This is incredible. The Chinese state-affiliated Salt Typhoon group has penetrated Verizon’s systems and is snooping on the calls of both Republican and Democrat candidates for president as well as other senior political figures. The intruders may still be inside.
This is an example of how incredibly vulnerable we are because we maintain a distinction between government and the private sector, which China doesn’t. American private sector entities that own and operate most of our critical infrastructure don’t want to spend the money to completely harden their systems because that would hurt their profits. And we have been taught that profits are the only thing that matter to a private sector company. As MikeMcLaughlin and I wrote in BattlefieldCyber, those private sector companies want the government to take responsibility for national security. But government cannot do it without full cooperation from the private sector, which fears government intervention. It’s a Catch 22 of gigantic proportions.
With that as background, the statement made by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) is intriguing. They said they “are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyberdefenses across the commercial communications sector.” It will be fascinating to see if they can do that–even if it is five to 10 years too late.