\u2018Whatever we did was not enough\u2019: How Salt Typhoon slipped through the government’s blind spots | CyberScoop<\/title> <meta name=\"description\" content=\"Critics tell CyberScoop the U.S. federal government had many failings in the lead up to and the response to the Salt Typhoon breach.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/salt-typhoon-us-government-response\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"\u2018Whatever we did was not enough\u2019: How Salt Typhoon slipped through the government's blind spots\"> <meta property=\"og:description\" content=\"Critics tell CyberScoop the U.S. federal government had many failings in the lead up to and the response to the Salt Typhoon breach.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/salt-typhoon-us-government-response\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-20T11:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png\"> <meta property=\"og:image:width\" content=\"3841\"> <meta property=\"og:image:height\" content=\"2161\"> <meta property=\"og:image:type\" content=\"image\/png\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1747157649g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1747161863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84598\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84598\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsalt-typhoon-us-government-response%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsalt-typhoon-us-government-response%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84598 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-us-government-response\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.969465648855\">\n<div class=\"single-article__header-content\" readability=\"35.502024291498\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/salt-typhoon-us-government-response\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> Seven sources tell CyberScoop that a lack of coordination and miscommunication between federal agencies and the telecommunications industry left critical networks exposed to the Chinese hacking group. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84598\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots.png?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png 3841w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.png?resize=1498,843 1498w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Graphic by Scoop News Group) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"181.54633951953\"><body readability=\"369.49596607974\"><\/p>\n<p>The first time some of the largest telecom companies in the world heard of Salt Typhoon was <a href=\"https:\/\/www.wsj.com\/politics\/national-security\/china-cyberattack-internet-providers-260bd835\">in a Wall Street Journal article<\/a>.<\/p>\n<p>The story, which was published last September, blindsided company executives and industry insiders. As news of the attack on the country\u2019s broadband networks broke, the scope and severity of the breach became clear. The top Democrat on the Senate Intelligence Committee <a href=\"https:\/\/www.washingtonpost.com\/national-security\/2024\/11\/21\/salt-typhoon-china-hack-telecom\/\">dubbed it<\/a> \u201cthe worst telecom hack in our nation\u2019s history.\u201d The breach, carried out by a Chinese government-linked hacking group, had resulted in a total of around <a href=\"https:\/\/www.politico.com\/news\/2024\/12\/03\/chinese-hack-global-telecom-ongoing-00192410\">80 different firms<\/a> compromised at last count, with the attackers in the networks for potentially years as it <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-telecom-breach-remarkable-for-its-indiscriminate-targeting-fbi-official-says\/\">siphoned up data<\/a> from more than <a href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/typhoon-china-hackers-military-weapons-97d4ef95\">1 million people<\/a>.<\/p>\n<p>Telecom companies were upset to learn about the breach from the Journal story instead of the federal government. One telecom industry source called it \u201cdisconcerting\u201d that large companies hadn\u2019t heard about it first from government agencies, and major providers \u201cfelt like information wasn\u2019t handled correctly.<\/p>\n<p>\u201cThe engagement was not treated with the kind of respect it deserved,\u201d the source told CyberScoop.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The perceived lack of attention is a microcosm of what critics told CyberScoop was just one of the government\u2019s many failings in response to the Salt Typhoon breach. Sources told CyberScoop that the issues with the government\u2019s response started long before knowledge of an incident ever occurred. <\/p>\n<p>In conversations with CyberScoop, those sources \u2014 who were granted anonymity to speak more freely \u2014 touched on several concerning issues, including about how: <\/p>\n<ul class=\"wp-block-list\">\n<li>Investigators had a \u201cfailure of imagination\u201d in not better anticipating the breaches, multiple former U.S. government officials said.<\/li>\n<li>The Cybersecurity and Infrastructure Security Agency\u2019s relationship with the telecommunications sector, one said, had \u201cdegraded,\u201d with the agency perhaps spread too thin. That degradation might have been one cause of what many characterized as disjointed or inadequate communications between feds and the industry.<\/li>\n<li>Government warnings about vulnerabilities and risks prior to the discovery of the breaches were far too vague to be of use, one former U.S. official said. <\/li>\n<li>The government failed to use the levers of power it had at its disposal to force telecom companies to upgrade their security posture, one expert said.