A Chinese woman carrying a device containing malware was
arrested at Mar-a-Lago earlier this week, stoking concerns about security and
access at U.S. President Donald Trump’s resort.
U.S. Secret Service agents arrested Yujing Zhang on Saturday
after she bluffed her way through perimeter checkpoints by telling one agent
she wanted to use the resort’s pool and another that she was attending a United
Nations Chinese American Association event. No event was scheduled, however,
and the agents escorted her from the premises and arrested her.
They later discovered that Zhang was carrying four
cellphones, a hard drive, a laptop, and a USB drive containing malware.
“Federal officials said they were still investigating Ms.
Zhang and what kind of malware was on her thumb drive,” according to The New York Times. “It was not yet clear whether she was just a striver seeking
selfies at the president’s resort or whether she had links to Chinese
Zhang was charged with making false statements and entering
a restricted area; she’s being held in custody before a court hearing next
week, which the Chinese Consulate General in Houston is providing assistance
Her arrest exposed security challenges that the Secret
Service has faced in securing the president’s luxury resort—which he and
members of his family frequently visit—because it does not have complete
control over the facility, unlike the White House in Washington, D.C.
“The Secret Service does not determine who is invited or
welcome at Mar-a-Lago; this is the responsibility of the host entity,” the Secret
Service said in a rare statement released earlier this week. “The Mar-a-Lago
club management determines which members and guests are granted access to the
The arrest also shows how disperse security teams must work
together to address physical threats that can have cybersecurity repercussions.
“As the White House Communications Agency and Secret Service
coordinate to establish secure areas at Mar-a-Lago for handling classified
information when the president travels there, these potential vulnerabilities
have serious national security implications,” wrote U.S. Senators Chuck Schumer
(D-NY), Dianne Feinstein (D-CA), and Mark Warner (D-VA) in a letter to FBI
Director Christopher Wray.
And these challenges are not just limited to the Secret
Service. In an April 2019 feature, Security Management takes a look at how private
sector physical and cybersecurity teams are working together to address
“You have to have a physical security program, a personnel
security program, an operations security program, and an information security
program all working together to protect data,” says Matthew Hollandsworth, CPP,
CISSP, director of corporate security, facilities, and safety at American
Hollandsworth helped create an insider threat committee at
his company with representation from security, IT security, human resources,
finance, legal, and client-facing verticals of the business to address security
risks in a holistic way.
“We’ve had an example where IT identified an
individual that had downloaded around 100 gigs of data, taken that, and put it
on their personal thumb drive,” Hollandsworth explains. “There was no reason
for that, so IT let me know about it. And it turned out to be something
innocent—this guy was just moving data from one computer to another—but that
communication path was there. That process was there.”