verizon" Robert Fisher SVP Federal Government Relations 1300 Street. NW Washington. DC 20005 October 13, 2017 The Honorable Ron Wyden 221 Dirksen Senate Office Building Washington, DC 20510 Dear Senator Wyden: In response to your September 14, 2017 letter, I want to assure you that Verizon is comprehensively addressing SS7 security issues. As you may know, Verizon started off with fewer vulnerabilities than some service providers because our CDMA mobile network is less susceptible to 557 attacks than networks using the GSM standard. But we recognize the risk 557 vulnerabilities present to all providers and have played an active role in developing and implementing industry best practices on 557 risk reduction. Recent third party-conducted penetration testing of Verizon's mobile network con?rmed a small number of potential SS7 vulnerabilities which we had previously identi?ed and had already mitigated via a reporting/blocking solution provided by our signaling provider. In addition, we are putting in place a signaling ?rewall providing an even higher level of protection. Verizon?s commitment to our network security includes constant review and implementation of important security measures, including home routing on the SMS platform as referenced in your letter. In your letter you also ask whether the US. Department of Homeland Security (DHS) has asked for permission to conduct its own external tests of Verizon?s network or for copies of penetration tests Verizon has done. I am not aware of any such requests. We and other mobile providers routinely work with DHS and other government stakeholders to share information about cyber threats and defenses, and as a vendor to the federal government Verizon is subject to all the obligations and conditions set forth in applicable contracts. Finally, Verizon is committed to identifying and addressing security issues that may arise as we continue to deploy the Diameter protocol in our LTE network. The recently-formed Working Group 3 of the Communications, Security, Reliability and InterOperability Council will address Diameter-related security issues. Verizon will participate in that working group, and we will use the same signaling firewall discussed above to address potential Diameter risks. Verizon looks forward to continuing to work with your office and other stakeholders to address these important issues. Please do not hesitate to contact me with any additional questions. Very truly yours, 2%