<\/li>\n<\/ul>\n<p>When asked about these issues, current and former government officials rejected some of the complaints. A current CISA official told CyberScoop that the agency, along with the Federal Bureau of Investigation, mounted a coordinated campaign to notify companies and help them counter the attack, sometimes providing new information on an hourly basis. Even if there were shortcomings in the response, they contended, the relationship with industry had, if anything, improved over time. <\/p>\n<p>The breached telecommunications companies share some of the blame for why things went wrong, especially because the attackers got into systems they ultimately own by exploiting basic vulnerabilities and taking advantage of slipshod security, sources said. Some officials also said that, prior to the attack, the government lacked the authority to order companies to take action; only after the incident were <a href=\"https:\/\/cyberscoop.com\/fcc-cybersecurity-rules-wiretapping-law-salt-typhoon\/\">some new regulations<\/a> proposed to give officials more power to compel industry compliance. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Yet multiple sources told CyberScoop that there were failings that helped Salt Typhoon ultimately carry out their plan.<\/p>\n<p>\u201dArguably, clearly, whatever we did was not enough,\u201d said a former senior U.S. cybersecurity official, who nonetheless pointed to significant government efforts.<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-before-the-breach-nbsp\"><strong>Before the breach <\/strong><\/h5>\n<p>Three former U.S. government officials told CyberScoop the federal government didn\u2019t adequately anticipate and prepare for the possibility that an adversary like Salt Typhoon would attack telecommunication companies in such a massive way.<\/p>\n<p>\u201cAs a nation, we\u2019re really good at preparing for the last attack,\u201d one official said, adding that \u201cso much of our planning is about responding to what happened last as opposed to thinking through what might happen next.\u201d Other examples, the source pointed out, include the Sept. 11, 2001 terrorist attacks and Russian meddling in the 2016 presidential election.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>When asked about preparation for such attacks, a CISA official countered that the agency was responsible for one of the first known detections of the attack campaign.<\/p>\n<p>Former CISA Director Jen Easterly <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-us-government-jen-easterly-cisa\/\">said in January<\/a> that threat hunters at her agency first detected Salt Typhoon activity on federal networks, and by combining that information with \u201cindustry tippers,\u201d feds were able to then respond to the penetration of telecom networks.<\/p>\n<p>\u201cI think it bears noting that none of these victims detected this activity,\u201d the official said. \u201cIt was unrelated to the targeting of the telecommunications sector, but it was the same threat actor, and based on the information gleaned through those proactive hunt efforts across the federal civilian executive branch, we were able to share information back into the U.S. government with partners.\u201d <\/p>\n<p>Jamil Jaffer, who served on the Cyber Safety Review Board before the Trump administration <a href=\"https:\/\/cyberscoop.com\/removal-cyber-safety-review-board-members\/\">removed all its members<\/a>, testified at a congressional hearing in April that the detection should have set off bigger alarm bells and stronger action from the federal government. He specifically mentioned to CyberScoop the government\u2019s use of court-authorized powers in other cybersecurity incidents, including those used to <a href=\"https:\/\/cyberscoop.com\/fbi-operation-china-botnet-flax-typhoon\/\">take down a Chinese botnet<\/a> exploiting U.S. routers. <\/p>\n<p>Jaffer said that if the government had been more aggressive about chasing down the Salt Typhoon threat in collaboration with the private sector, the use of similar authorities could have potentially played a valuable role.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThat is a massive, massive failure of the government to do its job, to share information with industry, to help industry protect itself and take accountability for the fact that we had that information and didn\u2019t know what to do with it,\u201d said Jaffer, the executive director of George Mason University\u2019s National Security Institute. \u201cIf we leave the private sector alone to defend against these threats, we will fail every time.\u201d<\/p>\n<p>Department of Homeland Security Secretary Kristi Noem has been making a similar point in public appearances. \u201cOne of the most alarming things I heard as soon as I was nominated for this position was in a briefing from CISA that told me that they knew with Salt Typhoon that we had been hacked, but they also said they didn\u2019t know how it happened or how to stop it in the future,\u201d she told the House Homeland Security Committee <a href=\"https:\/\/homeland.house.gov\/2025\/05\/15\/secretary-noem-testifies-on-a-better-path-forward-for-dhs-the-safety-of-our-communities-is-in-a-much-better-spot-than-six-months-ago\/#:~:text=In%20fact%2C%20one%20of%20the,stop%20it%20in%20the%20future.\">last week<\/a>.<\/p>\n<p>One former U.S. official said that while CISA had issued warnings about vulnerabilities that the attackers would exploit, they were too vague and not targeted at the telecom sector.