What It Takes to Stop the Next Salt Typhoon

This article was originally published on Just Security.

Nearly a year after U.S. agencies identified one of the most severe cyber breaches of U.S. telecommunications companies, domestic cybersecurity is weaker, not stronger. In September 2024, media reports confirmed that Salt Typhoon, a People’s Republic of China (PRC) state-backed cyber group, infiltrated nine major telecommunications providers, compromising data from thousands of users, including U.S. President Donald Trump, Vice President JD Vance, and associates of former Vice President Kamala Harris.

To date, there is no indication that the intrusion has been fully mitigated. Worse, Homeland Security Secretary Kristi Noem recently testified that the administration “still [does not] necessarily know how to stop the next Salt Typhoon.” As Washington dithers, Beijing is wasting no time probing weaknesses in U.S. critical infrastructure. The Trump administration urgently needs a comprehensive cyber defense strategy to raise the cost of intrusions by PRC-backed hackers.

The Trump administration claims it is addressing the PRC cyber threat, even as it moves to implement policies that undermine cyber defenses. In January 2025, the Trump administration dismissed all members of the Cyber Safety Review Board (CSRB) before it completed its investigation into Salt Typhoon, hindering the government’s ability to address systemic cybersecurity vulnerabilities that led to the breaches. The CSRB previously consisted of multi-agency and multi-sectoral experts and was established by a 2021 executive order to investigate major cybersecurity incidents. As of July 2025, there is no indication the Trump administration has reconstituted the members of the CSRB. While the Federal Communications Commission announced in March that its new Council on National Security will launch an investigation into PRC-backed hackers, it will not consist of multi-agency or industry experts, and is not expected to release a public after-action report. Similarly, the FBI’s April 2025 announcement of a $10 million reward for information on individuals linked to Salt Typhoon is a welcome but insufficient step to ensure both the government and public understand the factors that led to the large-scale compromises in the telecommunications sector.

These institutional setbacks are now being compounded by proposed budget cuts that would further erode the federal government’s cyber defense capabilities. On May 30, the Trump administration proposed a 17 percent reduction in the Cybersecurity and Infrastructure Security Agency’s (CISA) budget, including nearly 30 percent of the agency’s positions. The White House claims these cuts will remove duplicative efforts and reduce CISA’s role in combating mis- and disinformation, which many Republicans perceive as “off mission.” However, the budget is proposing to cut substantially beyond these areas, jeopardizing core cybersecurity functions of the agency at the front lines of defending against PRC threat actors in civilian critical infrastructure. The FY26 budget request, for example, proposes a $177.4 million cut to CISA’s “Cyber Operations,” including its Threat Hunting team which provides technical support to local governments and critical infrastructure operators facing sophisticated state-backed cyber threats from China, Russia, and Iran. In 2024, the Chairman of the House Homeland Security Committee praised CISA’s Threat Hunting team for saving “millions of Americans” from a series of cyberattacks carried out by Volt Typhoon that sought to compromise critical infrastructure in the communications, energy, transportation systems, and water and wastewater systems sectors.

Read the full article on Just Security.