CISA caves to Wyden, agrees to release US telco insecurity report - but won’t say when The US Cybersecurity and Infrastructure Security Agency on Tuesday finally agreed to make public an unclassified report from 2022 about American telecommunications networks' poor security practices. "CISA intends to release the US Telecommunications Insecurity Report (2022) that was developed but never released under the Biden …
Just like bug reports/zero-days - too much info in public at the wrong time can just tell the bad guys what's vulnerable to attack.
Anyone in the government maybe should see it. But making it totally public could be a different thing.
Not an opinion on this specific report - just a general observation.
While I agree in principle, the Telcos will have been warned of the results of the report back when it was created. Being generous, that means they've had three years to get their acts together on beefing up security. Being a bit less generous, they almost certainly knew of the risks long before 2022 but did nothing about it because it would hit their bottom line for no tangible benefit to them. They probably have still not done anything about it in the hope that Wyden would be stalled indefinitely (and may still be, since Trump still has to sign off on this)
(Is there a way in US law for the Congress and Senate to enact a law even if El Presidente refuses to sign it, eg if they "pass" and submit it three times, it happens anyway?)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
