Continued suppression of a report from the Cybersecurity and Infrastructure Security Agency (CISA) that identifies significant U.S. telecommunications vulnerabilities is undermining the public’s understanding of these threats and ability to have input on national security measures, two Democratic senators warned.
The letter, signed by Sens. Ron Wyden, D-Ore., and Mark Warner, D-Va., and sent on Nov. 12 to Homeland Security Secretary Kristi Noem and National Intelligence Director Tulsi Gabbard requested that an unclassified report titled “U.S. Telecommunications Insecurity 2022.”
That report, senators noted, was supposed to be published several months ago but “remains hidden from the American public.” Its release is also mandated under the Telecom Cybersecurity Transparency Act, which was introduced by Wyden and passed by the Senate in July, but still awaits a final vote from the House.
“The continued suppression of a report identifying serious vulnerabilities of the U.S. telecommunications sector undermines the public’s understanding of these threats and stymies an important public debate on a path forward to secure the U.S. telecommunications sector and protect the U.S. Government and all Americans who rely on that sector,” the senators wrote.
Wyden previously pressed for the report’s release during the Senate confirmation hearing for Sean Plankey to become CISA’s director. Wyden said he would place a hold on the nomination because of CISA’s refusal to release the 2022 report. Plankey’s nomination awaits Senate confirmation.
CISA had said at the time that the report would publish once it received “proper clearance.”
In July, Wyden said in a statement that the report contains “frankly shocking details about national security threats to our country’s phone system that require immediate action.”
In the Nov. 12 letter, Wyden and Warner pointed to recent large-scale hacks of U.S. telecom networks, including an attack from China’s Salt Typhoon last fall that targeted senior Biden and Trump administration officials. That attack, senators wrote, poses “one of the most serious espionage campaigns against the communications of U.S. government leaders in history.”
“Foreign adversaries – including non-state actors – have been able to exploit longstanding vulnerabilities in U.S. phone networks to track phones, tap calls and texts, and remotely infect phones with spyware,” the senators wrote, adding that “a recent compromise by nation-state actors of a major service provider to U.S. communications firms suggests that significant threats to this sector continue.”
In addition to the report’s release, the senators also requested that the Federal Communications Commission be required to maintain mandatory minimum cybersecurity standards for the communications sector.