Wyden, Lieu Press FCC to Act on Cybersecurity Vulnerability


Two Democratic lawmakers are asking the Federal Communications Commission to act on a cybersecurity vulnerability potentially impacting telecommunications providers and millions of Americans due to a flaw in a global telephony routing system that leaves consumers open to spying by foreign governments and hackers.

“Cybersecurity has not traditionally been a regulatory priority for the FCC. Left, for the most part, to police itself, the cellular industry has neither adequately addressed these serious cybersecurity vulnerabilities nor warned its customers about the risks they face,” Sen. Ron Wyden (D-Ore.) and Rep. Ted Lieu (D-Calif.) said in a March 28 letter to FCC Chairman Ajit Pai.

The main vulnerability involves Signaling System No. 7, or SS7, a global telephony routing protocol for phone calls and texts exchanged between different carriers. The FCC opened an investigation into the SS7 vulnerability in 2016.

Wyden and Lieu, both outspoken on cybersecurity matters, asked the FCC to take action to “force cellular carriers to take action” on these issues, warn consumers about potential hacking and surveillance threats to their phones and promote end-to-end encryption applications.

They also called for the new Republican FCC chairman to reconvene the Communications Security, Reliability and Interoperability Council (CSRIC). The group’s charter expired March 18, just three days after it released a report noting serious vulnerabilities in both wireless and landline phone networks caused by SS7.

“There is reported evidence of attacks being launched against U.S. carriers by exploiting the available signaling functionality and trusted interconnection that the U.S. telecommunications infrastructure is built on,” the report said.

The FCC “should do their job to address all major cybersecurity vulnerabilities, including this one,” Wyden spokesman Keith Chu told Bloomberg BNA. “The CSRIC report noted that wireline and 5G systems may be vulnerable to similar exploits as the SS7 network, so the FCC should continue to investigate and fix these vulnerabilities with the urgency they require,” he added.

The FCC didn’t immediately respond to a request for comment.