Following Devastating “Salt Typhoon” Hack, Schmitt and Wyden Call on Pentagon To Aggressively Prioritize Telecom Security in wake of historic Salt Typhoon Attack

Bipartisan Senators Request Defense Department Inspector General Investigate DOD Multibillion-Dollar Wireless Contracts with Major Phone Networks, Despite Known Cyber Weaknesses that Threaten National Security

WASHINGTON – Senator Eric Schmitt and Senator Ron Wyden (D-OR) called for the Defense Department’s top watchdog to investigate the Pentagon’s insufficient efforts to secure its unclassified communications from foreign espionage, following the devastating “Salt Typhoon” hack of major telecom companies by Chinese government hackers:  

“DOD’s failure to secure its unclassified voice, video, and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage. Moreover, although DOD is among the largest buyers of wireless telephone service in the United States, it has failed to use its purchasing power to require cyber defenses and accountability from wireless carriers,” Wyden and Schmitt wrote. “We urge you to investigate DOD’s failure to secure its communications, and to recommend the changes in policy necessary to protect DOD communications from foreign adversaries.”

BACKGROUND:

In a letter to Department of Defense Inspector General Robert Storch, Wyden and Schmitt highlighted the insufficient security measures associated with the DOD’s Spiral 4 commercial telecommunications contract. The senators revealed that DOD informed Congress that it signed a major contract this year, worth up to $2.7 billion, for wireless phone services for DOD civilian and military personnel. Though commissioned by and available to carriers, DOD officials did not review third party audits validating minimal cybersecurity standards.

Last month, the federal authorities confirmed hackers working for the Chinese government breached multiple telecommunications companies and targeted call information for President-elect Trump, Vice President-elect Vance and Senate Majority Leader Schumer, among other high-profile targets.

Schmitt and Wyden raised concerns on the following: 

• DOD has requested copies of independent, third-party cybersecurity audits phone carriers commissioned for their networks, but DOD has been unable to review the audits..
• DOD has not required the sharing of third-party cybersecurity audits commissioned by contracted wireless carriers, nor has it conducted its own cybersecurity audits of carriers. 

• DOD is still evaluating whether it has authority to conduct its own cybersecurity audits for carriers that serve the Pentagon.
• DOD urgently needs to adopt default end-to-end encryption practices for unclassified communications. 

Read the letter here.