<\/p>\n<p>Other sources worry that federal agencies have been distracted or uneven in their focus on critical infrastructure. <\/p>\n<p>\u201dIn the critical infrastructure policy space, there are 16 sectors, and there\u2019s always been this long-held belief that certain sectors are better [at cybersecurity] than others: financial services, energy, telecommunications,\u201d one former official said. \u201cAnd so I\u2019m not saying they got a pass, but there were other sectors that we were more worried about: health care, education, let\u2019s go down the list.\u201d <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Furthermore, the official said that CISA has significant responsibilities as the <a href=\"https:\/\/www.cisa.gov\/topics\/critical-infrastructure-security-and-resilience\/critical-infrastructure-sectors\/sector-risk-management-agencies\">\u201csector risk management agency\u201d<\/a> (SRMA) for eight of the 16 critical infrastructure segments, running the risk of overextending the agency\u2019s capabilities.<\/p>\n<p>\u201cThey treat [telecom] like every other sector,\u201d the official said, referring to the communications sector. \u201cThere is a lot of anger and frustration [in the telecom sector] \u2014 with the exception of what [CISA has] done on supply chain \u2014 for how the partnership has degraded over the last eight years.\u201d<\/p>\n<p>The House Homeland Security Committee is taking a closer look at CISA\u2019s role as an SRMA as part of <a href=\"https:\/\/homeland.house.gov\/2025\/03\/17\/chairmen-green-garbarino-brecheen-conduct-oversight-of-the-federal-governments-response-to-china-backed-typhoon-intrusions-under-previous-administration\/\">its Salt Typhoon probe<\/a>.<\/p>\n<p>\u201dWe have been in touch with the telecoms and we talked to CISA about this: We do want to make sure that CISA is strengthened and performing its role well as the SRMA of the communication sector,\u201d a committee aide said. \u201cWe\u2019re just trying to understand where any of those gaps might be so we can ensure that information sharing is strong, and that relationship is working.\u201d<\/p>\n<p>Not everyone agrees that CISA\u2019s relationship with the telecom industry has degraded. Dave DeWalt, who sits on the National Security Telecommunications Advisory Committee (NSTAC) that provides industry recommendations to the executive branch, had a different take on government-telecommunications industry relations.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cI don\u2019t see that at all,\u201d said DeWalt, who is also the CEO of the venture capital firm NightDragon. \u201cThe integration with CISA over the last years has been pretty good. \u2026 In fact, if anything, it got better during the Biden years.\u201d<\/p>\n<p>The CISA official emphasized the agency\u2019s ongoing efforts: \u201cWe are very focused on working with the telecommunications industry to understand, from their perspective\u2026how could the relationship work better?\u201d<\/p>\n<p>Some observers believe that stronger government regulations could have improved security in the sector before Salt Typhoon struck. The Biden administration had been pushing for <a href=\"https:\/\/cyberscoop.com\/bidens-cybersecurity-legacy-a-big-shift-to-private-sector-responsibility\/\">more regulation<\/a> taking a sector-by-sector approach. The Federal Communications Commission launched <a href=\"https:\/\/cyberscoop.com\/fcc-moves-ahead-on-internet-routing-security-rules\/\">some regulatory initiatives<\/a>, with <a href=\"https:\/\/cyberscoop.com\/fcc-cybersecurity-rules-wiretapping-law-salt-typhoon\/\">others only materializing<\/a> after the breaches were discovered.<\/p>\n<p>The former senior U.S. cyber official said those regulatory efforts were marginal upgrades within the telecom space. \u201cIt wasn\u2019t really comprehensive, and it wasn\u2019t focused at the network level in these large enterprises,\u201d the official said.<\/p>\n<p>Laura Galante, who served as director of the Cyber Threat Intelligence Integration Center (CTIIC) from 2022 until this year, said the government worked within the confines of the lack of stronger regulatory power.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cOver time, pre-Salt Typhoon, there were issuances of [advisories warning], \u2018here are some commonly used products within telco architecture, your certain drivers and switches for example, that we see frequently compromised,\u2019\u201d she said. \u201cThose advisories, in addition to the other smaller-circle intelligence-sharing work, have been the best efforts without an additional regulatory lever.\u201d<\/p>\n<p>Anne Neuberger, the former deputy national security adviser for cyber and emerging technology, told reporters <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-telecom-cybersecurity-gaps-white-house-response\/\">in a December call<\/a> that stronger regulations, like those in place in the United Kingdom, would have gone a long way toward limiting the attack\u2019s scope. <\/p>\n<p>\u201cWhen I talked with our U.K. colleagues and I asked, \u2018do you believe your regulations would have prevented the <a href=\"https:\/\/cyberscoop.com\/tag\/salt-typhoon\/\">Salt Typhoon<\/a> attack?\u2019, their comment to me was, \u2018we would have found it faster. We would have contained it faster, [and] it wouldn\u2019t have spread as widely and had the impact and been as undiscovered for as long,\u2019 had those regulations been in place,\u201d Neuberger said. <\/p>\n<p>A former government official told CyberScoop that even that type of regulatory system may not have been enough. <\/p>\n<p>\u201dFor people who are strongly in favor of regulation, they will use this, they will look at this and say, \u2018if there were stronger mandates, it could have made the difference,\u201d said the former senior U.S. cybersecurity official. \u201cI don\u2019t know if that\u2019s the case, because regulations are not synonymous with improved security. \u2026 Even companies in highly regulated sectors do suffer compromises.