Hearing Wrap Up: U.S. Federal Agencies Need Proactive Cybersecurity Strategy to Counter State-Sponsored Threats

WASHINGTON—Today, the Subcommittee on Military and Foreign Affairs held a hearing on “ Salt Typhoon: Securing America’s Telecommunications from State-Sponsored Cyber Attacks.” During the hearing, members examined cyber espionage efforts by state-sponsored groups, including Salt Typhoon, and their threats to our nation’s critical infrastructure and Americans’ personal information. Members agreed that the U.S. cannot remain in a reactive “damage control” posture but must take proactive steps to ensure federal agencies responsible for cybersecurity work seamlessly together, and with private industry, to deliver a unified response to emerging threats.

Key Takeaways:

Cyber espionage efforts by state-sponsored groups such as Salt Typhoon threaten our nation’s critical infrastructure and Americans’ personal information.

• In late 2024, the Chinese state-sponsored hacking group, Salt Typhoon, conducted a deep infiltration of U.S. telecommunications companies and collected real-time data on prominent American politicians. Salt Typhoon continues to actively search for vulnerabilities in U.S. telecommunications systems in hopes of exploitation, disruption, and collection.

• Josh Steinman, CEO of Galvanick, stated in his testimony, “For years, America’s intelligence chiefs have warned Congress of critical infrastructure vulnerabilities. Those warnings became concrete with the 2024 revelation of operations ‘Volt Typhoon’ and ‘Salt Typhoon,’ highlighting China’s deep penetration into our industrial systems. Chinese cyber forces quietly occupy positions inside American telecommunications, transportation, water, power, and defense manufacturing systems— ready to unleash devastating disruptions designed explicitly to shake American resolve during a crisis over Taiwan.”

• Dr. Edward Amoroso, CEO of TAG Infosphere Inc. and a research professor at New York University, testified, “The recent actions by the Chinese state-sponsored group Salt Typhoon represent not just another chapter in the long story of cyber espionage—they are a turning point. The targeting of our telecommunications infrastructure and the real-time collection of sensitive data on U.S. political leaders must be recognized for what it is: a full-spectrum assault on the trust and integrity of our democratic systems.”

Despite frequent attacks on critical infrastructure, U.S. intelligence agencies have been in a “damage control” posture instead of a proactive approach.

• Dr. Edward Amoroso, CEO of TAG Infosphere Inc and a research professor at New York University, stated, “We will not solve this challenge by playing defense alone. We cannot rely solely on reactive ‘damage control’ strategies that wait for the next breach before moving. Instead, we must fundamentally shift our approach. And I believe this pivot begins with research and development, with a bold, national investment in artificial intelligence-driven cybersecurity.”

• Subcommittee Chairman William Timmons (R-S.C.) stated in his opening statement, “The ‘damage control’ posture of the previous administration has left us vulnerable to these state-sponsored cyber attacks. Instead of merely reacting after breaches occur, we must be forward-thinking and resolute.”

U.S. government agencies, in collaboration with private industry, must take decisive action to upgrade cybersecurity measures and hold foreign state actors accountable.

• Congress must ensure that the agencies responsible for cybersecurity are working seamlessly together with each other and with private industry to enable a cohesive response to threats.

• Josh Steinman, CEO of Galvanick, stated, “Government cannot easily dictate how private industry operates generally. But critical infrastructure is different—justified clearly by national security. President Trump’s second term provides an opportunity to rebuild American industry securely from day one. America can no longer afford to fake resilience. Infrastructure not designed to operate during conflict is ultimately a threat to our national security. The hour is late—but it’s not too late to transform America’s vulnerabilities into genuine resilience, safeguarding our prosperity, security, and freedom.”

Member Highlights:

Rep. William Timmons (R-S.C.), chairman of the Military and Foreign Affairs Subcommittee, discussed with witnesses the threat state-sponsored groups pose to our nation’s critical infrastructure and the appropriate response.

Rep. Andy Biggs (R-Ariz.) questioned witnesses about what steps must be taken to harmonize cybersecurity regulations and how U.S. federal agencies can leverage AI to enhance cybersecurity.

Rep. Eli Crane (R-Ariz.) questioned witnesses about state-sponsored attacks against our energy grid and how AI can be used to protect critical U.S. infrastructure.

Rep. John McGuire (R-Va.) discussed with witnesses the need to overhaul our cybersecurity strategy to better address threats.

CLICK HERE to watch the hearing