The United States must strengthen its defenses against cyber threats, lawmakers urged during a Senate hearing on Wednesday, following revelations of a massive Chinese hacking campaign dubbed “Salt Typhoon.” The attack allegedly targeted American telecommunications companies, stealing vast amounts of U.S. call metadata and compromising critical infrastructure.
Senator Ben Ray Luján, chair of the telecom subcommittee, called the breach “the largest telecommunications hack in our nation’s history.” He added, “There’s a lot that we still don’t know about the damage, but what we do know is that more must be done to prevent attacks like this.” Republican Senator Ted Cruz echoed the urgency, describing the breach as an assault by a state actor on U.S. infrastructure and warning that similar incidents could follow. He emphasized the need to address vulnerabilities in communications networks.
The Federal Communications Commission (FCC) is already taking steps to bolster cybersecurity. Chairwoman Jessica Rosenworcel recently proposed requiring telecom companies to certify annually that they have robust plans to counter cyberattacks. Luján insisted that federal agencies must fully implement existing recommendations to secure the nation’s networks.
Beyond defense, some senators called for a shift in strategy. Republican Senator Dan Sullivan questioned why briefings focused solely on defensive measures, asking, “What about offense? What about deterrence?”
The scope of the Salt Typhoon breach is staggering. At least eight U.S. telecommunications and infrastructure firms were affected, and attackers reportedly accessed telephone audio intercepts and metadata, according to the White House. U.S. officials have identified the perpetrators as state-sponsored hackers targeting companies like Verizon, AT&T, and Lumen Technologies.
The incident also reignited debates about the security risks posed by Chinese-made telecom equipment. The House is voting on an annual defense bill that allocates $3.1 billion to help U.S. telecom companies remove hardware from firms like Huawei and ZTE. However, the Federal Communications Commission estimates the cost of replacing insecure equipment to be $4.98 billion, leaving a funding gap Congress has yet to address.
China has denied involvement in the hacking campaign, dismissing the allegations as disinformation and reiterating its opposition to all forms of cyberattacks and theft. However, U.S. officials maintain that the Salt Typhoon operation represents a sophisticated and sweeping cyberespionage effort.
The Salt Typhoon hack highlights the urgent need for a stronger U.S. cybersecurity strategy. Relying solely on defense leaves critical infrastructure vulnerable, while the lack of funding to replace insecure telecom equipment shows a dangerous gap in priorities. Lawmakers’ calls for offensive deterrence are crucial—adversaries must face consequences for such breaches. Without decisive action, incidents like this risk becoming the norm.
