Two U.S. senators want the Pentagon to take sufficient steps to protect service members' communications as the U.S. government counters China's continued hacking efforts targeting major U.S. cell phone and internet companies. They are accusing the government of not taking proper precautions. The senators argue that the Pentagon remains overly reliant on traditional landline calls and unencrypted cell phone calls and text messages, leaving them vulnerable to snooping by foreign spies. .
Democratic Sen. Ron Wyden of Oregon and Republican Sen. Eric Schmidt of Missouri are among those most recently accused of infiltrating and spying on major U.S. telecommunications providers, including AT&T and Verizon. It points to threats such as the Chinese government's spy group known as Typhoon. American.
“The widespread adoption of insecure proprietary tools is due to the failure of Defense Department leaders to require the use of default end-to-end encryption, a cybersecurity best practice, and the failure of Pentagon leaders to require the use of default end-to-end encryption, which is a cybersecurity best practice, as well as the widespread adoption of insecure proprietary tools.” “This is a direct result of the failure to prioritize communications security when evaluating communications security,” the senators said in a bipartisan letter to the Pentagon's government watchdog agency. “The Department of Defense has failed to protect unclassified voice, video, and text communications with end-to-end encryption technology, leaving them needlessly vulnerable to foreign spies.”
The senators also pointed to a weakness that Pentagon officials are still vulnerable to: a decades-old system still used by phone companies around the world to route phone calls and text messages and routinely exploited for espionage. It also mentions the previous protocol, SS7, and its successor protocol, Diameter. Telcos around the world have yet to adopt new ways to protect text messages during regular calls and transfers.
Wyden and Schmidt urge the Pentagon to reconsider its contracts with U.S. carriers and instead “renegotiate with contracted wireless carriers to implement meaningful cyber defenses against surveillance threats.” and to share third-party cybersecurity audits upon request with the Department of Defense.” ”
The senators' letter includes two white papers the Pentagon sent to Mr. Wyden's office, one in early July and one in October, that describe the department's cyber They are answering a series of questions about their security posture.
In response to questions about SS7, the Pentagon's chief information officer acknowledged that the Pentagon agrees that SS7 and Diameter are not secure, saying there is “limited protection” against the carrier's own weaknesses. They wrote, “As such, Department of Defense-managed mobile solutions encrypt and protect data in transit.” Passive collection. ”
At the same time, the CIO wrote that the Department of Defense does not conduct its own audits, relying instead on audits contracted out by the telecommunications providers themselves or third parties. However, the Department of Defense does not review these audits because it believes carriers protect them as privileged attorney-client information.
The CIO also noted that the Department of Defense disables roaming or denies SS7 and Diameter traffic, even for DoD users from Russia, China, and other high-risk countries known for cyberattacks on cell phones. He admitted that he had not done so.
Jeffrey Castro, a spokesperson for the Pentagon Inspector General, told TechCrunch that the watchdog agency received the letter and is reviewing it.