Article Details

Wyden blocks Trump's CISA boss nominee, blames cyber agency for 'actively hiding info' about telecom insecurity. It worked for in 2018 with Chris Krebs. Will it work again?. Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, has been "actively hiding information" about American telecommunications networks' weak security for years, according to Senator Ron Wyden. The Oregon Democrat said he will block the nomination of Sean Plankey to lead the agency until CISA releases an unclassified 2022 report on the matter. Wyden, a senior member on the Senate Intelligence Committee, has been urging CISA to make public the report, "US Telecommunications Insecurity 2022," since July of that year. And while the cyber-agency finally allowed Wyden's staff to read the missive in 2023, the full document has yet to be disclosed to the public. In a statement to The Register, Wyden said he personally asked Jen Easterly to release the document during a phone call last February. However, the then-CISA director "continued to stonewall my requests until she left office."  Wyden also wrote a letter to then-President Joe Biden in February 2024 about flaws in American communications networks that foreign governments are understood to be exploiting to remotely spy on and monitor people's wireless devices. The vulnerabilities exist in that old chestnut, Signaling System Number 7 (SS7) and its pal Diameter, which are protocols used by fixed and mobile network operators to interconnect their networks. These protocols' security weaknesses have been known for years, and allow snoops breaking into telcos or rogue insiders to hijack surveillance targets' text messages and calls and monitor their whereabouts. Wyden wants to see some form of minimum cybersecurity requirements for US wireless carriers to ensure spies aren't abusing SS7 and Diameter implementations to silently keep tabs on Americans via their cellphones. "Surveillance companies and their authoritarian foreign government customers have exploited lax security in US and foreign phone networks for at least a decade to track phones anywhere in the world," Wyden said in the 2024 letter to Biden. Until CISA ends its "multi-year cover up of the phone companies' negligent cybersecurity" – which Wyden also blames for the Salt Typhoon intrusions during which Beijing's spies were in a position to get their hands on millions of citizens' call records, internet activities, and private texts – the senator said he won't let Plankey's nomination move forward. "Congress and the American people have a right to read this report, and until CISA releases it, I must object to this nomination," Wyden said. A CISA spokesperson declined to comment. President Donald Trump last month nominated Plankey to be CISA Director, who needs to be confirmed by the Senate before he can assume the leadership role.  Under Senate rules any one lawmaker can place an unlimited hold on a federal nominee, and this type of blockage can be used as leverage against the executive branch.  Wyden pulled a similar maneuver in 2018, blocking the nomination of Trump's first CISA lead, Chris Krebs, until Homeland Security agreed to hand over information about surveillance on American's mobile devices.