The differing responses of current and incoming administration officials to the unprecedented intensity of Chinese cyberattacks on U.S. infrastructure illustrate how the Biden team’s focus on regulation and intelligence-sharing may change under a successor more focused on retribution.
Either way, “It looks as if things are going to get much worse before they get any better,” David Sedney, former deputy assistant secretary of defense for Afghanistan, Pakistan and Central Asia, said Thursday.
News broke Monday of a Beijing-sponsored breach of the U.S. Treasury Department, which Sedney told Alhurra was likely intended to learn about U.S. sanctions on Chinese exporters. In September, the Biden administration added restrictions on Chinese goods, while Donald Trump has floated the idea of tariffs of up to 60 percent.
Sedney said that the Chinese “want to be prepared for what, first, the Biden administration in its closing days does, and then what the Trump administration does, starting on Jan. 20.”
He said that suggests the attacks are likely to grow in scope and sophistication.
Meanwhile, U.S. officials continue to uncover and assess attacks by the Salt Typhoon group, which has breached nine U.S. telecommunications providers via systems used to cooperate with U.S. government surveillance requests, This has given the Chinese government “broad and full” access to Americans’ data and the ”capability to geolocate millions of individuals, to record phone calls at will,” Deputy National Security Advisor for Cyber Anne Neuberger told reporters on Dec. 27.
Still, Neuberger said, Salt Typhoon’s work seems to be aimed mainly at spying on a limited set of specific government officials.
“We believe a large number of individuals were affected by geolocation and metadata of phones; a smaller number around actual collection of phone calls and texts. And I think the scale we’re talking about is far larger on the geolocation; probably less than 100 on the actual individuals,” she said.
But outgoing FBI Director Christopher Wray told an FBI town hall on Dec. 11 that the telecommunications hack was the “most significant cyber espionage campaign in history.”
The Biden administration has said the attacks show why industry should be subject to more mandatory cybersecurity protocols.
“We know that voluntary cybersecurity practices are inadequate to protect against China, Russia, and Iran hacking of our critical infrastructure,” Neuberger said, effectively endorsing an FCC proposal requiring telecommunications companies to better secure their networks.
The administration has also urged increased collaboration between government and private industry to improve monitoring and resilience, while promoting encrypted communications to ward off eavesdropping. These steps are part of a broader push to address vulnerabilities in critical infrastructure exposed by state-sponsored attacks.
In contrast, the Trump team’s approach to cybersecurity—as outlined by Kash Patel, Trump’s prospective nominee for FBI director; and Rep. Mike Waltz, R-Fla., Trump’s pick for national security advisor—combines aggressive countermeasures and proposals to cut back federal cybersecurity capabilities. Patel has argued that the FBI, which has long led the U.S. government’s counterintelligence efforts on domestic territory, should focus on law enforcement.
“We need to decentralize the FBI, close its D.C. headquarters, and get back to basics,” Patel said in a September interview with the “Shawn Ryan Show.”
Waltz has championed the use of offensive cyber operations against adversaries. He has also suggested taking economic measures to punish nation-state actors for cyber intrusions. But since Trump is already talking about higher tariffs, the effect of other sanctions might be muted.
Other incoming Trump team members have suggested reducing cybersecurity regulations on business and shrinking or eliminating government institutions that respond to cyber threats. The Heritage Foundation’s Project 2025 suggests shrinking the Cybersecurity and Infrastructure Security Agency in favor of private sector-led solutions.
Such cutbacks could undermine the FBI’s and CISA’s ability to attribute attacks like those of Salt Typhoon—and therefore make it more difficult to unleash the kind of offensive measures that Waltz suggests.
