We need to talk about Salt Typhoon By MAGGIE MILLER, ERIC BAZAIL-EIMIL and ROBBIE GRAMER 12/12/2024
Most major U.S. telecommunications providers were hit with one of the worst cyberattacks in the nation’s history, and wide swaths of the population’s privacy has been compromised by Chinese hackers. But despite the lights clearly blinking red, the collective response from Capitol Hill and the public has been mostly muted. The hack, which officials said last week is still ongoing, involves an advanced Chinese government hacking group dubbed Salt Typhoon gaining access to at least 80 U.S. and global telecom providers in recent months. In the process, they managed to tap into the phones of major U.S. officials, including President-elect DONALD TRUMP and Vice President-elect JD VANCE, as well as skim records around U.S. intelligence collection. Hackers had such wide-reaching access that officials warned last week that Americans should only use encrypted communications to prevent the hackers from listening in on their calls or reading their texts. With increased scrutiny, details about the massive global hack are starting to trickle out. Officials said last week that they first discovered the hack in the spring, though the first public announcement from the federal government was in October, with warnings about the sheer scale and ongoing nature of the hacks ramping up the past two weeks. And yet, as your lead NatSec Daily host stood outside a classified briefing for the full Senate last week on Capitol Hill, I was one of only two reporters staked out to question senators as they left on their reactions. The responses were furious and loaded — Senate Intelligence Committee ranking member MARCO RUBIO (R-Fla.) went as far as to say that the hack was “the most disturbing and widespread incursion into our telecommunications systems in the history of the world.” Outside a similar classified hearing about the hack for the full House earlier this week, I was one of only a few reporters waiting outside the briefing. The turnout was even worse for lawmakers, with House Intelligence Committee ranking member JIM HIMES (D-Conn.) saying around 67 members “plus or minus three” attended. “I would have loved to have seen 435, but they have their own autonomy,” Himes acknowledged. The majority of senators appeared to have attended their briefing the week before, but the exact number isn’t known. To this reporter, the relative lack of concern by officials is somewhat baffling. I have covered cybersecurity for the majority of the past decade, and during past major cybersecurity incidents, officials couldn’t talk enough about how they were taking action to protect the nation. Case in point: the SolarWinds hack, which was discovered in late 2020 but had been ongoing for over a year, and allowed the Russian government to access the majority of federal agencies. I spent weeks covering the hack, filing countless stories and talking with dozens of lawmakers, and the incoming Biden administration at the time was forced to put cybersecurity on the front burner from day one. This time around? Crickets. A few lawmakers are putting together legislation to help step up cybersecurity for telecom companies, and the Senate Commerce Committee held a hearing on the topic this week. But overall? The attitude seems to be save it for after the holidays and for the next administration. A federal panel investigating the hack is not expected to produce recommendations until halfway through 2025, and the incoming Trump administration has not yet indicated its next steps on tackling the fallout. The collective shrug around Salt Typhoon can also be seen across the news industry, where headlines about Salt Typhoon are making the rounds in the cybersecurity community, but generally aren’t splashed across front pages. In fairness, the news cycle at the moment is exhausting for reporters and readers alike — there’s a new administration forming, major global conflicts rage on and people are looking to take a break from it all over the holidays. Worrying about a massive and likely devastating global hack does not feel very merry. And many details about the hack — when it happened, who was impacted, the extent of the damage — are slowly emerging and are still not totally clear, making it difficult for the layperson to follow. But Beijing is taking notes on the sluggish U.S. response. At the one Senate Commerce hearing on the topic held Wednesday, JAMES LEWIS, director of the Strategic Technologies Program at the Center for Strategic and International Studies, testified about the need for the U.S. to counter Chinese hacking operations by giving Beijing a taste of its own medicine through U.S. offensive hacking. Otherwise, he warned, China would just keep going. “The Chinese aren’t that interested in making a deal with us. I was there in September and they basically said, ‘You’re on a downhill path, why should we deal with you now?,’” Lewis said of talks around lowering cyberattacks. “I think the first step is to engage, warn them, and take action.” <https://www.politico.com/newsletters/national-security-daily/2024/12/12/we-need-to-talk-about-salt-typhoon-00183727>
