A pair of bipartisan senators is pushing for the investigation of the Defense Department’s (DoD) “failure to secure its unclassified telephone communications from foreign espionage,” according to a letter sent Wednesday to DoD Inspector General Robert Storch.
Sens. Eric Schmitt, R-Mo., and Ron Wyden, D-Ore., said the extensive spying campaign launched by the Chinese-affiliated hacking group – dubbed Salt Typhoon – underscored the national security concerns of the Pentagon’s reliance on unsecured networks.
In early October, a report from the Wall Street Journal revealed that Salt Typhoon may have accessed the wiretapping systems that carriers AT&T, Verizon, and Lumen maintain for the benefit of law enforcement agencies.
Last month, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) confirmed Salt Typhoon’s recent hacks in the United States, noting that they have had a “limited” impact on “individuals who are primarily involved in government or political activity.”
On Tuesday, CISA and FBI officials told reporters that they are “still figuring out just how deeply and where they’ve penetrated,” noting that they have not fully evicted the Chinese hackers from the networks.
“DoD’s failure to secure its unclassified voice, video, and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage,” the lawmakers wrote. “Moreover, although DoD is among the largest buyers of wireless telephone service in the United States, it has failed to use its purchasing power to require cyber defenses and accountability from wireless carriers.”
Attached to the lawmakers’ letter were four appendices of information shared by the Pentagon with the senators, including previous department responses to their questions and a July PowerPoint presentation by the Navy.
Sens. Wyden and Schmitt said the documents “confirmed that [DoD’s] contracted carriers have significant cybersecurity problems and are vulnerable to foreign surveillance.”
The letter urged the IG to consider whether the Pentagon should renegotiate its existing contracts with wireless carriers – including AT&T and Verizon – “to require them to adopt meaningful cyber defenses against surveillance threats, and if requested, to share their third-party cybersecurity audits with DoD.”
