Wyden to block Trump's CISA nominee until agency releases report on telecoms’ ‘negligent cybersecurity’

Democratic Sen. Ron Wyden said Wednesday he is blocking the nomination of Sean Plankey to run the Cybersecurity and Infrastructure Security Agency because it has long refused to release an unclassified 2022 report documenting security problems at U.S. telecommunications companies.

Wyden called CISA’s failure to release the report a “multi-year cover up of the phone companies’ negligent cybersecurity.” 

He said he is blocking Plankey until the agency releases the report, which will allow Congress and the public to “better understand the current threats and the need for stronger cyber defenses.”

The Oregon senator, whose staff reviewed the report in 2023, has been imploring CISA to release it since July 2022, his statement said. CISA has said it cannot make the report public because of a “deliberative process privilege,” an excuse Wyden said is bogus.

“This report is a technical document containing factual information about U.S. telecom security,” Wyden’s statement said. 

Because the report does not discuss policy options to counter the threat, Wyden said, the public has a right to see it.

The dust-up comes in the aftermath of revelations about the Salt Typhoon hack in November. That campaign allowed the Chinese government to break into multiple telecommunications companies and steal call records data while also compromising government officials’ private communications.

Vice President JD Vance has said that his and President Donald Trump’s communications were exposed in the hack. 

The national security harms caused by Salt Typhoon are “the direct result of U.S. phone carriers’ failure to follow cybersecurity best practices, such as installing security updates and using multi-factor authentication, and federal agencies failing to hold these companies accountable,” Wyden’s statement said.

Plankey did not respond to a request for comment. CISA referred a request for comment to the White House, which did not immediately respond. Reuters first reported Wyden’s plans to block the nomination.

CISA’s top telecommunications security expert filed a whistleblower complaint about security problems last summer, Wyden said.

Citing his knowledge of privileged materials and “very concerning information,” the CISA official told the Federal Communications Commission that “there have been numerous incidents of successful, unauthorized attempts to access the network user location data of communications service providers operating in the USA,” the statement said, quoting the whistleblower.

The whistleblower told the FCC that foreign surveillance included “the monitoring of voice and text messages” and “the delivery of spyware to targeted devices.”.

U.S. telecommunications companies still do not meet “minimum cybersecurity standards,” Wyden alleged.