulate General in Houston is providing assistance for.

Her arrest exposed security challenges that the Secret Service has faced in securing the president’s luxury resort—which he and members of his family frequently visit—because it does not have complete control over the facility, unlike the White House in Washington, D.C.

“The Secret Service does not determine who is invited or welcome at Mar-a-Lago; this is the responsibility of the host entity,” the Secret Service said in a rare statement released earlier this week. “The Mar-a-Lago club management determines which members and guests are granted access to the property.”

The arrest also shows how disperse security teams must work together to address physical threats that can have cybersecurity repercussions.

“As the White House Communications Agency and Secret Service coordinate to establish secure areas at Mar-a-Lago for handling classified information when the president travels there, these potential vulnerabilities have serious national security implications,” wrote U.S. Senators Chuck Schumer (D-NY), Dianne Feinstein (D-CA), and Mark Warner (D-VA) in a letter to FBI Director Christopher Wray.

​And these challenges are not just limited to the Secret Service. In an April 2019 feature, Security Management takes a look at how private sector physical and cybersecurity teams are working together to address corporate threats.

“You have to have a physical security program, a personnel security program, an operations security program, and an information security program all working together to protect data,” says Matthew Hollandsworth, CPP, CISSP, director of corporate security, facilities, and safety at American Systems. 

​Hollandsworth helped create an insider threat committee at his company with representation from security, IT security, human resources, finance, legal, and client-facing verticals of the business to address security risks in a holistic way.

“We’ve had an example where IT identified an individual that had downloaded around 100 gigs of data, taken that, and put it on their personal thumb drive,” Hollandsworth explains. “There was no reason for that, so IT let me know about it. And it turned out to be something innocent—this guy was just moving data from one computer to another—but that communication path was there. That process was there.”