US cyber watchdog has 'no confidence' in security of US emergency cell
network - senator
Send a link to a friend
 [April 12, 2023]
By Raphael Satter
WASHINGTON (Reuters) - America's cybersecurity watchdog has no
confidence that the cellular network used by American first responders
and the military is secure against digital intrusions, U.S. Senator Ron
Wyden said in a letter released Wednesday.
The letter from the Oregon Democrat, a member of the intelligence
committee, was addressed to the National Security Agency (NSA) and the
Cybersecurity and Infrastructure Security Agency (CISA). It concerns
FirstNet, a dedicated mobile network for public safety officials such as
emergency workers, firefighters and law enforcement.
Wyden's staff was told by an unidentified CISA expert last year that
"they had no confidence in the security of FirstNet, in large part
because they have not seen the results of any cybersecurity audits
conducted against this government-only network," the letter said,
arguing that it was time for the authority to share its internal audits
with CISA, NSA and Congress.
CISA declined to comment, saying it would respond to Wyden directly. NSA
did not immediately return messages seeking comment. An employee of
FirstNet, which was built by AT&T Inc, referred questions to the
telecommunications company, which in turn referred questions to a
FirstNet executive. The executive didn't immediately return messages
late on Tuesday.
Wyden's letter makes reference to Signaling System No. 7 (SS7), a
decades-old protocol that allows international cellular networks to
exchange information - for example when cell phone users are roaming.
The protocol can easily be abused, security experts say, allowing spies
or hackers to intercept text messages or pinpoint users' real time
locations.
[to top of second column]
|
Senator Ron Wyden (D-OR) speaks during
the Senate Finance Committee hearing on the nomination of Chris
Magnus to be the next U.S. Customs and Border Protection
commissioner, in the Dirksen Senate Office Building on Capitol Hill
in Washington, DC, U.S., October 19, 2021. Mandel Ngan/Pool via
REUTERS
Although the security problems with SS7 are well-documented, Wyden
said the lack of clarity around the safety measures at FirstNet -
which was set up in the wake of the Sept. 11, 2001 attacks to
provide a robust line of communication for first responders - was
particularly worrying.
"These security flaws are also a national security issue,
particularly if foreign governments can exploit these flaws to
target U.S. government personnel," his letter said.
Gary Miller, an expert on mobile network security with the
University of Toronto-based Citizen Lab, said that Wyden's concerns
were well founded, adding that he too was worried by the "very
troubling" opacity around audits.
Wyden called on FirstNet to share any security audits with the NSA
and CISA or - alternatively - for the government to commission
audits of its own.
The Federal Communications Commission, the White House, and the
Office of Management and Budget - all of whom were copied on the
letter - did not immediately respond to requests for comment.
(Reporting by Raphael Satter; Editing by Jamie Freed)
[© 2023 Thomson Reuters. All rights
reserved.]This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
