Ron Wyden: Phone network for military and first responders potentially vulnerable to foreign hackers

Sen. Ron Wyden is warning about potential security risks in the phone network for first responders and the military, FirstNet, saying it leaves Americans vulnerable to foreign hackers.

The Oregon Democrat said hackers and foreign spies exploit flaws in the tech used by phone companies to exchange info, and he was particularly concerned about FirstNet.

FirstNet was created in the aftermath of the Sept. 11, 2001, terror attacks for public safety officials to communicate with one another, and Mr. Wyden said the network is operated by AT&T under contract with the U.S. government.

A Cybersecurity and Infrastructure Security Agency official first alerted Mr. Wyden’s team to the potential cyber problem last year, according to a letter from Mr. Wyden to the leadership of the National Security Agency and CISA on Wednesday.

Mr. Wyden wrote that the official told his staff that they lacked confidence in FirstNet because they had not seen any cyber audits of the network.

The senator said his team learned AT&T had gathered independent audits of FirstNet but was unwilling to share them with CISA, NSA, Congress, and other federal agencies.

“Concealing vital cybersecurity reporting is simply unacceptable,” Mr. Wyden wrote in the letter. “As the lead agencies responsible for the government’s cybersecurity, CISA and NSA need to have access to all relevant information regarding the cybersecurity of FirstNet, and Congress needs this information to conduct oversight.”

Mr. Wyden said CISA and NSA should conduct their own annual audits of FirstNet and share results with Congress and the Federal Communications Commission. He wrote that the agencies should tell him if they lack the resources or authority to conduct the audits so lawmakers can address the issue.

CISA spokesman Scott McConnell declined to comment on Mr. Wyden’s letter and said CISA would respond to the senator directly.

AT&T declined to comment.

A FirstNet Authority spokesperson said FirstNet prioritized cybersecurity in the planning of its public safety broadband network and the security is designed to go well beyond standard commercial network safety measures. The spokesperson said the FirstNet Authority performs reviews of the network and would continue to work with AT&T and governmental partners to deliver a secure and reliable service.