Democratic Senator Ron Wyden is holding up the Trump administration’s nomination of Sean Plankey to lead the federal government’s cybersecurity agency, citing what he describes as a long-running cover-up of major security flaws within U.S. telecom networks.
Wyden, a senior member of the Senate Intelligence Committee, is blocking Plankey’s appointment as director of the Cybersecurity and Infrastructure Security Agency (CISA) until the agency agrees to release a long-buried report from 2022. The report, which remains unclassified but withheld from the public, allegedly details critical cybersecurity weaknesses across U.S. telecommunications providers.
The senator’s office confirmed his remarks, in which he argues that the public deserves transparency around these vulnerabilities—especially after a series of high-profile intrusions attributed to Chinese state hackers, known as Salt Typhoon. These breaches reportedly allowed foreign intelligence to intercept the communications of senior U.S. officials.
Despite the report being unclassified, Wyden said that CISA, under its former leadership and even after direct appeals to then President Joe Biden, has refused to make its findings public. Wyden emphasized that the document is strictly technical in nature, containing factual details that reveal how poor cybersecurity practices have put national security at risk.
“The public has a right to see this report,” Wyden said. “It’s a technical document that exposes telecom companies’ negligence—and hiding it only benefits those who failed to do their jobs.”
Under Senate rules, any senator has the authority to place an indefinite hold on a presidential nominee. Wyden is using this procedural tool to press the executive branch into releasing the report, a move that Reuters first reported.
In response to TechCrunch’s request for comment, a CISA spokesperson directed inquiries to the White House, which has so far remained silent on the matter.
Wyden pointed to the Salt Typhoon cyberattacks as a real-world consequence of government and corporate failures. He said these breaches—enabled by carriers’ failure to adopt basic cybersecurity protections—allowed Chinese spies to monitor calls and text messages from U.S. officials without detection.
He didn’t stop at criticism. Following the Salt Typhoon revelations, Wyden introduced legislation designed to establish baseline cybersecurity requirements for telecom companies. His bill calls for mandatory standards, regular security testing, and increased oversight—protections he says are still lacking.
“The federal government still does not require U.S. phone companies to meet minimum cybersecurity standards,” Wyden stated, calling the current system a recipe for future security failures.
