Cybersecurity and Infrastructure Security Agency: Discontinuation of CISA’s mobile app security program untimely, lawmaker says

**Cybersecurity Subcommittee Chair Opposes CISA’s Mobile App Vetting Program Shutdown After Salt Typhoon Attack**

Rep. Andrew Garbarino (R-N.Y.), chair of the House Homeland Security Subcommittee on Cybersecurity, has voiced strong opposition to the planned termination of the Cybersecurity and Infrastructure Security Agency’s (CISA) Mobile App Vetting (MAV) Program. The move follows the Salt Typhoon cyberattack, which targeted U.S. telecommunications firms and impacted federal agencies, raising concerns about mobile device security vulnerabilities.

In a letter to Department of Homeland Security (DHS) Secretary Kristi Noem, Garbarino argued that ending the MAV program would leave a critical gap in assessing mobile device risks and undermine confidence among Federal Civilian Executive Branch (FCEB) agencies, which remain on high alert due to the fallout from Salt Typhoon. He also called for a priority review of CISA’s role as the sector risk management agency for telecommunications, emphasizing the need for stronger oversight in light of recent threats.

Garbarino has demanded that DHS provide a justification for the program’s termination and outline CISA’s updated strategy for securing the telecommunications sector by June 13. The request underscores growing congressional scrutiny over federal cybersecurity measures in the wake of high-profile attacks.

Source: https://www.scworld.com/brief/discontinuation-of-cisas-mobile-app-security-program-untimely-lawmaker-says

Cybersecurity and Infrastructure Security Agency cybersecurity rating report: https://www.rankiteo.com/company/cisagov

"id": "CIS1765251340",
"linkid": "cisagov",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'customers_affected': 'Federal agencies',
                        'industry': 'Telecommunications',
                        'location': 'United States',
                        'name': 'U.S. Telecommunications Firms',
                        'type': 'Corporations'},
                       {'industry': 'Government',
                        'location': 'United States',
                        'name': 'Federal Civilian Executive Branch (FCEB) '
                                'Agencies',
                        'type': 'Government Agencies'}],
 'description': 'The Salt Typhoon hack targeted U.S. telecommunications firms, '
                'impacting federal agencies. This incident has led to concerns '
                "about the cessation of CISA's Mobile App Vetting Program and "
                "prompted a review of CISA's role in the telecommunications "
                'sector.',
 'impact': {'systems_affected': 'Mobile devices'},
 'motivation': 'Espionage',
 'recommendations': "Review CISA's role as a sector risk management agency for "
                    'the telecommunications industry; Justify the Mobile App '
                    "Vetting Program's termination and detail CISA's updated "
                    'plan for the telecommunications industry',
 'references': [{'source': 'CyberScoop'}],
 'response': {'enhanced_monitoring': 'Heightened alert about cybersecurity '
                                     'posture of mobile devices'},
 'threat_actor': 'Salt Typhoon',
 'title': 'Salt Typhoon Hack Impacting U.S. Telecommunications Firms and '
          'Federal Agencies',
 'type': 'Cyber Espionage'}