America’s cybersecurity watchdog has no confidence in the security of the FirstNet cellular network, which is used by first responders and the military.
This is according to US Senator Ron Wyden, who raised his concerns in a letter to National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA).
According to Reuters, Wyden’s letter recounted how his staff was told by an anonymous CISA expert that “they had no confidence in the security of FirstNet, in large part because they have not seen the results of any cybersecurity audits conducted against this government-only network.”
Wyden’s letter also requested FirstNet to share its internal audits with CISA, NSA, and Congress, Reuters reported.
A member of the intelligence committee, the senator cited longstanding concerns over the vulnerability of the protocol, Signaling System No. 7 (SS7), which enables global cellular networks to exchange information, such as when phone users are roaming.
Experts have warned that the protocol is easily exploitable, according to Reuters, as it can allow spies or hackers to intercept text messages or pinpoint users’ real-time locations.
Gary Miller, a mobile security researcher at Citizen Lab, echoed Wyden’s concerns and said that there is a “very troubling” lack of transparency around audits.
Patrick Flynn, a cybersecurity company Trellix executive, agreed and said it was reasonable for FirstNet to share its security information with the government.
Responding to the senator’s concerns, the FirstNet Authority said in a statement that it had prioritized cybersecurity in planning for the public safety broadband network, adding that its defense strategy “goes well beyond standard commercial network security measures.”
“It continues to be a top priority for us today,” the statement said further.
The FirstNet cell network was established after the 9/11 attacks and is used by public safety officials such as emergency workers, firefighters, and law enforcement.
What are your thoughts on this story? Feel free to comment below.