Senators urge DOD watchdog to probe ‘failure to secure’ communications amid Salt Typhoon hacks
In the wake of Chinese hackers’ alarming breach of multiple telecommunications companies, a bipartisan pair of U.S. senators on Wednesday asked the Defense Department’s top watchdog to scrutinize how the agency is shoring up its communications against spying.
The Pentagon’s “failure to secure its unclassified voice, video, and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage,” Sens. Eric Schmitt (R-MO) and Ron Wyden (D-OR) wrote in a letter to DOD Inspector General Robert Storch.
“Moreover, although DOD is among the largest buyers of wireless telephone service in the United States, it has failed to use its purchasing power to require cyber defenses and accountability from wireless carriers,” they added.
“We urge you to investigate DOD’s failure to secure its communications, and to recommend the changes in policy necessary to protect DOD communications from foreign adversaries.”
The missive comes the day after officials from the FBI and Cybersecurity and Infrastructure Security Agency (CISA) admitted that — months after discovering the breach by the state-sponsored group known as “Salt Typhoon” against U.S. telecommunications companies and internet service providers — they have been unable to kick the perpetrators out.
“Given where we are in discovering the activity, I think it would be impossible for us to predict a time frame on when we’ll have” the hackers evicted, Jeff Greene, executive assistant director for cybersecurity at CISA, said.
Schmitt and Wyden, who serve on the Senate Armed Services and Intelligence committees, respectively, noted that DOD hasn’t received independent cybersecurity audits of phone carriers that utilize and serve its networks, and the department is unsure if it has the authority to carry out its own reviews of those entities.
“The responsibility for such failures cannot and should not be pinned on low-level procurement officials, but rather, reflects a failure by senior DOD leadership to prioritize cybersecurity, and communications security in particular,” they wrote.
The Biden administration will brief the full Senate on the Salt Typhoon hacks on Wednesday. The classified session is meant to bring all policymakers up-to-speed on the scope of the unprecedented hack, according to congressional sources.
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.