Salt Typhoon Breach: DHS Restricts Employee Device and Communication Use

The U.S. Department of Homeland Security has imposed stringent restrictions on employee communications following the disclosure of yet another Chinese cyberattack. Chief Information Officer Eric Hysen issued an official directive permitting staff to use only department-issued devices.

Employees are instructed to conduct official correspondence primarily through Microsoft Teams, with leadership warning against careless use of phone calls and SMS exchanges.

These heightened security measures are a response to the infiltration of prominent American telecommunications systems by the hacking group Salt Typhoon, targeting AT&T, Lumen, and Verizon. According to the Wall Street Journal, cybercriminals may have had access to corporate networks for approximately eight months.

Experts analyzing Salt Typhoon’s activities describe the group as highly skilled, with members displaying not only exceptional technical expertise but also a methodical approach that avoids detection. Analysts believe the telecommunication data obtained by the attackers is a veritable treasure trove for any nation’s intelligence agencies.

Meanwhile, the U.S. Consumer Financial Protection Bureau has entirely banned the use of phones for official communication, later assuring that hackers had not breached its information systems.

Members of the American intelligence community briefed Congress on the extent of the breach. It remains unclear whether the attack compromised surveillance systems operating under the Foreign Intelligence Surveillance Act, which would have enabled Beijing to glean information about the overseas objectives of U.S. intelligence agencies.

Kevin Mandia, founder of the cybersecurity firm Mandiant, reminded that diplomatic correspondence has long attracted malicious actors. Emails and messages often contain valuable insights into the intentions and plans of government officials.

Following the attack, doubts have been raised regarding the reliability of the Communications Assistance for Law Enforcement Act (CALEA). Under CALEA, telecom operators are required to ensure technical access for authorized eavesdropping by intelligence agencies.

Per regulations set by the Federal Communications Commission, telecommunications companies are allowed to choose their own methods of complying with CALEA requirements. Operators may develop proprietary solutions, utilize equipment manufacturers’ capabilities, or seek assistance from third-party providers. Experts in cybersecurity are in agreement on one point: current standards must be reformed.

The Department of Homeland Security has tasked a specially convened Cybersecurity Council to investigate the incident. Concurrently, a Joint Coordination Group is working to organize a federal-level response to the threats.