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-after-the-breach\"><strong>After the breach<\/strong><\/h5>\n<p>Once The Wall Street Journal broke the news about the breaches, a telecommunications industry furor erupted, multiple officials from both government and industry said.<\/p>\n<p>\u201cI heard from the companies as well [after the WSJ article],\u201d the CISA official said.\u201cThat is not what we want. It was unclear where that information was coming from, candidly, and it was moving extraordinarily fast,\u201d the CISA official said. \u201cSo I think we were, in that case, certainly apologetic to the companies that they were hearing from The Wall Street Journal. With that said, some of the information that was in certain publications was inaccurate, and the government does have a responsibility to do due diligence before making a victim notification.\u201d<\/p>\n<p>A former official said \u201dwhat continued to be stunning was the rollout of companies that had been affected that didn\u2019t know.\u201d<\/p>\n<p>The telecommunications industry source that spoke to CyberScoop said that companies were frustrated to only find out about the attacks when they did, rather than being warned by the government. As these companies rushed to respond, the source described officials from several government agencies suddenly getting involved and \u201cbehaved like \u2018puppies piling on.\u2019\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cEverybody needs to talk to everybody, and \u2026 these were people who didn\u2019t have a damn thing to do with anything, and didn\u2019t know anything about what they\u2019re talking about,\u201d they said. <\/p>\n<p>Companies spent \u201ca lot of time with distracting phone calls, which were taking away time from individuals that were trying to respond, recover, mitigate, root out\u201d the attackers, the source said. \u201cWe would find ourselves having the conversation with major entities and then we\u2019d be yelled at because we didn\u2019t have the same conversation with a different entity.\u201d<\/p>\n<p>The CISA official said there was a concerted effort to coordinate victim notifications.<\/p>\n<p>\u201dThat is something that was top of mind for leaders across the cybersecurity community at the beginning of this campaign,\u201d they said. \u201cDoes that mean we did it perfectly? No, but we were committed to as best as we can \u2026 de-conflicting within the U.S. government in reducing the burden, really on these \u2026 victims, as they were focused on their own response efforts.\u201d<\/p>\n<p>The FBI led the victim notification effort while CISA handled some of the notifications because they had ongoing relationships with certain companies. By late September, the government was notifying victims every single day and holding frequent senior leadership meetings \u2014 sometimes as often as every hour. While the FBI focused on victim notification, the Office of the Director of National Intelligence took charge of impact analysis and assessment, and CISA concentrated on mitigation efforts and tracking the attackers.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The FBI did not respond to questions or a request for an interview for this story.<\/p>\n<p>The CISA official said the agency was also sharing \u201chunting guidance,\u201d helping companies determine whether they were victims; \u201chardening\u201d advice to make it tougher for the attackers to strike; and helping \u201chighly targeted individuals\u201d or \u201cVIPs,\u201d including high-level officials across government. <\/p>\n<p>But there was \u201cfair criticism\u201d about the information sharing between government and industry, the official said.<\/p>\n<p>With the response in full swing, another probe of the attacks, by the Cyber Safety Review Board, was announced. But it endured delays and then barely got started before the Trump administration stripped the board of its members, halting the investigation. <\/p>\n<p>\u201cHad we been able to pursue our investigation more aggressively during the prior administration and if the Board had not been terminated before the current one, I certainly would have advocated to look closely at what the government knew when and what the government did or didn\u2019t do about that information,\u201d Jaffer told CyberScoop.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The House Homeland Security Committee\u2019s probe will also look into the caliber of information sharing.<\/p>\n<p>\u201dThe information that was shared with us and others was not timely,\u201d Rep. Andrew Garbarino, R-N.Y., who chairs the panel\u2019s cybersecurity subcommittee, told CyberScoop. \u201cI don\u2019t know how quickly they shared information with their private sector partners. I think we can always do that better.\u201d When it comes to the U.S. government, he said, \u201cwe\u2019re very good at taking information but not sharing it.\u201d<\/p>\n<p>Overall, the CISA official felt the agency did a \u201creally good job of sharing information\u201d as the severity of the incident unfolded. <\/p>\n<p>\u201cHad we not had that information, who knows whether this campaign would have been detected by today or whether it would still be ongoing,\u201d the official said. \u201cDoes that mean we have figured out the perfect recipe for identifying risk thresholds for a sector that is largely unregulated, with extraordinarily large Fortune 10 companies and then others who you\u2019ve never heard of that are deeply connected and underpin the trust relationships in those sectors? No.\u201d<\/p>\n<p><em>Derek B. Johnson contributed reporting for this story.