Experts See Little Progress After Major Chinese Telecom Hack

Telecommunications ranks among the most vulnerable sectors following Chinese government-backed attacks against U.S. carrier networks that constituted one of the most expansive intrusions in American history – and little has been done to prevent a repeat.

That was the warning from a panel of national security and telecommunications experts who told Wednesday the House Energy and Commerce Committee that the Salt Typhoon hacking represented a failure of the U.S. cyber defenses to protect critical infrastructure. The country has “precious little to show” for all the activity the hackers generated, said Jamil Jaffer, founder and executive director of the National Security Institute, citing measures such as a White House unified coordination group, multiple law enforcement probes and a Cyber Safety Review Board investigation (see: Feds Probe Chinese ‘Salt Typhoon’ Hack of Major Telecoms).

“The stark reality is we are not currently positioned to provide for a comprehensive defense of our nation, nor the global telecommunications systems or networks that American companies help operate,” Jaffer said. “And we do not appear prepared to undertake the actions needed to do so.”

Panelists warned that adversaries have ramped up intelligence operations and artificial intelligence has supercharged data processing – all while the telecom sector has failed to detect real-time threats despite recent gains in public-private information sharing and its own cyber capabilities.

“Despite the telecoms’ significant internal cybersecurity programs, detecting the Salt Typhoon compromise has required an extensive joint government-industry response,” said veteran cybersecurity intelligence analyst Laura Galante, later adding: “We must build a better, more dynamic operational security model than what we have today.”

The panelists noted the Cybersecurity and Infrastructure Security Agency initially detected signs of Chinese hackers targeting U.S. telecommunications through telemetry on government networks. Jaffer called it a “stunning revelation” that CISA may have identified Salt Typhoon threat actors well before telecom firms did, comparing it to the 9/11 Commission’s finding that the U.S. government had anticipated a major terrorist attack and identified specific suspects but failed to share timely, actionable intelligence with those positioned to stop them.

Experts previously told lawmakers in early April that more Chinese nation-state cyberattacks Typhoon are inevitable and that the U.S. needs a major overhaul of its government cyber defenses to stop the next breach targeting telecom networks. They also warned that senior White House officials’ use of unsecured platforms and third-party apps like Signal could further expose top government secrets to foreign adversaries (see: Experts Warn Congress Another Salt Typhoon Attack Is Coming).

Tom Stroup, president of the Satellite Industry Association, told lawmakers Wednesday that “China is closing the gap” in the space sector and making parallel investments across critical infrastructure that “will challenge our national security community while also undermining democracy around the globe.” The global communications sector already relies heavily on Chinese networks, with one recent report showing that key U.S. allies and dozens of mobile providers in 35 countries route sensitive telecom traffic through infrastructure owned and controlled by Beijing (see: Report Warns US Allies Are Using Chinese-Owned Mobile Routes).

“These capabilities will come with backdoor security risks for China to exploit,” Stroup said, urging the U.S. to lead international standards development on spectrum and telecommunications. He warned that if the U.S. fails to act, “China will fill the void,” threatening American national and economic security.