Senator Blocks Trump's CISA Director Nominee Over Telecom Security Concerns

Senator Wyden Blocks Cybersecurity Agency Nominee

Democratic Senator Ron Wyden has placed a hold on the nomination of Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency (CISA). This action stems from concerns regarding what Wyden describes as a prolonged concealment of security vulnerabilities within U.S. telecommunications infrastructure.

Report on Telecom Security Weaknesses

According to statements made by Wyden and confirmed by his spokesperson, the senator will prevent Plankey’s confirmation as CISA director until the agency declassifies and releases a report from 2022. This report details identified security shortcomings throughout the nation’s telecom network.

Use of Senate Holds

Senate procedure allows any senator to indefinitely postpone a federal nomination. As reported by Reuters, such holds – or the threat of them – are frequently utilized by lawmakers to secure concessions from the executive branch.

A CISA spokesperson, Scott McConnell, directed inquiries to the White House, which has not yet responded to requests for comment from TechCrunch.

Previous Attempts to Release the Report

Wyden revealed that his staff had previously been granted access to the unclassified report. However, requests to make its findings public were denied. He further stated that he had appealed to both Jen Easterly, the former CISA Director, and President Joe Biden to authorize the report’s release before the change in administration.

Public Right to Information

The senator emphasized the importance of transparency, asserting that the report is a “technical document containing factual information about U.S. telecom security.” He believes the public possesses a legitimate right to access this information.

Connection to Salt Typhoon Hacks

Wyden contends that CISA’s alleged cover-up of cybersecurity negligence by phone companies has tangible repercussions. He specifically referenced the widespread hacking of U.S. phone companies by the Chinese state-sponsored group known as Salt Typhoon, which was exposed last year.

Impact of Cybersecurity Failures

These intrusions enabled hackers to intercept communications, including calls and text messages, belonging to high-ranking American officials. Wyden attributes these breaches to the failure of U.S. phone carriers to adhere to established cybersecurity best practices and a lack of accountability from federal agencies.

Legislative Response

Following the Salt Typhoon attacks, Wyden proposed legislation to mandate specific cybersecurity standards for phone companies. This legislation would also require annual security testing and other preventative measures.

Current State of Telecom Security Standards

Wyden highlighted that, despite these efforts, the federal government still does not enforce minimum cybersecurity standards for U.S. phone companies.