On Wednesday, cybersecurity experts urged lawmakers to concentrate on bigger, looming cybersecurity threats like AI and quantum, while saying that the new Salt Typhoon hacks may serve as a “wake-up call.”
One of the most significant U.S. breaches to date is Salt Typhoon, a threat actor connected to the People’s Republic of China ( PRC ). The China-linked hackers group targeted President Donald Trump, Vice President JD Vance, and partners of former vice president Kamala Harris by hacking into network at various telecommunications companies.
On Wednesday, security experts testified before the House Oversight and Government Reform Subcommittee on Military and Foreign Affairs that Salt Typhoon may represent a turning point for the US.
They urged the federal government to switch to “bold” federal investments in security, noting that quantum computers and AI may alter how we think of cybersecurity.
According to Edward Amaroso, a research professor at New York University ( NYU) and CEO of TAG Infosphere, Inc.,” we need to be thinking about the next problem.” Notable is that Amaroso previously held the position of senior vice president and general safety officer for 31 times at AT&T.
When I’m asked about this subject, I frequently think about a analogy that comes to mind. As if we were traveling through a lot of holes before you ask us to stop and talk about the cracks. We don’t want to disregard the holes, but it’s more terrifying when we have enormous crater ahead of us, Amaroso said, adding that” And those holes will come from an adversary that is using AI in more ways.”
Democrats on the committee often brought up the recent Signal group chat discussion, in which top Trump administration officials discussed military strikes on the messaging apps and added a journalist to the party conversation.
Republicans downplayed the Signal discussion, with Rep. William Timmons, R-S. C., claiming that the Cybersecurity and Infrastructure Security Agency “encourages” the use of Signal for its end-to-end crypto.
Amaroso, however, was asked by Rep. Michael Cloud, R-Texas, if the Signal messages were prone to being exposed by the Salt Typhoon steal.
It turns out that the PRC may have a lot of those in the basement because it’s using a type of encryption called public key cryptography, and it’s entirely possible that it’s using one. So I can see why Signal is prone to real-time security by the nation-states.
” We’ve discovered that in our own intelligence society, we’ve always been 10 to 15 times ahead of what we all believe crypto to be.” But, there are a lot more possibilities than we think they are in crypto, he said, so it’s kind of frightful that Russia, China, and others are already much further along than we think they are.
Amaroso stated that Salt Typhoon may serve as a “wake-up call” because China is currently a better risk actor than many members of the cybersecurity community had anticipated.
We can debate whether it would be effective to break Signal, whether Salt Typhoon connects, or whether it would be, but I believe it becomes really terrifying when you push the ball forward on the ice a little bit, depending on where things are going, he warned. Yet things you might depend on right now are likely to not become things we can rely on in the future, according to Even Signal. Therefore, we all need to consider how to correct that.
The strike surface is bigger than ever, according to Matt Blaze, a professor of law at Georgetown Law and a professor of computer technology at Georgetown University. He also rebuffed the warning,” We don’t understand if any of this crypto is flawless.”
” What powerful end-to-end crypto does is basically removes attacks against the system – as we saw in the Salt Typhoon problems that have been made open but much – from the equation,” Blaze said. We don’t know whether Signal’s crypto is perfect, largely, because it’s encrypted.
Blaze claimed that the offensive side benefits from the fact that” some of the vulnerabilities in computer systems, specific products, and servers have not yet been discovered, and some of them have not even existed.” Thus, he claimed that having an active protection to find and fix these flaws is “essential.”
Anything like Salt Typhoon was unavoidable and will probably occur again, according to Blaze,” to put it bluntly.” Unless major changes are made to our facilities and our strategy to protect it, Blaze said.