Senator Reports “No Confidence” In Emergency Call System

Last week, Oregon Senator Ron Wyden raised concerns that the cellular network used by the military and first responders is not secure against digital intrusions, Reuters reported.

In a letter to the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), Senator Wyden said an identified CISA expert told his staff last year that the cybersecurity watchdog has “no confidence in the security” of the FirstNet mobile network largely because CISA has “not seen any cybersecurity audits conducted” against the network.

FirstNet, which was established after the 9/11 terrorist attacks, is used by public safety officials like law enforcement, firefighters, and emergency workers. The network was built by AT&T Inc.

In his letter, Wyden called on the FirstNet Authority to share its cybersecurity audits with Congress, CISA, and the NSA.

In a statement responding to Senator Wyden’s letter, the FirstNet Authority said in planning for the public safety broadband network, it “prioritized cybersecurity” which remains a “top priority” for the authority today. It maintained that its cyber-defense strategy “goes well beyond standard commercial network security measures.”

Wyden’s letter is the latest in a long string of concerns voiced about the possible vulnerabilities in SS7 (Signaling System #7), a decades-old protocol that enables global cellular networks to exchange information, most notably when cell phone users are roaming.

Security experts say the SS7 protocol can be easily abused to allow hackers or spies to pinpoint the real-time locations of users or intercept text messages.

Mobile security researcher Gary Miller of the University of Toronto’s Citizen Lab told Reuters that he was also concerned about the “very troubling” lack of transparency about FirstNet’s cybersecurity audits.

Patrick Flynn from cybersecurity company Trellix, who has written about the FirstNet mobile network, told Reuters that Senator Wyden’s request is not unreasonable and it is sensible for FirstNet to share its security information with the federal government.