Senators call for investigation of DOD’s comms following Chinese telecom breach

 Senator Ron Wyden speaks during a Senate Finance hearing  on September 17, 2024. Wyden joined Senator Eric Schmitt, R-Mo., in calling for the Pentagon's inspector general to investigate the agency's telecommunications contracts.

Senator Ron Wyden speaks during a Senate Finance hearing on September 17, 2024. Wyden joined Senator Eric Schmitt, R-Mo., in calling for the Pentagon's inspector general to investigate the agency's telecommunications contracts. Valerie Plesch for The Washington Post via Getty Images

“DOD’s failure to secure its unclassified voice, video and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage,” Sens. Eric Schmitt, R-Mo., and Ron Wyden, D-Ore., wrote to the Pentagon’s inspector general.

A bipartisan pair of senators is calling for the Pentagon’s top watchdog to investigate the Department of Defense’s “failure to secure its unclassified telephone communications from foreign espionage” following a Chinese state-backed hacking group’s penetration into U.S. telecom networks.

In a Wednesday letter to DOD Inspector General Robert Storch, Sens. Eric Schmitt, R-Mo., and Ron Wyden, D-Ore., said the extensive spying campaign launched by the group — dubbed Salt Typhoon — underscored the national security concerns of the Pentagon’s reliance on unsecured networks. 

“DOD’s failure to secure its unclassified voice, video and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage,” the lawmakers wrote. “Moreover, although DOD is among the largest buyers of wireless telephone service in the United States, it has failed to use its purchasing power to require cyber defenses and accountability from wireless carriers.”

The missive comes after Salt Typhoon was able to embed itself in up to 80 telecommunications providers in both the U.S. and abroad, with AT&T, Verizon and Lumen among the companies caught up in the espionage campaign. The breach reportedly allowed the hackers to access the communications of roughly 150 high-value targets, including individuals affiliated with President-elect Donald Trump.

Officials with the Cybersecurity and Infrastructure Security Agency and the FBI told reporters on Tuesday that the group’s intrusions were first investigated in late spring and early summer of this year. They added that the hackers have not yet been entirely removed from the penetrated networks. 

Top federal officials are scheduled to hold a classified briefing with senators on Wednesday about the hacking group’s espionage campaign. 

Attached to the lawmakers’ letter were four appendices of information shared by DOD with Wyden’s and Schmitt’s offices, including previous department responses to their questions and a July powerpoint presentation by the U.S. Navy to Wyden’s office. 

The senators said the documents “confirmed that [DOD’s] contracted carriers have significant cybersecurity problems and are vulnerable to foreign surveillance.”

The letter urged the IG to consider whether the Pentagon should renegotiate its existing contracts with wireless carriers “to require them to adopt meaningful cyber defenses against surveillance threats, and if requested, to share their third-party cybersecurity audits with DOD.”

Schmitt and Wyden previously wrote a letter to DOD Chief Information Officer John Sherman in May expressing concerns about the Pentagon’s reported plan to require all of its components to upgrade to the most expensive license for Microsoft’s 365 cloud-based productivity software. 

The senators said at the time that DOD should pursue a multi-vendor approach and noted that a Chinese-linked group was able to exploit a number of vulnerabilities across the tech giant’s email systems last year.