Amid the threats facing the United States, cybersecurity doesn’t make flashy headlines every day – but the latent danger from digital threats has some government officials on alert.
The chair of the House Committee on Homeland Security named cybersecurity a “top priority” earlier this year. Former FBI Director Christopher Wray has called Chinese hacks the “defining threat of our generation.”
Foreign hackers interfering against the U.S. worries Democrats and Republicans alike. A string of Chinese hacks into government agencies, infrastructure systems, and telephone companies in recent years has raised alarm bells, including a disclosure in December 2024 that hackers with ties to the Chinese government broke into the U.S. Treasury Department’s systems.
Why We Wrote This
Cyberattacks increasingly threaten the public and private sectors alike – including vital U.S. infrastructure. The Trump administration is considering tougher action against nations that sponsor hacking.
In her Senate confirmation hearing, Department of Homeland Security head Kristi Noem called cyberattacks a “rising threat” that “demands our utmost attention.” Yet the Trump administration has taken early actions that undermine long-standing cybersecurity efforts, critics argue.
In the middle of all of this, President Donald Trump is trying to chart his course on cybersecurity policy, sometimes sending mixed messages about his intentions. With the growing focus on cybersecurity, here’s a look at some of the issues government officials are looking to address.
What cybersecurity concerns does the U.S. face?
Risks are present in both the private and public sectors. One in 3 CEOs globally recently cited cyberespionage and loss of sensitive information as their top concern. Ransomware attacks, in which hackers block access to a computer system until its users pay a “ransom,” is a growing concern. These types of attacks rose worldwide by 74% in 2023, with the U.S. “most heavily targeted,” according to the former director of national intelligence under President Joe Biden.
The U.S. also faces a shortage of around 500,000 workers in cybersecurity, although some argue that advances in artificial intelligence could reduce the need for cybersecurity professionals.
Then there are foreign actors. Last summer, according to a U.S. Department of Justice indictment, hackers employed by Iran’s Islamic Revolutionary Guard Corps were able to breach a presidential campaign (understood to be Mr. Trump’s), stealing confidential information. In October, U.S. officials said they disrupted a Russian cyberattack on Defense Department and State Department computers.
But China is outpacing both those countries, with U.S. officials saying it is responsible for more hacks globally than Russia, North Korea, and Iran combined. They say the Chinese government often operates through groups of contractors, sometimes called hackers for hire, who are paid to find vulnerabilities within U.S. data systems and infrastructure.
What kind of hacks are involved?
Two of the biggest names among these hackers for hire are Salt Typhoon and Volt Typhoon. (Microsoft assigned these names in order to keep track of the groups.)
Last fall, reporting uncovered that Salt Typhoon had been carrying out a series of damaging cyberattacks since as early as 2022. The hackers targeted major telecommunications firms, the U.S. Treasury Department said. Among those were Verizon and AT&T.
Richard Forno, a cybersecurity expert at the University of Maryland, Baltimore County, says these hacks probably don’t present an immediate threat to the average person. But they give China an informational edge.
Telecommunications and internet infrastructure “underpins so much of our modern society,” says Dr. Forno. “So if you can penetrate and potentially disrupt that infrastructure, you can have all sorts of follow-on effects down the road.”
Volt Typhoon presents a different kind of threat. In 2023, this hacking group, which is also tied to the Chinese government, had penetrated infrastructure such as transportation, water, and energy systems across the U.S. Once they gained access, hackers implanted malware – malicious software – that can essentially lie dormant until China wants to activate it. In early 2024, the FBI announced it had removed malware from hundreds of home and office internet routers to disrupt the attack.
But the U.S. is still determining the scope of these attacks. Many security experts and public officials warn that China could use them as a tool in the event of a conflict – for example, if China invaded Taiwan and wanted to limit the U.S. reaction.
“China traditionally takes a very long, patient view of espionage and warfare,” says Dr. Forno.
What is President Trump’s stance on cybersecurity?
The Trump administration seems to be prioritizing an offensive approach to cybersecurity. National Security Adviser Mike Waltz has suggested imposing higher costs and harsher consequences on nations that carry out cyberattacks. Sean Plankey, the new head of the Cybersecurity and Infrastructure Security Agency (CISA), said he expects “more pointed measures at our adversaries.”
President Trump has also been reshaping digital security institutions within the federal government. Shortly after taking office, he dissolved the Cyber Safety Review Board, a Biden-created commission that had been investigating the Salt Typhoon hacks. He also oversaw more than 100 layoffs at CISA, including some employees who were tracking the efforts of Salt Typhoon and Volt Typhoon, according to media reports. (Some employees have reportedly been rehired and put on probationary leave.) However, Reuters has reported that in early March, the White House sent a memo directing federal agencies not to fire their cybersecurity teams.
Last week, President Donald Trump fired Air Force Gen. Timothy Haugh, who headed the National Security Agency and the Pentagon’s Cyber Command. No official reason has given. Laura Loomer, an activist on the right, thanked the president for getting rid of “Biden holdovers” in some prominent security positions.
What are some concerns about the Trump administration’s cybersecurity practices?
Some early actions of the Trump administration are raising red flags among cybersecurity analysts. Recently, senior officials, including Secretary of Defense Pete Hegseth, drew bipartisan criticism for posting details of a pending U.S. military strike in group text messages on Signal, an encrypted commercial messaging app. The conversation was revealed after a journalist was accidentally added to the group.
A National Security Council spokesperson confirmed the authenticity of the text chain. Mr. Hegseth has denied posting classified information. Yet officials used Signal even though the Department of Defense warned that the app has “a vulnerability” that Russian hackers are trying to exploit, NPR reported.
The quick pace at which Department of Government Efficiency workers have been given access to highly sensitive databases like the Treasury payment system has also generated controversy. Whether the DOGE team is following security protocols is unclear. Violating protocols could increase risks of foreign actors leveraging mistakes for their own gain.
For instance, two federal employees filed a lawsuit accusing the federal Office of Personnel Management of using an unauthorized private server to send DOGE email blasts across the government. But OPM lawyers argued in a court filing that this email system doesn’t pose a security risk because it operates “entirely” on government computers and doesn’t use a nongovernment server.
