By Raphael Satter WASHINGTON (Reuters) - America's cybersecurity watchdog has no confidence that the cellular network used by American first responders and the military is secure against digital intrusions, U.S. Senator Ron Wyden said in a letter released Wednesday.
By Raphael Satter
WASHINGTON (Reuters) -America’s cybersecurity watchdog has no confidence that the cellular network used by first responders and the military is secure against digital intrusions, U.S. Senator Ron Wyden said in a letter released on Wednesday.
The letter from the Oregon Democrat, a member of the intelligence committee, raised concerns about the FirstNet mobile network to the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA).
FirstNet, set up in the wake of the Sept. 11, 2001 attacks, is used by public safety officials such as emergency workers, firefighters and law enforcement.
Wyden’s staff was told by an unidentified CISA expert last year that “they had no confidence in the security of FirstNet, in large part because they have not seen the results of any cybersecurity audits conducted against this government-only network,” the letter said.
It argued that it was time for the authority to share its internal audits with CISA, NSA and Congress.
The FirstNet Authority responded in a statement that it “prioritized cybersecurity in the planning for the public safety broadband network, and it continues to be a top priority for us today.” The organization, whose network was built by AT&T Inc, added that its defense strategy “goes well beyond standard commercial network security measures.”
CISA declined to comment. NSA did not return messages seeking comment. The Federal Communications Commission, White House, and Office of Management and Budget did not immediately respond to requests for comment.
Wyden’s letter invoked longstanding concerns about the vulnerabilities in Signaling System No. 7 (SS7), a decades-old protocol that allows global cellular networks to exchange information, for example when phone users are roaming. The protocol can easily be abused, security experts say, allowing spies or hackers to intercept text messages or pinpoint users’ real-time locations.
Gary Miller, a mobile security researcher at the University of Toronto-based Citizen Lab, said he too was worried by the “very troubling” opacity around audits.
Patrick Flynn, an executive with cybersecurity company Trellix who has written about FirstNet, said it made sense for FirstNet to share security information with the government.
“The senator is not making an unreasonable request,” he said.
(Reporting by Raphael Satter; Editing by Jamie Freed, Alexander Smith and Richard Chang)
Reuters, the news and media division of Thomson Reuters, is the world’s largest international multimedia news provider reaching more than one billion people every day. Reuters provides trusted business, financial, national, and international news to professionals via Thomson Reuters desktops, the world's media organizations, and directly to consumers at Reuters.com and via Reuters TV. Learn more about Thomson Reuters products: