Cracks in the Network: Cybersecurity Failures, SALT Typhoon, and U.S. Cyber Leadership

On April 23, the Center for the National Interest and the National Security Institute (NSI) hosted a joint discussion on cybersecurity challenges in telecom networks, with a particular focus on the SALT Typhoon threat actor and its broader implications for U.S. national security. First publicly disclosed in 2024, the hack saw Chinese state actors infiltrate multiple U.S. telecommunications networks, compromising lawful intercept systems and enabling the surveillance of sensitive communications without detection. The attack ranks among the nation’s worst intelligence failures.

Keynote:

• Congressman Jim Himes (D-CT, 4), Ranking Member, House Permanent Select Committee on Intelligence

Panelists:

• Edward G. Amoroso, Founder and CEO, TAG Infosphere
• Kelli Andrews, Senior Director for Cybersecurity and Lawful Access Policy, Microsoft
• Jamil Jaffer, Founder and Executive Director, NSI
• Rich Mason, President and Chief Security Officer, Critical Infrastructure, LLC

Moderator:

• Paul Saunders, President, Center for the National Interest

Congressman Jim Himes, the top Democrat on the House Intelligence Committee, opened the session with a stark warning. Though cybersecurity has historically enjoyed bipartisan support, he expressed deep concern that recent political turmoil, combined with a brain drain from federal cybersecurity agencies, risks undermining the country’s defenses at a critical juncture.

The discussion then moved from politics to policy gaps and technical failures. Speakers emphasized that traditional “best practices” are no longer sufficient against adversaries as sophisticated as China. Edward Amoroso, CEO of TAG Infosphere, argued that innovation, rather than adherence to static checklists, was the only way to stay ahead. Others warned that U.S. telecom networks had been “hollowed out,” with infrastructure vulnerabilities going largely unaddressed for years.

Panelists also tackled the thorny issue of public-private cooperation. Kelli Andrews, a senior cybersecurity official at Microsoft, noted the sheer scale of cyberattacks her company defends against daily (more than 600 million) and highlighted lingering challenges in meaningful threat information sharing between industry and government.

Though mechanisms for cyber deterrence exist, their haphazard deployment has failed to make an impact. “There needs to be a strategic, top-down approach using all tools, but doing it in a way that isn’t a one-off,” Andrews added.

The threat posed by SALT Typhoon goes far beyond mere espionage. Panelists described a chilling future of “weapons of mass disruption,” where attacks aim to destabilize American society itself, raising uncomfortable questions about how resilient U.S. critical infrastructure truly is.

America’s cyber vulnerabilities are not hypothetical, nor are they confined to the shadows. They are real, present, and demand urgent, coordinated action. Whether policymakers will rise to the challenge remains an open question.