Cyber incident board’s Salt Typhoon review to begin within days, CISA leader says

An independent review board will launch its investigation of an unprecedented Chinese hack of global telecommunications systems later this week, the head of the Cybersecurity and Infrastructure Security Agency said on Wednesday.

Speaking to reporters after a classified briefing for all senators on Wednesday about the breach by the state-sponsored group known as Salt Typhoon, CISA Director Jen Easterly said the first meeting of the Cyber Safety Review Board (CSRB) focused on the ongoing breach will take place on Friday.

“We wanted to make sure that we had a good understanding of what was happening, in terms of the scope and scale, and, quite frankly, most of the agencies who would be involved in the Cyber Safety Review Board are still involved in the incident response,” she said after the closed-door meeting.

“We wanted to make sure we did it before the holidays, so we could start writing out how we think about the problem, and then ultimately, what are the key recommendations that we need to bring forward to enable us to strengthen the security of the telecommunications networks going forward,” she added.

Her remarks came the day after officials from CISA and the FBI acknowledged the China-linked spies are still inside U.S. telecom networks roughly six months after the government began investigating the breach. Officials said Wednesday that as many as eight companies had been breached.

President Joe Biden established the public-private panel, loosely modeled after the National Transportation Safety Board, as part of a sweeping 2021 cybersecurity executive order. It has conducted a handful of investigations but was thrust into the spotlight earlier this year when it issued a scathing review of Microsoft’s cloud security practices.

The White House in October established a “unified coordination group” to deal with the Salt Typhoon hack. That, in turn, started the separate, mandatory CSRB probe but it’s been unclear when it would formally begin.

Easterly said officials “want to make sure we've got a pretty good set of recommendations that can be applied broadly to the telcos, but also other infrastructure that may be using similar [network edge] devices that the actors are taking advantage of to be able to jump into our critical infrastructure.”

She predicted any recommendations likely wouldn’t come out until next spring or summer and wouldn’t be disrupted by the transition to the Trump administration.

“I'm very confident that we will be able to approach it in a deliberate way, but also with the urgency that this particular campaign merits.”

Easterly declined to offer any details about what was discussed behind closed doors but indicated the session was useful.

“I thought it was a very good session, very good questions, but obviously the seriousness of this merits the work that we all are doing across the government," she said.

In addition to Easterly and other CISA officials, lawmakers were briefed by Director of National Intelligence Avril Haines, U.S. Cyber Command and National Security Agency chief Timothy Haugh, Federal Communications Commission Chairwoman Jessica Rosenworcel and representatives from the FBI.