Pentagon under scrutiny for telecom security after Chinese cyber breaches

The Pentagon’s inspector general is launching a comprehensive investigation into the Department of Defence’s handling of unclassified telephone communications, particularly in light of recent breaches by Chinese-backed hackers.

The probe, which aims to address the department’s failure to secure communications from foreign espionage, was confirmed by Jaryd Bern, assistant inspector general for legislative affairs and communications, in a March 20 letter to Senators Ron Wyden and Eric Schmitt, Caliber.Az reports via foreign media.

The investigation will examine three key areas where the Pentagon relies on commercial telecommunications devices and services. Bern outlined that the IG will first review the Pentagon’s Spiral 4 contract, which covers the purchase of mobile communication devices and services. This part of the probe will focus on the security requirements of the contract, how well those requirements are enforced, and potential vulnerabilities, including issues with the SS7 telephony protocol, which has been a longstanding concern in telecom security.

Following this review, the inspector general’s office will shift its attention to evaluating the encryption of unclassified data and voice communications, specifically in collaboration tools used by the Pentagon. The third aspect of the inquiry will address the use of end-to-end encryption for unclassified voice communications, particularly concerning the traditional Plain Old Telephone System (POTS), which has been largely replaced by Voice over Internet Protocol (VoIP) services in many parts of the Department of Defence.

Senator Wyden welcomed the investigation, criticizing the Pentagon’s prior decisions. "The Department of Defense knew every major wireless carrier was vulnerable to foreign hacks before it agreed to spend billions with Verizon, AT&T, and T-Mobile. It is disgraceful that DOD failed to even require the companies to adopt minimum cybersecurity defenses or turn over copies of their 3rd party audits," Wyden said.

He also applauded the IG’s decision to examine the Pentagon’s use of collaboration software like Microsoft Teams, which, according to Wyden, "does not use end-to-end encryption by default, leaving DOD communications vulnerable to foreign hacks."

The Pentagon had not responded to requests for comment at the time of publication. This investigation comes after China-backed hackers from the Salt Typhoon group reportedly infiltrated up to 80 US and international telecommunications providers, gaining access to communications of approximately 150 high-value targets, including individuals associated with then-President-elect Donald Trump. Wyden and Schmitt had called for the inquiry in December, urging the IG to examine the Pentagon’s cybersecurity lapses following these breaches.

By Vafa Guliyeva