DHS issues internal comms guidance amid telecom breach investigation

Pavlo Gonchar/SOPA Images/LightRocket via Getty Images

The DHS Cyber Safety Review Board is already slated to investigate the hacking collective, dubbed Salt Typhoon, and its intrusion into telecommunications firms and wiretap infrastructure.

The Department of Homeland Security’s chief information officer issued internal guidance to all agency staff on Friday reminding employees to only use DHS-assigned devices for official business, according to email text obtained by Nextgov/FCW. The email was sent amid an ongoing governmentwide investigation into a Chinese infiltration of U.S. telecommunications systems.

DHS CIO Eric Hysen also advised staff to only use Microsoft Teams to communicate whenever possible and to be cautious about phone calls and SMS text messages. The notice comes amid recent sweeping Chinese infiltration into a slew of telecommunications firms and infrastructure tied to court-authorized wiretap requests via a group dubbed Salt Typhoon, though the email does not explicitly mention the hacking collective or its recent intrusions.

The Wall Street Journal on Thursday reported that the Consumer Financial Protection Bureau’s Office of the Chief Information Officer advised staff to cease phone usage for work-related matters, though the agency later said that it had not been compromised by the hackers. 

A DHS spokesperson did not immediately respond to a request for comment.

Representatives from the U.S. intelligence community yesterday briefed congressional committees about the breaches.

The Department of Homeland Security has previously confirmed its Cyber Safety Review Board will lead an investigation into the breaches, triggered by the creation of a Unified Coordination Group that’s conducting a full-scale government response to the breach.

Salt Typhoon infiltrated several telecom companies including AT&T, Lumen, Verizon and others. It’s possible the group embedded into the telecom systems around eight months ago, the Wall Street Journal previously reported.

A person familiar with Salt Typhoon described the collective as “exceptionally talented” with members who are very skilled and patient. The person, who spoke on the condition of anonymity to relay their knowledge about the infiltration, said that the targeted telecommunications data is high-grade intelligence that any nation-state adversary would want access to.

It remains unclear whether other surveillance systems, such as those governed by the Foreign Intelligence Surveillance Act, were penetrated in the hacks. Data from those networks could provide Beijing with insights into U.S. overseas intelligence targets.

“If you want to know what diplomats are thinking, it’s in their email, it’s in their texts. And that’s the kind of stuff that I think people have always targeted,” Kevin Mandia, who founded the eponymously named threat intelligence firm Mandiant, told Nextgov/FCW last month.

The infiltrations are “really concerning,” former NSA director Gen. Paul Nakasone said in a recent interview. “The scope and the scale of allegedly being in American telecommunications companies — that’s a different ballgame,” he said. “I think the follow on question now is, okay, what are we doing about it?”

The breach has called into question the security standards governed by the Communications Assistance for Law Enforcement Act, or CALEA, which requires carriers to engineer their systems to allow for law enforcement entities to wiretap them for surveillance.

Under current standards, the Federal Communications Commission says that such companies can develop their own solutions tailored to their networks, purchase solutions from their equipment manufacturers or rely on a third party to determine whether they are compliant with CALEA. Some cyber experts say it’s time for those standards to be overhauled