Rep. Andrew Garbarino, R-N.Y., who chairs the House Homeland Security Committee’s Cybersecurity and Infrastructure Protection subcommittee, is pressing Homeland Security Secretary Kristi Noem about updating cybersecurity planning for the U.S. communications sector, and on maintaining an existing program that helps to evaluate the security of mobile apps that have ties to adversarial nations.
In a June 5 letter to Noem, Garbarino asked that the secretary “prioritize” a review of the role that DHS’s Cybersecurity and Infrastructure Security Agency (CISA) component plays as the designated sector risk management agency for the communications sector, and asked when CISA will update its sector-specific plan for the sector, which dates back to 2015.
The congressman also cautioned against CISA taking action to end its existing mobile app vetting (MAV) program, and said he was “concerned to hear that the program will terminate in June 2025.”
Rep. Garbarino asked for a briefing from DHS on both of those issues by June 13.
That vetting program, according to CISA’s website, is shared service “that evaluates the security of government-developed mobile applications (apps) and third-party apps downloaded from Google Play and the Apple App Store,” with an eye to identifying vulnerabilities and flaws “so Federal Civilian Executive Branch (FCEB) agencies can take the necessary steps to either resolve identified issues or decide against deploying an app to prevent cyberattacks on mobile devices and enterprise systems.”
“CISA must be equipped with the right tools and able to provide relevant guidance to improve the security of mobile devices, which have been repeatedly targeted by the People’s Republic of China (PRC),” Rep. Garbarino said.
“Whether it is PRC-owned apps or nation-state sponsored actors, such as Salt Typhoon, CISA must be prepared to address commercial telecommunications infrastructure vulnerabilities that impact the security of our government mobile devices – a role that is especially important given CISA’s mandate to protect Federal Civilian Executive Branch (FCEB) networks,” the congressman said.
“The termination of mobile device security programs would not only create a void in the ability to assess vulnerabilities on mobile devices, but also send the wrong signal to FCEB agencies, which are currently on heightened alert about the cybersecurity posture of their mobile devices due to Salt Typhoon,” Rep. Garbarino said.