John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
After the ‘Worst Telecom Hack in History,’ Washington Is Already Moving On
US officials spent months calling Salt Typhoon the most significant cyberattack on American telecom infrastructure in history. Chinese hackers with months of persistent access inside carrier networks, potentially intercepting communications of senior officials. A breach that should’ve forced serious security reform.
That forcing function is losing force.
Promised Reform, Stalling Reality
There was genuine momentum after Salt Typhoon went public. The FCC opened a rulemaking on telecom security. Congressional leaders talked about mandating baseline requirements. For a brief window, bipartisan agreement that something had to change.
Officials are now warning about policy apathy. The attention has dissipated. Reform bills have stalled. The FCC rulemaking’s trajectory is uncertain. Carriers, who’d bear compliance costs from new mandates, keep lobbying against prescriptive rules.
This pattern isn’t unique to cyber. Landmark failure produces a short window of political will, followed by institutional inertia. What makes the telecom case particularly frustrating is how clear the threat was. Chinese state-sponsored actors systematically compromised the infrastructure Americans use to communicate. The cause and effect isn’t ambiguous.
Congress Has Different Priorities
While telecom reform stalls, bipartisan lawmakers introduced legislation to eliminate the FBI’s ability to query Section 702 databases without a warrant. That’s the provision that lets NSA collect foreign targets’ communications, but also lets the FBI search that data for Americans’ communications without a warrant.
This is a civil liberties reform, not a cybersecurity one. But it intersects with the broader picture: restricting what intelligence agencies can do domestically while the infrastructure they’re supposed to protect remains exposed. Congress is more activated by surveillance overreach concerns than by the “fix the thing that got hacked” question.
New NSA Leadership
The Senate confirmed Joshua Rudd to lead both NSA and US Cyber Command. He steps into an environment defined by exactly these tensions: a landmark breach with no lasting policy response, surveillance reform moving through Congress, and continued adversary activity from China, Russia, and everyone else.
The Accountability Gap
Telecom carriers that were compromised haven’t faced regulatory consequences. Minimum security standards that would’ve prevented or limited the breach haven’t been mandated. The political moment where reform was possible appears to be passing.
What would actual reform look like? Baseline encryption standards. Network segmentation requirements. Mandatory incident reporting timelines. Vendor security requirements. None of this is technically difficult to define. It’s politically difficult to mandate because it costs the industry money.
That’s where the accountability story lives. Not in the sophistication of the Chinese attack, but in the decision to leave the infrastructure exposed after the attack was discovered, and then to lose the political will to fix it.