U.S. Cybersecurity on High Alert Amid Rising Threats from China

Cybersecurity rarely dominates daily headlines, yet behind the scenes, U.S. government officials are increasingly focused on the escalating digital threats facing the nation, particularly those emerging from China.

Earlier this year, the chair of the House Committee on Homeland Security declared cybersecurity a “top priority.” Former FBI Director Christopher Wray has similarly highlighted Chinese cyber intrusions as the “defining threat of our generation.” The bipartisan concern is grounded in a series of significant breaches, including the alarming discovery in December 2024 that hackers connected to the Chinese government infiltrated the U.S. Treasury Department’s computer systems.

In her Senate confirmation hearing, Kristi Noem, Secretary of the Department of Homeland Security, underscored cybersecurity as a “rising threat,” demanding urgent attention. Despite these acknowledgments, critics argue that the Trump administration’s early cybersecurity actions—including layoffs and disbanding oversight boards—may have inadvertently undermined existing defenses.

The Cyber Threat Landscape

American cybersecurity vulnerabilities span both the public and private sectors. According to recent global CEO surveys, cyberespionage and data breaches rank among the top business concerns. Meanwhile, ransomware incidents surged by 74% in 2023, with the U.S. bearing the brunt of these attacks.

Further complicating the U.S. cybersecurity posture is a critical shortage of approximately half a million cybersecurity workers, although emerging artificial intelligence tools may partially offset this deficit.

Foreign actors continue to challenge U.S. cybersecurity. Last summer, hackers linked to Iran’s Islamic Revolutionary Guard Corps successfully breached a presidential campaign’s confidential data. In October, officials thwarted Russian cyberattacks targeting the Defense and State Departments.

Yet, China remains the dominant player, with U.S. authorities asserting that Chinese cyberattacks outnumber those from Russia, North Korea, and Iran combined. Often using contracted “hackers for hire,” groups tied to Beijing infiltrate key U.S. data and infrastructure networks to seek vulnerabilities that could be exploited strategically.

Prominent Cyber Threat Groups: Salt Typhoon and Volt Typhoon

Two major Chinese-backed hacking entities—Salt Typhoon and Volt Typhoon—have been identified as significant threats by U.S. intelligence and cybersecurity firms.

Salt Typhoon has been active since at least 2022, targeting major U.S. telecom companies like Verizon and AT&T. Although immediate risks to average citizens may seem limited, cybersecurity expert Dr. Richard Forno highlights the strategic implications: successful breaches of telecommunications infrastructure could significantly disrupt essential services and national security.

Volt Typhoon represents a more insidious threat. Since 2023, this group has infiltrated critical U.S. infrastructure, embedding dormant malware in transportation, water, and energy systems. Security officials warn these breaches could be activated strategically, for instance, if China sought to immobilize U.S. responses during a potential conflict such as an invasion of Taiwan.

Trump’s Cybersecurity Policy: An Offensive Strategy?

The Trump administration appears to lean toward an aggressive cybersecurity posture. National Security Adviser Mike Waltz has proposed harsher consequences for nations engaging in cyberattacks. Sean Plankey, the new head of the Cybersecurity and Infrastructure Security Agency (CISA), echoed this stance, indicating plans for “more pointed measures at our adversaries.”

However, President Trump’s controversial actions have also sparked criticism. His decision to dissolve the Cyber Safety Review Board, a key oversight body established under Biden, raised eyebrows, particularly because the board was investigating Salt Typhoon-related breaches. Additionally, layoffs at CISA, including those working on major cyber threats, sparked backlash. Although some employees were later rehired under probationary status, these disruptions created uncertainty about ongoing cybersecurity operations.

Further controversy arose after Air Force General Timothy Haugh, who led both the National Security Agency and Pentagon’s Cyber Command, was abruptly removed from his position without an official explanation, fueling concerns about instability within critical security roles.

Concerns Over Government Cybersecurity Practices

Recent incidents have cast doubt on the administration’s adherence to cybersecurity best practices. A group text involving senior defense officials, including Defense Secretary Pete Hegseth, inadvertently included a journalist and leaked sensitive details of a planned military strike. Despite assurances, experts pointed to significant vulnerabilities in using commercial messaging apps like Signal, known targets for Russian hackers.

Moreover, accelerated access for Department of Government Efficiency (DOGE) employees to sensitive government databases, without clear adherence to security protocols, heightened fears that adversaries could exploit procedural oversights. Allegations of unauthorized email use by the Office of Personnel Management further highlight potential administrative security gaps.

Looking Forward

As digital threats continue to evolve, the U.S. faces significant challenges in fortifying its cyber defenses. Ensuring coherent policy, reinforcing cybersecurity personnel, and maintaining strategic vigilance against sophisticated threats like those posed by China will be crucial in safeguarding national security in the digital age.

Photo Credit: DepositPhotos.com