As President-elect Donald Trump enters his second term Monday, he’s facing down an unprecedented foreign threat: Chinese hackers.
In the last several years, three distinct Chinese hacking campaigns have occurred in the United States — even reportedly infiltrating U.S. government computers belonging to top Biden administration officials.
While China has long been a top cyber adversary for the U.S., over the course of the Biden administration it has become more dogged and ambitious than ever before, experts and U.S. officials say, building to what has become perhaps the biggest cyber challenge the U.S. has faced to date.
“I don’t think there’s any doubt that the risk of Chinese cyberattacks has gone up,” said Adam Segal, who served as a senior cybersecurity adviser in the State Department last year. “And Chinese capabilities have seemed to have notably increased over the last four years.”
The most recent breach, discovered in December, gave the hackers access to files from the Treasury Department. The department described the breach as a “major incident” and sanctioned a Chinese company for allegedly helping that country’s cyber programs. Another, called Salt Typhoon, included a massive compromise of telecommunications companies, including AT&T and Verizon, and gave the hackers access to the Trump and Harris campaigns’ phone calls last year, as well as the phone records of more than a million Americans. FBI Director Christopher Wray said last month it may prove to be the “most significant cyber espionage campaign in history.”
Perhaps the biggest threat, known as Volt Typhoon, consists of hackers stealthily burrowing into infrastructure, including power, communications and water facilities. In a marked departure from other alleged Chinese hacking campaigns, which generally seem designed to collect intelligence, U.S. officials say Volt Typhoon is pre-positioning in case of military conflict — particularly if China were to invade the self-ruling island of Taiwan — to cause mass chaos and hamper the U.S. from conducting a full and immediate response.
While AT&T and Verizon say they have worked to clear the hackers from their systems, White House officials have said that both the Salt and Volt Typhoon hacks should be considered perpetual operations and that the hackers are unlikely to give up trying to get back in. China has denied being behind all three hacking campaigns.
As the Biden administration prepares to depart the White House, there are indications that the government realizes it has not done enough to stop China-backed hackers.
On Thursday, in one of his final official acts as president, Joe Biden signed an executive order that largely tackles cybersecurity problems, including giving the Cybersecurity and Infrastructure Security Agency more power to monitor federal networks for hackers.
According to a memo published on Jan. 6 by the Southern Nevada Counter Terrorism Center — one of dozens of fusion centers across the U.S. that share law enforcement and intelligence information — senators received multiple briefings on Salt Typhoon last month. The memo, seen by NBC News, is unclassified but marked for official use only, and was provided to NBC News by Property of the People, a nonprofit that uses freedom of information requests to obtain hidden government documents.
In at least one of those briefings, private experts told senators that countering China would require both hardening U.S. telephone networks — a massive investment — and beginning “a sustained, direct, and more forceful effort to disincentivize Chinese espionage.” One expert suggested the U.S. create a “credible threat of painful retaliation” for such campaigns.
Trump’s incoming team has said it plans to be more confrontational and aggressive against China.
“For too long our country has been on defense when it comes to cyberattacks,” Brian Hughes, a Trump-Vance transition spokesperson, told NBC News in an emailed statement.
“The Trump Administration is committed to imposing costs on private and nation state actors who continue to steal our data and attack our infrastructure,” Hughes said.
Trump’s pick for national security adviser, Rep. Michael Waltz, R-Fla., told CBS News last month that the next administration would take “a different approach to cyber.”
“We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us, and that even worse, with the Volt Typhoon penetration, that are literally putting cyber time bombs on our infrastructure,” Waltz said.
Waltz declined in the interview to say whether that could include sanctions, and did not otherwise describe what such deterrence might mean.
During his first term, Trump eliminated the federal government’s cybersecurity czar, a move that attracted intense criticism from Democrats. Experts praised the Biden administration’s cyber policies, despite what appeared to be steeply escalating issues affecting citizens and the government itself.
Chris Painter, the top cyber diplomat during the Obama administration, said it was clear that China’s cyber activity is not being deterred, but that it isn’t clear how the Trump administration’s approach would fix that.
“There has been a lot of activity over the years, both in the Trump administration and this administration, but it hasn’t protected us from these massive events. They’re going to have to take this seriously,” he said.
Vulnerabilities in private companies, like those exploited to give hackers access to American telecoms, are “an enduring problem” that Biden’s team tried to address with regulations that are unlikely to last under Trump, Painter said. Trump campaigned on the “most aggressive regulatory reduction” and has vowed to sign a flurry of executive orders on his first day in office, many overturning Biden policies.
“So how do you cure that? The Biden administration, for the first time in years, has moved to this idea in the national cyber strategy that maybe it’s time to think about the dirty word of regulation and have more responsibility. I think that’s out the window in the new administration.”
Segal, the former Biden official, said the U.S. won’t be able to convince China to stop conducting cyber espionage, especially given the United States’ own long history of that practice.
“There’s very little that can be done or said to China about espionage,” Segal told NBC News. “Countries are going to commit espionage and then continue committing espionage, and so really it’s on us to better defend ourselves.”
The Biden White House has conducted operations to disrupt China’s hacking infrastructure, same as it does with other hackers adversarial to the U.S. On Tuesday, the Justice Department and the FBI announced they had removed a type of malware that China has used to infect Americans’ computers to unwittingly do Beijing’s bidding.
Most of the operations that the U.S. Cyber Command conducts, including disrupting Chinese hacking operations, are classified, making it impossible to fully judge their effectiveness. But it’s not clear that simply disrupting that kind of hacker infrastructure is an effective long-term plan, said Brandon Wales, the executive director of the U.S. Cybersecurity and Infrastructure Security Agency during the first Trump administration.
“Offensive cyber operations can complicate adversary planning and disrupt operational infrastructure, but we have seen both nation-state and criminal organizations reconstitute that infrastructure relatively quickly,” Wales, now the vice president for cybersecurity strategy at cybersecurity company SentinelOne, told NBC News.
“Where the U.S. government has its best access to Chinese networks, do we want to burn those on operations now or save those for conflict when they could mean the difference between life and death?” he said.
The post Trump faces unprecedented cyber challenges with Chinese hackers appeared first on NBC News.
