Salt Typhoon Scandal: Pentagon Secrets, Microsoft Missteps & AI Action

This is your US-China CyberPulse: Defense Updates podcast.

Hey listeners, Ting here, your unofficial cyber sidekick and expert in all things China, hacking, and the digital chessboard. Let's dive right in, because this week has been absolutely buzzing on the US-China cyber front.

The headline, no surprise, is still Salt Typhoon. The FBI and NSA are basically in DEFCON mode after China’s state-backed hacking group ramped up their campaign: at least 600 U.S. companies and government entities have been hit, with global spillover to 80 countries. The intrusion targets not just the big fish—telecoms, infrastructure, transportation—but everyday organizations too. Former FBI cyber whiz Cynthia Kaiser said, “I can’t imagine any American was spared,” and honestly, I believe her. They’ve gone way beyond spy games, pulling call records, utility data, and even law enforcement directives. That’s real-world stuff, folks. And yes, even former President Trump and Vice President Vance got their data combed through. Why all the personal info? FBI sources think it’s to train AI models and plan future attacks. Data is basically gold for these operations.

Cyber agencies across Five Eyes, plus European powerhouses like Finland and Poland, issued joint warnings. You know it’s serious when global rivals sit together to name and shame Beijing. But don’t toss your phone in the river—responsibility comes down to robust private sector defense and not just government advisories.

Now, onto the Pentagon shakeup. A House committee just exposed $2.5 billion in Pentagon-funded research tied to Chinese military-linked institutions. Apparently, U.S. taxpayers funded 1,400 research publications over two years—half linked to China’s defense industrial complex. Rep. John Moolenaar is pushing new laws to block future funding and force researchers to cut risky partnerships. This marks a turning point in academic openness versus national security paranoia.

Policy-wise, the new Data Security Program—DSP—is in full swing. Enforcement goes nationwide. Even if your company isn’t exporting widgets, if you let foreign access to your digital stuff, you might be a weak link. That means audits, reporting, and compliance plans for DSP, with civil enforcement already cracking down since July. Businesses now have to think like intelligence agencies: encrypt, monitor, restrict, and report.

The private sector’s hustling too. Managed Detection and Response (MDR) services are booming as companies realize DIY security won’t cut it. Gartner expects half of all businesses to be MDR-powered by year-end, and those who ignore this shift are probably going to get “pwned,” as the kids say.

Oh, and Microsoft’s in the hot seat again. Their long-time reliance on China-based engineers for SharePoint support and Defense Dept cloud services caused a firestorm after a fresh exploit in July allowed Chinese attackers to bypass initial patches and actually execute code across networks. After Senators Tom Cotton and Jeanne Shaheen started rattling cages, Microsoft halted China-based operations for defense and may go further. The lesson? You need digital expertise on U.S. soil, not just digital escorts watching remote screens.

On future tech, the White House’s AI Action Plan is rolling out. It’s big on deregulation, looking to accelerate U.S. dominance in AI, setting global standards, and using AI for neutral, truth-seeking defense applications. Procurement rules now require vendors to use LLMs—think ChatGPT for cyber defense—that are ideologically neutral and scientifically rigorous.

Don’t forget, all these moves are turbocharged by the looming expiration of the Cybersecurity Information Sharing Act. Joint trade groups are demanding Congress renew the law to keep vital public-private threat sharing alive. With nation-state actors like Salt Typhoon lurking, real-time info exchange is more than a good...