July 15, 2025
What It Takes to Stop the Next Salt Typhoon
This article was originally published on Just Security.
Nearly a year after U.S. agencies identified one of the most severe cyber breaches of U.S. telecommunications companies, domestic cybersecurity is weaker, not stronger. In September 2024, media reports confirmed that Salt Typhoon, a People’s Republic of China (PRC) state-backed cyber group, infiltrated nine major telecommunications providers, compromising data from thousands of users, including U.S. President Donald Trump, Vice President JD Vance, and associates of former Vice President Kamala Harris.
To date, there is no indication that the intrusion has been fully mitigated. Worse, Homeland Security Secretary Kristi Noem recently testified that the administration “still [does not] necessarily know how to stop the next Salt Typhoon.” As Washington dithers, Beijing is wasting no time probing weaknesses in U.S. critical infrastructure. The Trump administration urgently needs a comprehensive cyber defense strategy to raise the cost of intrusions by PRC-backed hackers.
To correct course, the administration must adopt an integrated defense strategy, just as the military uses integrated air and missile defenses.
The Trump administration claims it is addressing the PRC cyber threat, even as it moves to implement policies that undermine cyber defenses. In January 2025, the Trump administration dismissed all members of the Cyber Safety Review Board (CSRB) before it completed its investigation into Salt Typhoon, hindering the government’s ability to address systemic cybersecurity vulnerabilities that led to the breaches. The CSRB previously consisted of multi-agency and multi-sectoral experts and was established by a 2021 executive order to investigate major cybersecurity incidents. As of July 2025, there is no indication the Trump administration has reconstituted the members of the CSRB. While the Federal Communications Commission announced in March that its new Council on National Security will launch an investigation into PRC-backed hackers, it will not consist of multi-agency or industry experts, and is not expected to release a public after-action report. Similarly, the FBI’s April 2025 announcement of a $10 million reward for information on individuals linked to Salt Typhoon is a welcome but insufficient step to ensure both the government and public understand the factors that led to the large-scale compromises in the telecommunications sector.
Read the full article on Just Security.
More from CNAS
-
Upcoming Trump-Lee Summit: Modernizing the Alliance by First Reaffirming Long-Standing Principles
Trump and Lee could reaffirm their country’s commitment to the alliance amid shifting security dynamics and agree to modernize it in broad terms to meet the needs of today and...
By Dr. Duyeon Kim
-
Energy, Economics & Security / Technology & National Security
Sharper: Chips and Export ControlsAs competition between the United States and China has intensified, advanced technology has become the latest battlefield. After years of restricting China’s access to advance...
By Charles Horn
-
Technology & National Security
Scaling Laws: The Open Questions Surrounding Open Source AI with Nathan Lambert and Keegan McBrideKeegan McBride, adjunct senior fellow at the Center for a New American Security joins to explore the current state of open source AI model development and associated policy qu...
By Keegan McBride
-
South Korea-U.S. Launch Ulchi Drills as Kim Slams Exercise as “Hostile”
With North Korea's growing alignment with Moscow, plus renewed great-power diplomacy following President Trump's latest call with President Putin, the Korean Peninsula is once...
By Dr. Go Myong-Hyun