Democratic Sen. Ron Wyden has put a hold on the Trump administration’s nomination of Sean Plankey to head the federal government’s top cybersecurity agency, citing a “multi-year cover up” of security flaws at U.S. telecommunication companies.
Wyden said in remarks, seen by TechCrunch and confirmed by the senator’s spokesperson, that he will block the nomination of Plankey to serve as director of the Cybersecurity and Infrastructure Security Agency (CISA) until the agency agrees to release a 2022-dated unclassified report it commissioned detailing security weaknesses across the U.S. telecom network.
Senate rules allow for any serving senator to unilaterally and indefinitely hold up a federal nomination. As noted by Reuters, which was first to report Wyden’s hold on Plankey’s nomination, lawmakers often use nomination holds — or the threat of a hold — to demand concessions from the executive branch.
Scott McConnell, a spokesperson for CISA, referred comment to the White House, which did not return TechCrunch’s request for comment.
In remarks slated for Wednesday, Wyden — who serves on the Senate Intelligence Committee — said his staff members were previously permitted to read the unclassified report but that efforts to publicly release its findings were refused. Wyden said he appealed to then-CISA Director Jen Easterly as well as then-President Joe Biden to release the report prior to the change in government.
Wyden said the report is a “technical document containing factual information about U.S. telecom security … as such, this report contains important factual information that the public has a right to see,” he added.
“CISA’s multi-year cover up of the phone companies’ negligent cybersecurity has real consequences,” said Wyden, referring to the widespread hacking of U.S. phone companies by Chinese spies known as Salt Typhoon, revealed last year.
Wyden said the hacks, which allowed the hackers to snoop on calls and text messages of senior American officials, were “the direct result of U.S. phone carriers’ failure to follow cybersecurity best practices … and federal agencies failing to hold these companies accountable.”
Soon after the Salt Typhoon hacks, Wyden introduced legislation aimed at requiring phone companies to implement specific cybersecurity requirements, perform annual testing, and more.
“The federal government still does not require U.S. phone companies to meet minimum cybersecurity standards,” Wyden said in his remarks Wednesday.
