Wyden to Hold Up Trump CISA Nominee Over Telecom ‘Cover Up’: Report
U.S. Senator Ron Wyden (D-OR) reportedly is threatening to hold up the nomination of President Trump’s nominee to head CISA over concerns about the country’s telecommunications industry’s security practices in the wake of network breaches last year by China-backed hackers.
According to Reuters, Wyden today will release a statement saying he wants the nation’s top cybersecurity agency to release a three-year-old report regarding security issues within the U.S. telecom industry before he will consider the nomination of Sean Plankey as CISA director.
The senator in the remarks, which Reuters said it reviewed, is claiming a “multi-year cover up” of security deficiencies within the U.S. telecom network.
Senate rules allow a single senator to hold up presidential nominations, a powerful tactic often used to pressure presidential administrations to change rules or other actions that the senators disagree with. Most recently, Republican Senator Tommy Tuberville of Alabama during the Biden Administration for months help up military promotions that needed Senate confirmation in protest of the military’s abortion policies.
According to Reuters, Wyden used the tactic in 2018 to hold up Trump’s nomination of Chris Krebs as the first head of CISA until the Department of Homeland Security handed over information about cellphone surveillance and eventually lifted the hold when DHS complied.
Cybersecurity Concerns
Wyden over the past several years has been highly critical of the cybersecurity of major organizations as a growing number of threat groups backed by the Chinese government have breached IT and telecom networks to steal sensitive information and spy on companies and government agencies.
In 2023, the senator sent a harshly worded letter to heads of CISA, the Justice Department, and Federal Trade Commission urging that Microsoft be held accountable for an attack by Chinese advanced persistent threat (APT) group Storm-0558, which stole a signing key from the IT giant and hacked into Microsoft 365 and Exchange Online accounts, stealing email from government and corporate accounts.
Salt Typhoon Breaches
He also has been vocal about the major hack by another Chinese state-sponsored group, Salt Typhoon, into the networks of at least nine U.S. telecommunications carriers, including AT&T, Verizon, and T-Mobile, and other such companies around the world.
The extent of the breach has become more apparent during months of investigation, with U.S. officials saying in December the bad actors had spent months inside the networks before being discovered and that the attacks were ongoing.
Salt Typhoon stole large amounts of phone call data, intercepted audio and text messages, and targeted both presidential campaigns, according to CISA and the FBI. One U.S. official reportedly said that the metadata of a “large number” of Americans had been stolen by the threat group.
Criticism of DoD
In December, Wyden and Senator Eric Schmitt (R-MO) called on the Defense Department’s inspector general to investigate the DoD’s multibillion-dollar contracts with major communications companies, saying the department’s work with the companies despite known cybersecurity weaknesses threatened the country’s national security.
“DOD’s failure to secure its unclassified voice, video, and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage,” Wyden and Schmitt wrote. “Moreover, although DOD is among the largest buyers of wireless telephone service in the United States, it has failed to use its purchasing power to require cyber defenses and accountability from wireless carriers.”
Hack was ‘Inevitable’
Later in the month, Wyden drafted a bill called the Secure American Communications Act that called on the Federal Communications Commission – which vowed to push for stronger security for telecoms in the aftermath of Salt Typhoon’s attacks – to implement secure security requirements on telecoms.
“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden wrote. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security.”
