July 15, 2025

What It Takes to Stop the Next Salt Typhoon

By: Morgan Peirce

This article was originally published on Just Security.

Nearly a year after U.S. agencies identified one of the most severe cyber breaches of U.S. telecommunications companies, domestic cybersecurity is weaker, not stronger. In September 2024, media reports confirmed that Salt Typhoon, a People’s Republic of China (PRC) state-backed cyber group, infiltrated nine major telecommunications providers, compromising data from thousands of users, including U.S. President Donald Trump, Vice President JD Vance, and associates of former Vice President Kamala Harris.

To date, there is no indication that the intrusion has been fully mitigated. Worse, Homeland Security Secretary Kristi Noem recently testified that the administration “still [does not] necessarily know how to stop the next Salt Typhoon.” As Washington dithers, Beijing is wasting no time probing weaknesses in U.S. critical infrastructure. The Trump administration urgently needs a comprehensive cyber defense strategy to raise the cost of intrusions by PRC-backed hackers.

To correct course, the administration must adopt an integrated defense strategy, just as the military uses integrated air and missile defenses.

The Trump administration claims it is addressing the PRC cyber threat, even as it moves to implement policies that undermine cyber defenses. In January 2025, the Trump administration dismissed all members of the Cyber Safety Review Board (CSRB) before it completed its investigation into Salt Typhoon, hindering the government’s ability to address systemic cybersecurity vulnerabilities that led to the breaches. The CSRB previously consisted of multi-agency and multi-sectoral experts and was established by a 2021 executive order to investigate major cybersecurity incidents. As of July 2025, there is no indication the Trump administration has reconstituted the members of the CSRB. While the Federal Communications Commission announced in March that its new Council on National Security will launch an investigation into PRC-backed hackers, it will not consist of multi-agency or industry experts, and is not expected to release a public after-action report. Similarly, the FBI’s April 2025 announcement of a $10 million reward for information on individuals linked to Salt Typhoon is a welcome but insufficient step to ensure both the government and public understand the factors that led to the large-scale compromises in the telecommunications sector.

Read the full article on Just Security.

More from CNAS

View All Reports View All Articles & Multimedia