The Cybersecurity and Infrastructure Security Agency plans to release a 2022 report on telecommunications industry security vulnerabilities that a top lawmaker had said he would use as leverage to block President Donald Trump’s nominee to lead the cyberdefense agency.
The effort has been led by Sen. Ron Wyden, D-Ore., a privacy hawk and a senior member on the Senate Intelligence Committee. The nominee for CISA director, Sean Plankey, is scheduled to be voted on in the Senate Homeland Security Committee on Wednesday, and would face a hold invoked by Wyden on the full Senate floor unless the report is released.
Wyden has previously said that he “repeatedly urged” the cybersecurity agency to release the findings and even asked then-CISA Director Jen Easterly about it in a February 27, 2024, phone call.
The senator added that the report’s contents have been viewed by his staff and that it contains information that Americans have the right to see.
“CISA’s multi-year cover up of the phone companies’ negligent cybersecurity has real consequences,” Wyden said in April, citing sweeping Chinese intrusions into swaths of U.S. telecommunications infrastructure that was discovered around a year ago.
The penetrations, attributed to Salt Typhoon — a moniker assigned to the hackers by Microsoft threat researchers — hit at least nine U.S. telecom providers and some of their systems that facilitate law enforcement’s court-authorized wiretap requests. Salt Typhoon has also breached multiple overseas communications providers.
The intrusions and their impact on U.S. national security occurred because American phone carriers failed to implement standard cybersecurity measures and federal agencies failed to hold them accountable, Wyden has argued.
“CISA intends to release the U.S. Telecommunications Insecurity Report (2022), that was developed but never released under the Biden administration in 2022, with proper clearance,” CISA public affairs director Marci McCarthy said in an email to Nextgov/FCW.
“CISA has worked with telecommunications providers before, during and after Salt Typhoon — sharing timely threat intelligence, providing technical support and continues to have close collaboration with our federal partners to safeguard America’s communications infrastructure,” McCarthy added.
Wyden has also cited a whistleblower report filed last year from a CISA official, who told the Federal Communications Commission that “there have been numerous incidents of successful, unauthorized attempts to access the network user location data of communications service providers operating in the USA.”
Senate rules permit any senator to place an unlimited hold on a federal nominee, and such blockages can be used as leverage to compel executive branch agencies to meet lawmakers’ demands. A hold can’t entirely prevent a nominee from passing but would force Senate leadership to invoke additional procedural hurdles to get the confirmation to the finish line.
On Tuesday, Wyden was able to pass a bill through the Senate to force the public release of the report.
“Congress and the American people deserve to read this report. It includes frankly shocking details about national security threats to our country’s phone system that require immediate action,” he said on the Senate floor on Monday.
Nextgov/FCW has also reached out to Wyden’s office to ask for comment about CISA’s decision to release the report.
The post CISA vows to publish 2022 telecom-security report to get its next director confirmed appeared first on Defense One.
