Ron Wyden, a Democratic Senator from Oregon, has placed a hold on the nomination of Sean Plankey to serve as director of the Cybersecurity and Infrastructure Security Agency (CISA). Wyden is demanding the release of critical, unclassified information regarding security threats to U.S. phone networks. The Senator’s move follows repeated requests that CISA has allegedly ignored, calling for the agency to disclose details essential to public understanding of vulnerabilities—particularly in the wake of China’s ‘Salt Typhoon’ cyber operation targeting American networks.
A Senate hold blocks unanimous consent to speed up consideration of a nomination and forces the body to spend time debating and voting on the nominee.
“CISA’s multi-year cover-up of the phone companies’ negligent cybersecurity has real consequences,” Wyden wrote in a Wednesday media statement, citing the Salt Typhoon hack in a statement announcing the hold. “This espionage incident, and the harm to U.S. national security caused by it, were the direct result of U.S. phone carriers’ failure to follow cybersecurity best practices, such as installing security updates and using multi-factor authentication, and federal agencies failing to hold these companies accountable.”
Wyden argued that increased transparency about U.S. telephone network security will increase pressure on the government and phone companies to take action.
“The federal government still does not require U.S. phone companies to meet minimum cybersecurity standards,” Wyden wrote. “While it is too late to prevent the Salt Typhoon hack, there is still time to prevent the next incident.”
He also noted federal inaction on telephone network security has enabled foreign governments to repeatedly spy on Americans, threatening U.S. national security. “Most notably the 2024 hack of several U.S. communications companies, including Verizon and AT&T, by a Chinese hacker group dubbed Salt Typhoon, which tapped the calls of President Trump, Vice President Vance, and scores of other federal officials, tracked the locations of millions of Americans, and reportedly stole phone call records about a vast number of Americans.”
Wyden has repeatedly asked CISA to release the unclassified report titled ‘U.S. Telecommunications Insecurity 2022,’ but was stonewalled by the agency.
The Office of the Director of National Intelligence (ODNI) had its 2025 Annual Threat Assessment report mentioned that it expects that the People’s Republic of China (PRC) will likely continue to be in a position of advantage in a potential conflict with the U.S. The PRC will continue trying to press Taiwan on unification and will continue conducting wide-ranging cyber operations against U.S. targets for espionage and strategic advantage. China will likely struggle to constrain the activities of PRC companies and criminal elements that enable the supply and trafficking of fentanyl precursors and synthetic opioids to the U.S., absent greater law enforcement actions.
Last month, Republican members of the U.S. House Committee on Homeland Security approached the Department of Homeland Security (DHS) to request information and documents regarding the federal government’s response to extensive cyber intrusions by ‘Volt Typhoon‘ and ‘Salt Typhoon,’ two advanced persistent threat actors supported by the People’s Republic of China (PRC). The members sought information on when DHS and the CISA first became aware of the threats and damages caused by these intrusions and asked for a timeline of CISA’s responses to these events.
In November, the U.S. Congressional Research Service confirmed that state-sponsored hackers from the People’s Republic of China (PRC), identified as part of the Salt Typhoon group, infiltrated major U.S. telecommunications companies. These attacks are part of a recurring pattern targeting the communications sector due to its critical infrastructure role and valuable data.
While specific targeted methods and systems remain undisclosed, reports suggest the hackers may have sought access to surveillance systems used by law enforcement and intelligence agencies, potentially aiming to intercept sensitive communications.
