Cooperate with Salt Typhoon probe, House chairman tells telecoms

The head of the House Homeland Security Committee on Friday urged U.S. telecommunications companies impacted by a sprawling China-linked hack to cooperate with an independent probe of the breach and vowed to push legislation that would confront digital threats posed by Beijing.

The Cyber Safety Review Board (CSRB) will hold its first meeting today on the hacking campaign known as Salt Typhoon. The Biden administration this week said at least eight telecom firms were broken into, while federal officials admitted they still don’t know how the group initially gained access and warned the perpetrators are still in the networks.

In a statement, House Homeland chair Mark Green (R-TN) said the review board’s members “have an immense task ahead of them.”

“There is no doubt that a nation-state sponsored intrusion of this scale and sophistication into internet service providers is unprecedented and unnerving — something hard to say after the discovery of Volt Typhoon, another PRC state-sponsored threat actor,” he said, referring to a cyber campaign in which Chinese hackers burrowed into U.S. critical infrastructure. 

Green noted there is bipartisan “frustration” on Capitol Hill about the scope of the most recent breach.

“I urge affected companies to cooperate in this investigation so we have a comprehensive and thorough understanding of this intrusion, which will position the CSRB to develop potential recommendations for improving overall U.S. telecom network resiliency,” he added.

Green also suggested the CSRB and the Cybersecurity and Infrastructure Security Agency (CISA) “prioritize timely information sharing” with policymakers, as well as the general public and the private sector.

He said his committee would convene a hearing next year to examine the board’s eventual findings and work on legislation to “address the broader cyber threats facing our critical infrastructure.”

The measures — many of which were introduced and at least partially acted on this congressional session — would create a task force on China’s cyber threats, secure maritime ports and bolster the U.S. cyber workforce.

“We face an urgent threat from our adversaries against the technology that underpins our daily lives, and we must be prepared to take decisive action,” Green said.

After a classified hearing on Wednesday, Sen. Ron Wyden (D-OR) said he is working with Mark Warner (D-VA), the current chair of the Senate Intelligence Committee, and others to draft legislation to respond to Salt Typhoon’s activity.

On Thursday, Federal Communications Commission Chairwoman Jessica Rosenworcel released a draft proposal for the agency to regulate the cybersecurity of telecom companies.