Democrat Sen. Ron Wyden has put on hold Sean Plankey’s nomination for the Trump administration to lead the federal government’s top cybersecurity agency, citing “multi-year cover-ups” of security flaws at US telecoms.
In a statement seen in TechCrunch and confirmed by a senator’s spokesman, Wyden said he would block Planky’s nomination until he agreed to release an uncategorized report for 2022, commissioning detailed security weaknesses commissioning uncategorized reports throughout the US telecom network.
Senate rules allow senators to maintain their federal nominations unilaterally and indefinitely. As Reuters noted that first reported holds on Planky’s nomination, lawmakers often use nomination holds or hold threats to demand concessions from the administrative department.
CISA spokesman Scott McConnell introduced his comments in the comments. This is what TechCrunch did not return a request for comment.
In a statement scheduled for Wednesday, Wyden, who works for the Senate Intelligence Reports Committee, said his staff were allowed to read previously uncategorized reports, but efforts to publicly disclose the findings were denied. Wyden said he appealed to then-CISA director Jen Easterly and then-President Joe Biden to release a report before the government changes.
Wyden said the report was “a technical document containing factual information on US communications security.” So this report contains important factual information that the public has the right to see,” he added.
“The multi-year coverage of cybersecurity for CISA’s telco negligence will have real consequences,” Wyden said.
Wyden said the hacking that allowed hackers to sn in calling and text messages from senior American officials was “a direct result of US telephone offices failing to follow cybersecurity best practices, and federal agencies that did not hold these companies responsible for these companies.”
Shortly after the salt typhoon hack, Wyden introduced legislation aimed at requiring telephone companies to implement certain cybersecurity requirements and perform annual testing, among other things.
“The federal government still does not require U.S. telephone companies to meet minimum cybersecurity standards,” Wyden said in his remarks Wednesday.