Timmons Opens Hearing on Securing America’s Telecommunications from State-Sponsored Cyber Attacks

WASHINGTON—Subcommittee on Military and Foreign Affairs Chairman William Timmons (R-S.C.) today opened the panel’s hearing on “Salt Typhoon: Securing America’s Telecommunications from State-Sponsored Cyber Attacks.” In his opening remarks, Subcommittee Chairman Timmons emphasized the urgent national security threat posed by cyber espionage, including by state-sponsored groups like Salt Typhoon, which has targeted critical infrastructure. He underscored that the threat is not the result of negligence from telecommunications companies, but a deliberate, strategic maneuver by sophisticated and hostile state actors’ intent on undermining U.S. national sovereignty. He concluded that government agencies and private industry must collaborate to take action to upgrade cybersecurity measures and hold foreign state actors accountable.

Below are Subcommittee Chairman Timmons’s remarks as prepared for delivery.

Good morning. Thank you for joining us today as we confront one of the most pressing national security challenges of our time—cyber espionage by adversaries targeting our critical infrastructure.

I’d like to thank our witnesses for being here today, and I look forward to our conversation.

In recent months, sophisticated cyber attacks by groups like Salt Typhoon have not only compromised networks used by millions of Americans, but have threatened the backbone of our national security.

Our nation’s critical infrastructure is under attack at a staggering pace.

Reports indicate that globally, cyber attacks against critical infrastructure increased by thirty percent last year—averaging thirteen attacks per second.

In the United States alone, over four hundred twenty million cyber attacks were recorded in just the last year.

These incidents are not random errors; they are part of a coordinated campaign by a well-funded foreign adversary that exploits vulnerabilities.

Salt Typhoon, a Chinese state-sponsored hacking group with direct ties to the CCP’s intelligence apparatus, executed an extensive breach that compromised U.S. telecommunication networks.

This campaign targeted essential communication networks—including those operated by industry giants like Verizon and AT&T.

They were able to intercept real-time calls and messaging data from over a million users.

Critically, these attacks focused on gathering intelligence from high-value government and political figures.

It is vital to emphasize: these telecommunications companies are not at fault.

They are on the defensive against an enemy that employs sophisticated tactics—using vulnerabilities in sometimes outdated infrastructure and exploiting weak points in network management systems—to gain unprecedented access to our critical communications.

This is not a failure of the private sector; it is a clear signal that our nation must take a more proactive approach.

The “damage control” posture of the previous administration has left us vulnerable to these state-sponsored cyber attacks.

Instead of merely reacting after breaches occur, we must be forward-thinking and resolute.

National security is paramount, and it is our government’s responsibility to safeguard the American people and the critical infrastructure that we rely on every day.

Now more than ever, it is imperative for Congress and federal agencies to join forces with the private sector in establishing a robust, unified cybersecurity strategy.

Legislators have begun proposing measures to require annual cybersecurity certifications for telecom companies, ensuring they adhere to strict security protocols.

Yet, this is only part of the solution.

We must also invest in a more aggressive offensive capability that deters adversaries from exploiting our vulnerabilities, sending a clear message that cyber espionage against American infrastructure will have severe consequences.

Furthermore, the sheer volume of these attacks should serve as a wake-up call for strengthening our critical infrastructure.

When our communication systems—integral to our national defense, emergency services, and economic vitality—are compromised, it erodes public trust and jeopardizes our collective safety.

It is our duty to ensure that our government agencies, in collaboration with private industry, take decisive action to upgrade cybersecurity measures and hold foreign state actors accountable.

In closing, let me reiterate: the threat we face is not a result of negligence from our telecom companies, but a deliberate, strategic maneuver by sophisticated and hostile state actors’ intent on undermining our national sovereignty.

This is a call to action for every American who values freedom and security.

We must fortify our defenses, invest in advanced cybersecurity technology, and pursue strong, proactive policies that secure our nation’s critical infrastructure against these relentless threats.

The time to act is now—before our adversaries turn these vulnerabilities into tools for even more severe real-world disruption.

Thank you again to our witnesses for being here today, and I look forward to hearing about your experiences in the cybersecurity field, and any recommendations you have regarding our strategic cyber posture.

And, with that, I yield to Ranking Member Subramanyam for his opening statement.