December 04, 2024

Following Devastating “Salt Typhoon” Hack, Wyden and Schmitt Call for Investigation of the Pentagon’s Failure to Secure its Phone Systems Against Foreign Spies

Bipartisan Senators Request Defense Department Inspector General Investigate DOD Multibillion-Dollar Wireless Contracts with Major Phone Networks, Despite Known Cyber Weaknesses, Threatening National Security

Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., and Senator Eric Schmitt, R-Mo., called for the Defense Department’s top watchdog to investigate the Pentagon’s failure to secure its communications from foreign spies, following the devastating “Salt Typhoon” hack of major telecom companies by Chinese government hackers. 

In a letter to Department of Defense Inspector General Robert Storch, Wyden and Schmitt highlighted the DOD’s failure to secure its communications from foreign spies. The senators revealed that DOD informed Congress that it signed a major contract this year, worth up to $2.7 billion, for wireless phone services for U.S. military personnel, even though DOD knew that the phone companies’ networks were vulnerable to foreign surveillance.

Last month, the FBI and the Cybersecurity and Infrastructure Security Agency confirmed hackers working for the Chinese government breached multiple telecommunications companies and targeted call information for President-elect Trump, Vice President-elect Vance and Senate Majority Leader Schumer, among other high-profile targets.

“DOD’s failure to secure its unclassified voice, video, and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage. Moreover, although DOD is among the largest buyers of wireless telephone service in the United States, it has failed to use its purchasing power to require cyber defenses and accountability from wireless carriers,” Wyden and Schmitt wrote. “We urge you to investigate DOD’s failure to secure its communications, and to recommend the changes in policy necessary to protect DOD communications from foreign adversaries.”

Wyden and Schmitt revealed multiple concerning new details about DOD’s inability and unwillingness to protect soldiers and civilian employees who rely on wireless phone networks, in their letter today:

  • DOD has requested copies of independent, third-party cybersecurity audits phone carriers commissioned for their networks, but the carriers refused to produce those audits, citing attorney-client privilege, according to DOD.
  • DOD is still evaluating whether it has authority conduct its own cybersecurity audits of carriers that serve the Pentagon.
  • In August, DOD claimed that unencrypted phone lines did not pose an unnecessary risk and declined to adopt a policy banning use of unencrypted phone lines by DOD personnel.

Read the full letter here.

###