FOR IMMEDIATE RELEASE
Chairmen Green, Garbarino, Brecheen Conduct Oversight of the Federal Government’s Response to China-Backed “Typhoon” Intrusions Under Previous Administration
WASHINGTON, D.C. Today, House Committee on Homeland Security Chairman Mark E. Green, MD (R-TN), Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY), and Subcommittee on Oversight, Investigations, and Accountability Chairman Josh Brecheen (R-OK) sent a letter to Department of Homeland Security (DHS) Secretary Kristi Noem, requesting information and documents detailing the federal government’s response to widespread cyber intrusions from “Volt Typhoon” and “Salt Typhoon,” two advanced persistent threat actors backed by the People’s Republic of China (PRC).
Following the Biden administration’s delays in providing information to the Committee, the Chairmen requested all documents and communications relating to the two “Typhoon” intrusions since January 20, 2021, information explaining when DHS and the Cybersecurity and Infrastructure Security Agency (CISA) became aware of the threats and damages caused by the intrusions, and the timeline of events related to CISA’s responses. Read the full letter here.
In the letter, the Chairmen wrote, “Last year, Volt and Salt Typhoon grabbed headlines for successfully compromising U.S. critical infrastructure with sophisticated tactics. For example, in February 2024, U.S. government agencies revealed that Volt Typhoon had burrowed for at least five years into the information technology environments of several key critical infrastructure sectors, including energy, water and wastewater systems, transportation systems, and communications…Despite officials raising the alarm about Volt and Salt Typhoon, we still know very little about them––except that Volt Typhoon, in particular, continues to compromise our critical infrastructure…[W]e remain gravely concerned that the Biden Administration failed to mitigate these significant threats posed by the PRC. In fact, the Biden Administration delayed providing a briefing on Salt Typhoon to the Committee until about a month after the Wall Street Journal broke the news about the threat actor’s activity.”
The Chairmen continued, “On January 15, 2025, then-CISA Director Jen Easterly stated in a release that CISA, industry, and other federal partners ‘have been laser focused on deterring China’s cyber aggression,’ specifically referencing Volt and Salt Typhoon. These threat actors pose significant challenges that cannot be addressed overnight. The Biden Administration’s lack of transparency surrounding the federal government’s response to Volt and Salt Typhoon, however, was unacceptable and disconcerting...The Committee seeks to examine CISA’s response to Volt and Salt Typhoon to ensure CISA is focused on, and empowered to perform, its core mission effectively. Additionally, given the cross-sector impact of these PRC-backed threat actors, the Committee seeks to understand the role of other U.S. government entities is necessary for ensuring the resilience of America’s cybersecurity posture.”
The Chairmen concluded, “The extent of Volt Typhoon’s activities became public more than a year ago. It is the Committee’s hope that the Trump Administration will provide the American people with confidence that their government is taking every step possible to mitigate the impact of Volt and Salt Typhoon on government entities and businesses. If the Biden Administration was negligent in its response, we must hold accountable those responsible for failing to mitigate one of the greatest modern-day threats to the homeland.”
Background:
On October 18, 2024, Chairmen Green and Garbarino sent a letter to CISA and the Federal Bureau of Investigation (FBI), requesting a briefing for the Committee by November 1 on the recently discovered “Salt Typhoon” intrusion. The group specifically targeted major internet service providers (ISPs) such as AT&T, Verizon, and Lumen Technologies.
In the Committee’s first hearing of the 119th Congress, retired Rear Admiral Mark Montgomery revealed the startling extent of the Chinese Communist Party’s (CCP) ongoing access to our networks, as well as the sinister reason behind China’s pre-positioning efforts in our critical infrastructure through “Volt Typhoon.” Adam Meyers, a vice president at CrowdStrike, further outlined how threat actors, such as China, Russia, and North Korea, find and exploit known or zero-day vulnerabilities in American technology. As America’s adversaries increasingly use cyberspace as a battlefield, every witness called for enhanced cyber readiness across the government and private networks.
In September 2024, Rep. Laurel Lee (R-FL), Chairman Green, and Select Committee on the Chinese Communist Party Chairman John Moolenaar (R-MI) introduced H.R. 9769 to establish an interagency task force, led by CISA and the FBI, to address the widespread cybersecurity threats posed by state-sponsored cyber actors associated with the PRC. The “Strengthening Cyber Resilience Against State-Sponsored Threats Act” also requires the task force to provide a classified report and briefing to Congress annually for five years on its findings, conclusions, and recommendations relating to malicious CCP cyber activity. The legislation was unanimously advanced out of the Committee and passed the House last Congress.
On May 25, 2023, Chairmen Green and Garbarino released a statement on “Volt Typhoon,” which compromised U.S. critical infrastructure for surveillance purposes as detailed in a Joint Cybersecurity Advisory by the National Security Agency (NSA), CISA, the FBI, and international partner agencies.
On November 12, 2024, the Committee released a “Cyber Threat Snapshot,” detailing growing threats posed by malign nation-states and criminal networks to the homeland and the data of Americans.
Read more in Nextgov via David DiMolfetta.
###
