Printed from

Senator issues warning about US emergency cell network security

Posted On: Apr. 12, 2023 10:25 AM CST

Sen. Ron Wyden

(Reuters) — The U.S. cybersecurity watchdog has no confidence that the cellular network used by American first responders and the military is secure against digital intrusions, U.S. Senator Ron Wyden said in a letter released Wednesday.

The letter from the Oregon Democrat, a member of the intelligence committee, was addressed to the National Security Agency and the Cybersecurity and Infrastructure Security Agency. It concerns FirstNet, a dedicated mobile network for public safety officials such as emergency workers, firefighters and law enforcement.

Mr. Wyden's staff was told by an unidentified CISA expert last year that "they had no confidence in the security of FirstNet, in large part because they have not seen the results of any cybersecurity audits conducted against this government-only network," the letter said.

It argued that it was time for the authority to share its internal audits with CISA, NSA and Congress.

FirstNet said in a statement that it “prioritized cybersecurity in the planning for the public safety broadband network, and it continues to be a top priority for us today.”

The organization, which was built by AT&T Inc., went on to say that its defense strategy “goes well beyond standard commercial network security measures.”

CISA declined to comment, saying it would respond to Mr. Wyden directly. NSA did not return messages seeking comment.

Mr. Wyden said the lack of clarity around the safety measures at FirstNet — which was set up in the wake of the Sept. 11, 2001, attacks to provide a robust line of communication for first responders — was particularly worrying.

“These security flaws are also a national security issue, particularly if foreign governments can exploit these flaws to target U.S. government personnel,” he said.

The Federal Communications Commission, the White House, and the Office of Management and Budget — all of whom were copied on the letter — did not immediately respond to requests for comment.