Congress seeks investigation into SALT Typhoon telecom hack vulnerabilities

The U.S. House Committee on Oversight and Government Reform convened on April 2, 2025, to address critical issues surrounding the security of America's telecommunications infrastructure, particularly in light of the recent Salt Typhoon cyberattack. This incident has been characterized as one of the most severe telecom hacks in U.S. history, with attackers maintaining undetected access for up to 18 months.

The meeting began with discussions on the significant human risks associated with cybersecurity. A study cited during the hearing indicated that 80% of chief information security officers identified human error as the primary concern in securing telecommunications. Witnesses debated the definition of human error, with some suggesting that many issues stem from poor design choices in existing systems.

A call for a thorough investigation into the Salt Typhoon incident was made, emphasizing the need for transparency and collaboration across party lines to address the vulnerabilities exposed by the attack. The committee members expressed a shared goal of understanding the incident's prevalence and implementing measures to prevent future occurrences.

Further discussions highlighted the challenges of information sharing between government agencies and the telecommunications industry. Witnesses pointed out that existing federal laws and regulatory barriers may hinder effective communication regarding cyber threats. The complexities of liability and insurance in the aftermath of cyberattacks were also noted, referencing past incidents like the NotPetya and Colonial Pipeline attacks.

The meeting concluded with a focus on the 2023 national cybersecurity strategy, which was critiqued for its lack of emphasis on deterrence against cyber threats. Experts were called upon to discuss the importance of incorporating deterrence into future strategies to enhance the security of U.S. infrastructure.

Overall, the hearing underscored the urgent need for improved cybersecurity measures and collaboration to safeguard telecommunications from state-sponsored cyberattacks. The committee plans to follow up on the discussions and recommendations made during the meeting.