U.S. Telecom Cybersecurity: A Year After Salt Typhoon, Little Action from Congress

A year after the discovery of the Chinese state-sponsored hacking group Salt Typhoon within American telecom networks, the U.S. Congress and federal agencies have taken minimal concrete steps to prevent future intrusions. During a recent Senate Commerce Committee hearing, the primary solution proposed was to enhance information sharing between the government and the telecom industry. However, no binding regulations or specific technical measures were announced. The presence of Salt Typhoon in telecom networks underscores the significant risk to the integrity and confidentiality of critical communications infrastructure. Telecom networks are essential to national security and economic stability, and their compromise can have far-reaching consequences across multiple sectors. The lack of substantive action from Congress and federal agencies highlights a critical gap in the regulatory and policy framework for protecting critical infrastructure from state-sponsored threats. While improved information sharing is a positive step, it is insufficient to counter the sophisticated and persistent nature of advanced persistent threats (APTs) like Salt Typhoon. From an expert perspective, information sharing must be complemented by actionable measures such as mandatory security standards, regular audits, and rapid response protocols. The absence of binding regulations and specific technical measures indicates a reactive approach to cybersecurity, which is inadequate against advanced and persistent threats. Organizations in the telecom sector should not await regulatory mandates but should proactively enhance their security posture by implementing robust detection and response capabilities. The government must establish clear, enforceable cybersecurity standards for critical infrastructure to ensure a baseline level of protection against advanced threats.