The chairman of the House Homeland Cybersecurity Subcommittee is concerned about the Department of Homeland Security’s decision to wind down a program that scans mobile applications used by federal workers for security flaws, warning the move could weaken the government’s cyber posture amid rising digital threats from foreign adversaries.
In a letter sent Thursday to DHS Secretary Kristi Noem, Rep. Andrew Garbarino, R-N.Y., said the planned termination of the Cybersecurity and Infrastructure Security Agency’s Mobile App Vetting program sends “the wrong signal” to federal agencies and the private sector and could create blind spots.
The MAV program provides technical vetting of both federal and commercial apps installed on government-issued devices. According to CISA, the initiative is designed to help agencies mitigate the risks posed by mobile devices, which frequently are prime targets for cyber espionage, credential theft and surveillance.
Garbarino questioned why DHS would end such a program now, especially in the wake of the recently discovered Salt Typhoon hacks, where Chinese state-backed hackers infiltrated multiple telecom providers in the U.S. and around the world.
“A wide range of applications have connections to servers in China, Russia and Belarus, among other locations, and they can potentially access government private data, track government employees’ location, and exhibit other malicious behaviors,” he wrote, citing a 2023 oversight report showing that potentially dangerous apps were loaded onto Immigration and Customs Enforcement phones. CyberScoop first reported the letter.
Garbarino also used the missive to raise questions about CISA’s performance as the Sector Risk Management Agency for the U.S. communications sector, requesting a briefing by June 13 to better understand DHS’s rationale for discontinuing funding for the MAV program, how the agency weighed associated costs and risks and what plans are in place to either replace or compensate for the program’s loss. He is also pressing DHS for an update to CISA’s National Communications Sector-Specific Plan, last revised in 2015.
DHS says it does not publicly reply to congressional inquiries.
CISA, faced with downsizing efforts in the second Trump administration, has levied cuts across its enterprise, including to certain contracts and about a third of its workforce. Critics argue the reductions would leave the U.S. in a more vulnerable position in cyberspace.
