China’s Salt Typhoon cyber espionage campaign was one of the most damaging series of cyberattacks ever undertaken against the United States, with profound impacts on national security, according to Dmitri Alperovitch, chairman of Silverado Policy Accelerator and a former member of the Department of Homeland Security’s now-defunct Cyber Safety Review Board.  

Many of the people investigating China’s breaches of at least nine major telecom companies were caught off guard by the campaign, Alperovitch said on Wednesday during a keynote address at the RSAC Conference in San Francisco. The investigators’ surprise itself surprised Alperovitch, he recalled, given that U.S. adversaries should be expected to conduct these types of operations (and that Western countries conduct similar types of intelligence gathering).

At the time that the Trump administration dismissed the CSRB’s members, temporarily shutting down the board’s operations, it was deep into an investigation of the Salt Typhoon campaign, which compromised Americans’ phone calls, text messages, and communications metadata, as well as the systems that federal agencies use to conduct wiretapping operations. As part of the attack, the hackers accessed the private data of then candidates Donald Trump and J.D. Vance and their Democratic rival Kamala Harris’s campaign.

These kinds of intrusions shouldn’t surprise anyone, Alperovitch said. “If you’re not tapping into telcos, you might as well shut down your shop and go home.”

Trump’s shutdown of the CSRB, part of a larger effort to purge federal advisory boards, preceded large rounds of job cuts, buyouts and resignations at key federal agencies, including the Cybersecurity and Infrastructure Security Agency, which was investigating the Salt Typhoon attacks. It remains unclear whether the administration will reconstitute the CSRB and how the job cuts will affect national cybersecurity. 

Alperovitch said the CSRB’s prior model was unsustainable and that in order to function properly the board needed full-time members and more independence. He argued that the CSRB’s status as a DHS advisory board posed conflicts of interest that affected investigations. Among other problems, the telecommunications companies raised concerns about providing information to the CSRB, fearing the board would hand over the data to CISA. 

Alperovitch played a key role in the CSRB investigation into the state-linked attacks on Microsoft Exchange Online. In a blistering report, the board found that attack entirely preventable and blamed Microsoft for a culture that emphasized speed to market over product security. 

Alperovitch also addressed lingering questions about the future of CISA, saying he thought its role should essentially be that of the federal government’s CISO, helping to secure their networks with centralized resources and expertise.