In a Wednesday letter, U.S. Senator Ron Wyden claimed America’s cybersecurity watchdog does not trust the military and first responders’ cellphone network.
The intelligence committee’s Oregon Democrat wrote to the NSA and CISA (CISA). FirstNet, a public safety mobile network, is involved.
“They had no confidence in the security of FirstNet, in large part because they have not seen the results of any cybersecurity audits conducted against this government-only network,” an unidentified CISA expert told Wyden’s staff last year, the letter said, urging the authority to share its internal audits with CISA, NSA, and Congress.
CISA said it would answer Wyden personally. NSA did not respond. AT&T Inc. (T.N), which constructed FirstNet, addressed queries to an executive. However, the executive didn’t respond until late Tuesday.
Wyden’s letter mentions Signaling System No. 7 (SS7), a decades-old technology that lets foreign cellphone networks exchange data, such as while roaming.
Security experts warn spies and hackers may misuse the protocol to intercept text messages and locate users.
Although SS7’s security issues are well-known, Wyden said the lack of transparency about FirstNet’s safety safeguards, created after the Sept. 11, 2001 attacks to improve first responders’ communication, was particularly concerning.
“These security deficiencies are also a national security risk, particularly if foreign governments might use them to target U.S. government people,” his letter read.
Gary Miller, a mobile network security specialist at the University of Toronto’s Citizen Lab, agreed with Wyden and called audit opacity “extremely disturbing.”
Wyden urged FirstNet to share security audits with the NSA and CISA or to commission its own.
The Federal Communications Commission, White House, and OMB, all copied on the letter, did not immediately reply to demands for comment.
Comment Template