Democratic Sen. Ron Wyden has put a hold on the Trump administrationโs nomination of Sean Plankey to head the federal governmentโs top cybersecurity agency, citing a โmulti-year cover upโ of security flaws at U.S. telecommunication companies.
Wyden said in remarks, seen by TechCrunch and confirmed by the senatorโs spokesperson, that he will block the nomination of Plankey to serve as director of the Cybersecurity and Infrastructure Security Agency (CISA) until the agency agrees to release a 2022-dated unclassified report it commissioned detailing security weaknesses across the U.S. telecom network.
Senate rules allow for any serving senator to unilaterally and indefinitely hold up a federal nomination. As noted by Reuters, which was first to report Wydenโs hold on Plankeyโs nomination, lawmakers often use nomination holds โ or the threat of a hold โ to demand concessions from the executive branch.
Scott McConnell, a spokesperson for CISA, referred comment to the White House, which did not return TechCrunchโs request for comment.
In remarks slated for Wednesday, Wyden โ who serves on the Senate Intelligence Committee โ said his staff members were previously permitted to read the unclassified report but that efforts to publicly release its findings were refused. Wyden said he appealed to then-CISA Director Jen Easterly as well as then-President Joe Biden to release the report prior to the change in government.ย
Wyden said the report is a โtechnical document containing factual information about U.S. telecom security โฆ as such, this report contains important factual information that the public has a right to see,โ he added.
โCISAโs multi-year cover up of the phone companiesโ negligent cybersecurity has real consequences,โ said Wyden, referring to the widespread hacking of U.S. phone companies by Chinese spies known as Salt Typhoon, revealed last year.ย
Wyden said the hacks, which allowed the hackers to snoop on calls and text messages of senior American officials, were โthe direct result of U.S. phone carriersโ failure to follow cybersecurity best practices โฆย and federal agencies failing to hold these companies accountable.โ
Soon after the Salt Typhoon hacks, Wyden introduced legislation aimed at requiring phone companies to implement specific cybersecurity requirements, perform annual testing, and more.ย
โThe federal government still does not require U.S. phone companies to meet minimum cybersecurity standards,โ Wyden said in his remarks Wednesday.
