Two U.S. senators are sounding the alarm over the Department of Defense’s (DOD) failure to secure military communications against foreign intelligence agencies. Amid an aggressive Chinese hacking campaign targeting major American telecommunications infrastructure, lawmakers argue that the DOD’s reliance on outdated, unencrypted phone and internet protocols leaves personnel dangerously exposed to global espionage.
The Growing Threat of Foreign Espionage
Senator Ron Wyden (D-OR) and Senator Eric Schmitt (R-MO) issued a bipartisan challenge to the DOD, highlighting the catastrophic risks posed by groups like Salt Typhoon. This Chinese-linked espionage collective has been accused of infiltrating major U.S. carriers, including AT&T and Verizon, to monitor American communications.
In a formal letter to the DOD’s watchdog, the senators pointed to a systemic failure in leadership. They contend that the department has neglected to mandate end-to-end encryption—a fundamental cybersecurity standard—across its unclassified voice, video, and text platforms.
Vulnerabilities in Legacy Protocols
The core of the issue lies in the continued use of legacy telecommunications standards. The DOD remains tethered to:
- SS7 (Signaling System No. 7): A decades-old protocol used globally to route calls and texts, frequently exploited by state-sponsored actors.
- Diameter: The successor to SS7, which also lacks the necessary security features to withstand modern cyber-surveillance.
The senators are calling for the DOD to renegotiate contracts with wireless carriers, demanding that these providers implement robust cyber defenses and share third-party security audits with the government. Currently, the DOD relies on provider-led audits but admits it has not reviewed them, as carriers often shield this data under attorney-client privilege.
DOD Admits to Security Gaps
In correspondence with Senator Wyden’s office, the DOD’s Chief Information Officer (CIO) conceded that SS7 and Diameter are fundamentally insecure. While the department claims to utilize encrypted mobile solutions to protect data in transit, it also admitted to significant lapses in operational security:
- The DOD has not disabled roaming or rejected traffic from SS7 and Diameter, even for users stationed in high-risk nations such as Russia and China.
- The department has failed to conduct independent security audits of its telecommunications partners.
Jeffrey Castro, a spokesperson for the DOD’s inspector general, confirmed that the office has received the senators’ letter and is currently conducting a formal review of the allegations.