The Pentagon’s use of unclassified telephones leaves it vulnerable to foreign espionage and the Department of Defense has knowingly chosen insecure communications tech, according to Sens. Eric Schmitt and Ron Wyden.
Mr. Schmitt, Missouri Republican, and Mr. Wyden, Oregon Democrat, are urging the Department of Defense to reconsider its reliance on American telecommunications companies victimized by suspected Chinese hackers.
The bipartisan duo wrote to the department’s inspector general this week requesting an investigation into the department’s failure to secure its communications and to recommend policy changes.
The Defense Department’s “failure to secure its unclassified voice, video and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage,” the senators wrote. “Moreover, although [the Defense Department] is among the largest buyers of wireless telephone service in the United States, it has failed to use its purchasing power to require cyber defenses and accountability from wireless carriers.”
The FBI, the National Security Agency and other federal cyber officials are investigating Chinese hackers suspected of breaching American telecommunications companies, including AT&T and Verizon among others.
Earlier last week, American officials and their counterparts in Australia, Canada and New Zealand issued joint guidance urging the use of strong encryption whenever possible to frustrate hostile hacking attacks.
The Department of Defense, however, has defended its use of unencrypted phones as an acceptable risk, according to Mr. Schmitt and Mr. Wyden.
The senators said the department’s use of unencrypted landline phones and platforms such as Microsoft Teams is hurting the government’s security. The lawmakers pointed to encrypted messaging tools available via Signal, WhatsApp, and FaceTime as safer, superior alternatives that agencies are choosing to ignore.
The senators said Pentagon officials acknowledged that the wireless carriers it works with are vulnerable to foreign surveillance.
“While [the Defense Department] indicated that it has mitigated some of the risks posed by adversaries exploiting some of the carriers’ vulnerabilities through encryption technology, it has also confirmed that other surveillance threats, such as foreign governments’ ability to track the location of specific phones, can only be mitigated by the wireless carriers,” the senators wrote.
The telecommunications companies are not the only ones whose products are making the Department of Defense’s communications vulnerable to foreign spies, critics say.
For example, an unprotected Microsoft Azure server holding approximately three terabytes of government data, including U.S. military emails, was left exposed last year.
The server was not password-protected and exposed emails involving U.S. Special Operations Command, according to discoveries shared with The Washington Times by cybersecurity researcher Anurag Sen.
Anyone who knew where to look would have had access to the unprotected server, and there are many interested parties in the U.S. military’s communications beyond Beijing.
Germany’s Federal Intelligence Service (BND) discussed wiretapping the U.S. military as a way to prevent unwelcome surprises, according to German media. America’s chaotic withdrawal from Afghanistan in 2021 prompted the Germans to consider snooping on American officials.
Some Department of Defense offices have made efforts to better secure their communications, including via the use of a platform known as “Matrix.”
Details about the Navy’s use of Matrix were provided to Congress in July, according to Mr. Schmitt and Mr. Wyden. The duo said the tech is end-to-end encrypted by default, interoperable, not controlled by a single company, and used by multiple NATO allies.
“While we commend DoD for piloting such secure, interoperable communications technology, its use remains the exception; insecure, proprietary tools remain far more widespread within DoD and the federal government generally,” the senators wrote. “The widespread adoption of insecure, proprietary tools is the direct result of DoD leadership failing to require the use of default end-to-end encryption.”
The causes of the insecurities in American telecommunications companies’ services remain under investigation, as federal probes into China’s “Typhoon” hacking groups expand.
A federal board of cyber investigators organized under the Department of Homeland Security started reviewing the breaches afflicting the telecom industry on Friday, according to House Homeland Security Chairman Mark Green.
“While it is essential to protect sensitive information from our adversaries amid an ongoing law enforcement investigation and a widespread mitigation effort, Americans deserve to know if the phone in their pocket is being used as a weapon in [China’s] information war,” Mr. Green said in a statement. “I urge affected companies to cooperate in this investigation so we have a comprehensive and thorough understanding of this intrusion.”
The Senate Commerce Committee is additionally reviewing hackers’ infiltration of U.S. telecommunications systems and it will hold a hearing investigating the security threats to American communications networks later this month.
The Department of Defense declined to comment and referred questions to the inspector general.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.