More than a year after the “worst telecom hack in our nation’s history” occurred, the top Democrat on the Senate Intelligence Committee says he still receives contradicting reports on whether the threat has ended.
Senate Intelligence Committee Vice Chairman Mark Warner (D-VA), a former telecom venture capitalist, told reporters at a Defense Writers Group event on Friday that he still gets “conflicting” assessments from various intelligence agencies on whether the China-linked hacking group known as Salt Typhoon can still access the data from nine of the largest U.S. telecommunication companies.
“I believe they’re still inside. Some parts of our government think we’ve got them out. They have not shown us,” he said. “I had conflicting information.”
Salt Typhoon allowed China to monitor virtually every phone call, listen in at will, read unencrypted text messages, and geolocate mobile phone users. It was able to target senior government officials, including then-President-elect Donald Trump and Vice President-elect JD Vance.
The Virginia senator said there were those who report that they have not observed “recent evidence of exfiltrating information” and others who have come to opposing viewpoints.
U.S. officials have warned that Beijing could be focused on pre-positioning itself to launch crippling cyberattacks in the event of a future conflict with the United States. The energy and cyber grid are interwoven into nearly all aspects of critical infrastructure, from powering hospitals to digital communications to the digital banking system America now relies upon.
Warner said he was surprised when the news of the Salt Typhoon attack was first revealed, that it didn’t dominate headlines and news networks.
“I don’t know why there’s no more public outcry, other than the fact that maybe Americans believe, you know, everybody’s listening to everything, and we’re spying on Americans, which we are not,” he said. “But it is baffling to me that this is not a bigger issue. And I kind of feel like we have to wait for another catastrophic event.”
The Senate Committee on Commerce, Science, and Transportation’s Subcommittee on Telecommunications and Media held a hearing last week on how to best defend America’s communications networks.
“These attacks highlight the vulnerabilities in our communications networks, which provide the foundation of trillions of dollars of economic activity. So, how do we secure our communications networks, which serve as the underpinnings of our modern digital society? We can either lean forward, leveraging flexible cyber standards to support our nation’s economy and security, or we can sit back and wait for the inevitable next attack to happen,” Debra Jordan, former chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau, told lawmakers during the Dec. 2 hearing.
In January, during the final days of the Biden administration, the FCC issued a pair of new regulations that would have interpreted a decades-old law in a way that would make telecommunication companies legally obligated to protect their communications from unauthorized interception and would have required these companies to submit annual verification of their cybersecurity plans.
The FCC overturned those decisions in late November, saying that previous decisions “were based in part on flawed legal analysis and proposed ineffective cybersecurity requirements.”
Support for the FCC’s decision was largely split along party lines in the Dec. 2 hearing.
Senate Commerce Committee Chairman Sen. Ted Cruz (R-TX) and telecommunications subcommittee chairwoman Sen. Deb Fischer (R-NE) backed the reversal, while Sen. Ben Ray Lujan (D-NM), the top Democrat on the subcommittee, was very critical of the decision.
“The unfortunate fact is that we are at war in the cyber domain. Today, it is a low-level war. Our adversaries are coming after us day in and day out. The attacks on our system and our communication infrastructure are constant. China, for one, has engaged in a wide-scale effort to penetrate every aspect of American, America’s telecommunications infrastructure,” Jamil Jaffer, executive director of the National Security Institute at George Mason University, said during the hearing.
Warner argued that the federal government needs a more substantial offensive cybersecurity strategy as well.
“I think we need a reexamination of our cyber offense doctrine. I think we are still operating in a kind of [19]80s, [19]90s time frame, and defense alone can never — we can’t be successful with defense alone,” Warner said. “I think we ought to have a more offensive cyber doctrine. And the thing that’s been frustrating is, if we had an articulated bipartisan offensive doctrine, one, I think it made us better protected, but two, would actually give this president more ability.”
