A vulnerability in a key global cellular network is a design flaw beyond the ability of anyone to repair, a Homeland Security official said on Wednesday, though devices with end-to-end encryption capability are able to protect consumers at least in part.
Related Story: http://www.washingtonexaminer.com/article/2588906
“These are design vulnerabilities,” Andy Ozment, the assistant secretary for cybersecurity at DHS, told members of a House Oversight panel. “As the system is designed, you cannot fix it, per se. What you can do is, carriers can monitor their networks for suspicious activity, and then block that suspicious activity.”
Ozment was responding to a question from Rep. Ted Lieu, D-Calif., about a vulnerability in the Signaling System 7 network, a signaling language used by more than 800 telecom companies globally. The flaw, highlighted by Lieu on a “60 Minutes” report on Sunday, allows anyone capable of infiltrating the network to monitor any activity that takes place on any telephone number they can identify.
Though some carriers are in the process of switching to a more secure network, experts say it will take years before that has a noticeable impact.
Related Story: http://www.washingtonexaminer.com/article/2588810
Ozment said that when DHS discovered the issue in 2014, the department notified telecom carriers. “I do share your very deep concern about this,” Ozment told Lieu. “We are using this opportunity, frankly, to reach back out to the carriers and ask them to highlight progress.”
Lieu, who serves on the House Subcommittee on Information Technology, also asked if end-to-end encryption, which shields communication from surveillance while in transit, would help to diminish the threat.
“It would mitigate some aspects of this problem if that were implemented,” Ozment replied. “Other aspects, such as the ability to track location, would not be impacted.”
