Turning up the heat on China's telco hackers

Driving the news: The perceived weaknesses in the U.S. response to Salt Typhoon was a hot topic in Washington this week.

• Senators questioned cybersecurity and telecom experts at a hearing Wednesday about the best way to secure telcos and whether it's time to consider hacking back.
• Cybersecurity and Infrastructure Security Agency Director Jen Easterly told The Cipher Brief this week that China's attacks on U.S. critical infrastructure to date are "just the tip of the iceberg."
• Sen. Ron Wyden (D-Ore.) released a draft bill to shore up telecom carriers' networks. Other lawmakers are working on their own bills.

The big picture: For years, the U.S. has mostly responded to overseas cyberattacks on critical infrastructure through difficult-to-enforce economic sanctions and indictments.

• That's partly because the U.S. likes to complete its investigations and remediation into a cyberattack before responding — which can take months, sometimes years.
• "While it's important to do investigations with the root causes, sometimes you can lose sight of the fact that you have an immediate problem and you need to address that," David Wiseman, vice president of secure communications at BlackBerry, told Axios.

Reality check: We don't know what we don't know.

• The National Security Agency and the U.S. Cyber Command don't disclose much about the offensive cyber operations they undertake.

Between the lines: The lines of cyber war are messy. Unlike in physical warfare, it can be difficult to discern if a malicious hacker is acting for a criminal enterprise or a foreign government.

• Determining cyber actors' motives is also tricky: When a military drops a bomb, flies a drone, or sends troops into another country, that's an obvious sign of an armed geopolitical conflict.
• But cyber war is different. Just because a hacker infected a computer with malware doesn't mean they're working for a government agency.

Countries spying on one another has long been an acceptable practice — and retaliating against a spying campaign could jeopardize the U.S.'s own espionage operations.

• "As long as humans have been humans, we have been playing the games of war and crime, and it's always been about information versus information," Gaurav Banga, CEO of security company Balbix, told Axios.

• "Deterrence has not worked for the last 200,000 years, so why would it work right now?"

The intrigue: President-elect Trump is likely to lean more into offensive cyber strategies.

• During the first Trump administration, the White House gave the Pentagon broad authorities to carry out offensive military cyber operations.

Zoom in: James Lewis, SVP at the Center for Strategic and International Studies, told lawmakers at the Senate hearing this week that the U.S. must engage in a two-party strategy.

1. First, the U.S. needs to engage in regular talks with the Chinese government, similar to the Soviet talks in the 1970s about nuclear weapons controls, Lewis said.
2. