Experts are urging the U.S. government to ramp up its efforts to counter communist China’s cyber espionage, in the wake of a massive hack of U.S. telecommunication networks by the Chinese state-sponsored cyber threat group Salt Typhoon.
“It is clear from recent events that China, and frankly, for that measure, Moscow and Tehran, don’t feel like they’ve found America’s pain point yet when it comes to cyber in terms of an expected imposed cost or expected actions on the part of the U.S. government.”
Mulvenon said the United States has “done a lot of deterrence through denial,” such as equipment and software upgrades. However, said the United States has not pursued deterrence through punishment against China for its hacking activities.
Punishment could come in the form of imposing costs on China in any realm, Mulvenon said, adding that the “world is waiting” for the United States to respond to the latest Chinese hacks.
“Cyber deterrence comes down to a response policy by Cyber Command and the other elements of the U.S. government in terms of imposing costs on the Chinese side such that it changes their calculus of the expected value of future attacks and intrusions,” Mulvenon said.
Mulvenon said the United States does have the capabilities to respond, including cyber tools.
‘Actually Do Something’
Another witness at the hearing was James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies. Lewis recommended that Washington adopt a two-pronged strategy to confront the Chinese regime’s cyber threats, which involves issuing a warning to Beijing, followed by taking action.“You need to start by telling the Chinese: ‘This is unacceptable. You’ve gone too far, and if you don’t stop, we’re going to take action now,’” Lewis said.
“The next step is to actually do something.”
Lewis said the Cyber Command or the National Security Agency could develop a “menu of responses,” including going after China’s attack infrastructure in cyberspace.
“And then go back to the Chinese and say we weren’t kidding. Now, do you want to talk?” Lewis said.
Salt Typhoon is not the only Chinese state-backed cyber threat group that U.S. authorities have identified in recent months.
Lewis said Salt Typhoon is not an isolated incident but part of a “larger Chinese campaign to systematically exploit global telecommunications networks.”
The Dec. 11 hearing was convened by Sen. Ben Ray Luján (D-N.M.), chair of the Subcommittee on Communications, Media and Broadband. Among those who attended the hearing included Sens. Jerry Moran (R-Kan.), Ted Cruz (R-Texas), and John Hickenlooper (D-Colo.).
“Everyone on this committee is a target” of Salt Typhoon, Lewis told the lawmakers.
When it comes to what the American people should know about Salt Typhoon, Lewis said: “We’re not on the winning side of the scoreboard here in the telecommunications and cyber espionage battle,“ and the ”services they depend on, whether it’s delivery from a company or the phone or the electricity, are all at risk and are all potentially being held hostage by a hostile foreign power.”
