WEST PALM BEACH, Fla. —Even with high-technology surveillance for presidential security at the Southern White House, it’s all for naught without human vigilance, cybersecurity experts say.
Secret Service agents, law enforcement and on-site security can’t —and shouldn’t —be the only safeguards to keep trespassers at bay, whether or not President Donald Trump is in town, they said. Mar-a-Lago staff must be trained to know how to spot someone who doesn’t belong.
“We see organizations of all sizes —banks, hospitals, universities and government agencies —putting all kinds of investments for security: hardware, software, more personnel,” said Silka Gonzalez, president of Coral Gables-based cybersecurity company ERMProtect. “But they don’t pay enough attention to educating all of the regular users, and many times they become the ones that become the prey and expose their organization. You see that over and over again.”
Since Trump’s inauguration in January 2017, at least six people have been arrested for trespassing at his Palm Beach club.
The most recent incident happened Dec. 18, when a 56-year-old Chinese woman with an expired U.S. visa was accused of trying to access Mar-a-Lago’s grounds through the main gate. When the club’s security turned Lu Jing away, she left and walked 100 yards onto the property through the service entrance. Jing was tracked down and arrested on posh Worth Avenue.
Two days later, Trump arrived at Mar-a-Lago for a two-week stay.
Most of the incidents have occurred while Trump was out of town, and most of the trespassers were encountered by either security staff or Secret Service agents.
But one case that drew scrutiny about the fortitude of the club’s security was Yujing Zhang, 33, who was sentenced last month after she was found to have lied about wanting to use the pool and told the receptionist that she was there instead for a “United Nations Chinese-American Friendship Event.”
Testimony and documents at Zhang’s trial pointed to alert scrutiny by a Mar-a-Lago employee for red-flagging the Chinese woman.
Still, the Zhang case raised concerns among some U.S. lawmakers about spying at the president’s South Florida properties. A particular detail that made some members of Congress wonder whether Zhang was a spy, although she was never charged under the Espionage Act, was the fact that she was found with a number of electronic devices, including a thumb drive containing malware.
The second concern was how Zhang was allowed in, as security officials appeared to first accept her claim she was going to the pool and then erroneously believed she was related to a club member.
The Secret Service has said its job is not to keep the guest list, but to ensure no one entering the club has any weapons. Indeed, it was a receptionist who raised suspicions about Zhang, noticing that she took videos inside the club, which is not allowed, and was “fascinated by the decorations,” and notified an agent.
ERMProtect’s Gonzalez added that training all staff to read red flags, whether it’s language or behavior, “can indicate there’s something wrong.”
“The first reaction for human beings is to be helpful and to trust,” she said. “They could do it maliciously and people need to be trained to understand when those things are happening so they can be the first line of defense.”
Brad Deflin, founder and CEO of Total Digital Security in West Palm Beach, agreed.
“Where I think some fail to really stay up to speed in what’s going on is up to the human side,” he said.
Deflin added that the fact that it was the receptionist who stopped Zhang, rather than a security officer, isn’t necessarily a negative thing, as it indicates she was “well-hired, trained and alert to actually realize that something was wrong.”
He likened it to a recent incident in Riviera Beach. There a ransomware attack was initiated when someone in the police department opened a phishing email, which then locked up the city’s online operations with encryption and led to a ransom payment of $600,000.
“The level of awareness of these matters is pretty low, but the risk is elevating,” Deflin said. “Whether it’s at Mar-a-Lago or Riviera Beach … you tend to come back to the human factor.”
Typically, if her clients experience a “wake-up call” kind of breach, Gonzalez said most go back and review their operations to see what went wrong and what can be improved.
“I imagine they would do that, especially because he’s the president,” Gonzalez said.
Everardo Villasenor, of Boca Raton-based Avanti IT Consulting, said it’s “always a challenge to keep the balance between the operations and the security procedures.” But it’s up to security forces, both physical and cyber, to “constantly analyze practices.”
“I think after an incident, those analyses elevate,” Villasenor said. “I think the Secret Service is going to enforce bigger and better controls.”
(EDITORS: STORY CAN END HERE)
At least one member of Congress thinks the Yujing Zhang breach was a reflection of how Trump treats national security.
“The president has absolutely no regard for making sure we can keep Americans safe, that we can make sure that we protect our national security interests,” U.S. Rep. Debbie Wasserman Schultz, D-Fla., told The Palm Beach Post after speaking at a protest of Trump’s Sunrise rally last month. Zhang had just been sentenced the previous day.
The Broward Democrat tallied Zhang’s trespass and EU Ambassador Gordon Sondland speaking with Trump on the phone at a crowded Kyiv restaurant as evidence of “how disturbing and cavalier the president is about protecting our national security,” she said.