Salt Typhoon Exposes US Cyber Vulnerabilities

Senior White House officials revealed in late 2024 that an extensive cyberattack had compromised U.S. telecommunications firms, including AT&T, Verizon, and T-Mobile, and secure government communications networks. Officials linked the attack, known as Salt Typhoon, to the People’s Republic of China and stated that it had likely remained undetected for up to two years, impacting multiple countries.

Beyond its government and corporate effects, the breach exposed critical infrastructure, including emergency response and energy systems, to future disruptions, posing a serious threat to public safety. Since uncovering the attack, U.S. officials have struggled to manage its fallout and mount an effective response, but it is not too late for the Trump administration to act.

Salt Typhoon exemplifies the growing threat of state-sponsored cyberattacks that endanger U.S. security, global democracy, and international stability. Acknowledging these dangers, the first Trump Administration emphasized decisive action in the 2018 National Cyber Strategy, calling for urgent repercussions against cyber aggressors.

However, efforts to develop and enforce effective policies remain fragmented. To strengthen U.S. cybersecurity leadership and effectively counter cyber threats, the administration should enhance interagency coordination with a central cybercrime database, collaborate with the private sector to address cybersecurity gaps in critical infrastructure, standardize data breach reporting, and build international coalitions for global cyber norms.

First, the administration should strengthen interagency coordination through a joint cybercrime database and collaborate with the private sector to enhance incident response. Many federal law enforcement agencies track cybercrime, but fragmented coordination leads to inconsistent data collection.

Despite a 2022 congressional mandate for standardized cybercrime categories, the federal government still lacks a central cybercrime data repository. This lack of coordination and centralized data impedes effective response efforts, limiting the ability to track trends, allocate resources efficiently, and identify emerging trends. A unified system would enable more timely and accurate analysis, allowing cybersecurity exports to improve the United States' cyber defense strategy.

Second, Congress should pass a law establishing uniform standards for classifying, tracking, and responding to cybercrime and reporting data breaches, preempting the patchwork of state requirements. Differing state laws create inconsistent requirements for when firms should report data breaches and how they should respond. This variability results in redundancies for businesses operating across multiple states and inefficiencies for law enforcement and federal agencies. Combined with a central cybercrime database, uniform data breach reporting will streamline data collection.

Third, the administration should increase Department of Homeland Security (DHS) funding for its State and Local Cybersecurity Grant Program (SLCGP) to address cybersecurity vulnerabilities in critical infrastructure. For fiscal year 2024, DHS allocated $280 million for critical infrastructure cybersecurity renovations. However, the Government Accountability Office’s High-Risk Series 2024 report warns that the security of federal systems and critical infrastructure and the privacy of sensitive data remains severely at risk.

In 2010, the report recommended 126 policy solutions for critical infrastructure; however, as of 2024 only 49 percent (62 out of 126) recommendations have been implemented even as the frequency of cyberattacks continues to rise. DHS should prioritize addressing the most vulnerable infrastructure, such as outdated electrical grids in metropolitan areas, medical institutions, and air travel.

Finally, the administration should lead global efforts to deter future cyberattacks. While the UN Framework of Responsible State Behavior for a Secure Cyber Environment sets global norms for cybersecurity, it fails to define clear consequences for violators. As a result, the norms provide little deterrence.

To address this shortcoming, the administration should spearhead the formation of an international coalition that enables collective responses to state-backed cyberattacks. Not only should this response include joint statements exposing state-sponsored aggression to delegitimize perpetrators and incentivize compliance with norms, but it should also include punitive and escalating economic consequences against repeat offenders.

The 2024 Salt Typhoon cyberattack on U.S. telecommunications and government networks highlights the growing scale and severity of state-sponsored cyber threats. The Trump administration should act swiftly to address known vulnerabilities and establish stronger deterrence. Ensuring accountability for cyber aggression is not only about defending U.S. interests but ultimately about securing a stable and cooperative digital future for the world.