Biden Administration Takes First Step to Retaliate Against China Over Hack
The Commerce Department is banning the few remaining operations of China Telecom in the United States, a move that appears unlikely to deter Beijing from conducting sophisticated cyberoperations.
by https://www.nytimes.com/by/david-e-sanger · NY TimesThe Biden administration has taken its first step to retaliate for China’s broad hack of American telecommunications firms, moving to ban the few remaining operations of China Telecom in the United States.
In a notice issued last week to China Telecom Americas — the U.S. subsidiary of one of China’s largest communications firms — the Commerce Department detailed a preliminary finding that the company’s presence in American networks and its provision of cloud services posed a national security risk to the United States.
It gave the firm 30 days to respond, meaning that the decision on a final ban will almost certainly be up to the Trump administration.
The action was a response to China’s incursion deep into U.S. telecommunications networks, providing Beijing access to data and conversations and giving it insight into spies the United States might be pursuing.
The ban on China Telecom would have more symbolic than financial impact. Even before the latest turn in the cyberconfrontation between the world’s two largest economies, the United States had moved to shrink China Telecom’s presence.
In October 2021, nine months into Mr. Biden’s term, the Federal Communications Commission revoked all licenses for China Telecom Americas to provide ordinary phone services in the United States, saying it was “subject to exploitation, influence and control by the Chinese government.”
But that left in place China Telecom’s nodes on American networks and the power to “peer in” to internet and phone traffic. That ability would be stripped under the Commerce Department order, assuming that the Trump administration went along. China Telecom Americas did not respond to messages left at its office in Herndon, Va.
“We’ve been taking a hard look at where Chinese technologies are in the United States and asking ourselves the question of, is this an acceptable level of risk?” Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said in an interview on Monday. “For a number of years, these companies have operated networks and cloud service businesses in the U.S., which involved network equipment that’s co-located with our internet infrastructure. And while in the past we may have viewed this as an acceptable level of risk, that is no longer the case.”
As a deterrent to China’s intelligence services, the move — which administration officials said might be followed by other actions before Mr. Biden leaves office in 35 days — may not amount to much.
The F.C.C. action to block China Telecom from most of its business in the United States did not prevent Volt Typhoon — China’s placement of malicious code in the electric grid and water and gas pipeline networks — or Salt Typhoon, the surveillance effort that was uncovered over the summer. Taken together, officials say, they amount to the most significant assault on American critical infrastructure in the digital age.
Speaking last week at the Paley Center for Media in Manhattan, Gen. Timothy D. Haugh, the director of the National Security Agency and commander of U.S. Cyber Command, said, “If I look at today, the PRC is not deterred,” using the initials for the People’s Republic of China.
He declined to say whether his forces were conducting offensive operations against China in retaliation for any of its recent incursions into American networks.
On Sunday, President-elect Donald J. Trump’s incoming national security adviser, Representative Mike Waltz, a Florida Republican, suggested on CBS’s “Face the Nation” that the new administration would be much more tempted to use offensive cyberactions against China.
“We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation-state actors that continue to steal our data, that continue to spy on us and that, even worse, with the Volt Typhoon penetration, that are literally putting cyber time bombs on our infrastructure, our water systems, our grids, even our ports,” he said.
He added: “We need to start changing behaviors on the other side, rather than just constantly having this kind of escalation of their offense and our defense.”
Mr. Biden said similar things during his transition four years ago, right after Russia had been caught altering code in vital software used by both the government and private companies. He also vowed at that time to make Russia pay a price.
Yet four years later, in the last weeks of his presidency, Mr. Biden has never talked publicly about the most recently discovered Chinese hack, even though the effects have been so widespread that the F.B.I. recently urged Americans to move their conversations and texts to encrypted apps like Signal or WhatsApp.
Officials have said they do not believe that the Chinese hackers have been ousted from the networks of at least eight telecommunications firms, including the nation’s two largest, Verizon and AT&T. That suggests that China’s hackers retain the capability to escalate.
Since Microsoft first alerted the telecommunications firms over the summer that they had found evidence of hackers deep in their systems, the Biden administration has struggled to come up with a response. It created a task force inside the White House, and the issue is considered so serious that the group meets almost daily. Chief executives of the affected firms have been summoned to the Situation Room to come up with a joint plan of action.
But the move against China Telecom was the first time the administration had announced any response to Salt Typhoon, and officials conceded that they had no evidence that China Telecom’s operations in the United States were involved.
The hack was linked to China’s Ministry of State Security. In the interim months, officials have learned that the Chinese hackers got a nearly complete list of phone numbers the Justice Department monitors in its “lawful intercept” system, which places wiretaps on people suspected of committing crimes or spying, usually after a warrant is issued.
While officials do not believe that the Chinese listened to those calls, the hackers were probably able to combine the phone numbers with geolocation data to create a detailed intelligence picture of who was being surveilled.
As a result, officials said, the penetration almost certainly gave China a road map to discover which of China’s spies the United States has identified and which it has missed. The spies did hack parts of the phone network that would have given them access to some voice calls, made over unencrypted lines, by Mr. Trump and Vice President-elect JD Vance. It is not clear to investigators, however, whether the Chinese exploited that access to hear the calls.
The hack was discovered over the summer, but at first the Biden administration said nothing. Officials did not want to alert the Chinese hackers that their actions were being tracked. Mr. Biden reportedly raised the hack during his meeting with President Xi Jinping of China in November, but his aides said nothing about what kind of warning was given — or whether there was a warning at all.
Because the United States also conducts spying operations that exploit weaknesses in China’s telecommunications systems — some described in documents released by the former N.S.A. contractor Edward J. Snowden a decade ago — it is not clear that Salt Typhoon was off-limits as an espionage operation.
One senior administration official noted recently that the scope and scale of the Chinese operation, and the inability of the telecommunications firms to detect it, were highly embarrassing to the administration, and that therefore no one wanted to send the president out to make statements on it.
The administration still has other steps it could take before Mr. Biden leaves office. It could ban Chinese companies and individuals from using cloud services in the United States, or it could restrict the sale of Chinese-made routers and other telecommunications hardware.
But so much of that equipment, and the chips inside them, are produced in China that officials have questioned whether those would be useful steps.
Inside the Biden Administration
Here’s the latest news and analysis from Washington.
- Last Days in Office: Still stinging from the election, a weary President Biden is pushing for his final priorities but has largely absented himself from the national conversation about Donald Trump.
- Climate Goal: Biden announced an aggressive new climate goal for the United States, saying that the country should seek to slash its emissions by at least 61% below 2005 levels by 2035. The target will likely be disregarded by Trump.
- Student Loans: The Education Department reopened enrollment in two student loan repayment plans it had sought to replace, allowing borrowers to transfer out of the alternative program it had proposed, which has been frozen by litigation.
- Chinese Hack: The Biden administration has taken its first step to retaliate for China’s broad hack of American telecommunications firms, moving to ban the few remaining operations of China Telecom in the United States.
- A Sweeping Act of Clemency: Biden said that he is commuting the sentences of nearly 1,500 people and pardoning 39 people convicted of nonviolent crimes, a record for one day.