<\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"19.33950617284\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"520\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-1.jpg?resize=520%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=300,194 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=768,498 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=1024,663 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=1536,995 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=600,389 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=259,168 259w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=520,337 520w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=1042,675 1042w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-4.jpg?resize=1301,843 1301w\" sizes=\"auto, (max-width: 520px) 100vw, 520px\"> <\/a><figcaption class=\"screen-reader-text\"> Signage at the headquarters of SAP AG, Germany\u2019s largest software company on January 8, 2013 in Walldorf, Germany. (Photo by Thomas Lohnes\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"1.0177514792899\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons\/\"> SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons <\/a> <\/h3>\n<p> Multiple firms are tracking the zero-day attacks on Europe\u2019s top software firm. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/sen-murphy-trump-administration-has-illegally-gutted-funding-for-cybersecurity\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-2.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-5.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Chair Katie Britt, R-Ala. (R), and Ranking Member Christopher Murphy, D-Conn., (L) appear as Homeland Security Secretary Kristi Noem speaks at a Senate Appropriations Committee hearing in the Dirksen Senate Office Building on May 8. Noem testified before the Homeland Security Subcommittee about her department\u2019s FY 2026 budget request. (Photo by Andrew Harnik\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/sen-murphy-trump-administration-has-illegally-gutted-funding-for-cybersecurity\/\"> Sen. Murphy: Trump administration has \u2018illegally gutted funding for cybersecurity\u2019 <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/tariffs-could-slow-replacement-of-telecom-networks\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> sinology, Getty Images <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/tariffs-could-slow-replacement-of-telecom-networks\/\"> Tariffs could slow replacement of telecom networks, according to industry official <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-us-government-response\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u2018Whatever we did was not enough\u2019: How Salt Typhoon slipped<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4299,757,78,452,669,117,1093,3076,4267,4300,910,2953,29,4301],"tags":[4302,759,86,454,671,119,1095,3079,4269,4303,911,2956,37,4304],"class_list":["post-7658","post","type-post","status-publish","format-standard","hentry","category-ctiic","category-cyber-safety-review-board","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-federal-bureau-of-investigation-fbi","category-government","category-house-homeland-security-committee","category-kristi-noem","category-nightdragon","category-nstac","category-office-of-the-director-of-national-intelligence-odni","category-salt-typhoon","category-telecommunications","category-wall-street-journal","tag-ctiic","tag-cyber-safety-review-board","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-federal-bureau-of-investigation-fbi","tag-government","tag-house-homeland-security-committee","tag-kristi-noem","tag-nightdragon","tag-nstac","tag-office-of-the-director-of-national-intelligence-odni","tag-salt-typhoon","tag-telecommunications","tag-wall-street-journal"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ctiic\/\" rel=\"category tag\">CTIIC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-safety-review-board\/\" rel=\"category tag\">Cyber Safety Review Board<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/house-homeland-security-committee\/\" rel=\"category tag\">House Homeland Security Committee<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/kristi-noem\/\" rel=\"category tag\">Kristi Noem<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nightdragon\/\" rel=\"category tag\">NightDragon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nstac\/\" rel=\"category tag\">NSTAC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/office-of-the-director-of-national-intelligence-odni\/\" rel=\"category tag\">Office of the Director of National Intelligence (ODNI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salt-typhoon\/\" rel=\"category tag\">Salt Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/telecommunications\/\" rel=\"category tag\">Telecommunications<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/wall-street-journal\/\" rel=\"category tag\">Wall Street Journal<\/a>","tag_info":"Wall Street Journal","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7658"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7658\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7658,"date":"2025-05-20T06:00:00","date_gmt":"2025-05-20T11:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84598"},"modified":"2025-05-20T06:00:00","modified_gmt":"2025-05-20T11:00:00","slug":"whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/20\/whatever-we-did-was-not-enough-how-salt-typhoon-slipped-through-the-governments-blind-spots\/","title":{"rendered":"\u2018Whatever we did was not enough\u2019: How Salt Typhoon slipped through the government\u2019s blind spots"},"content":{"rendered":"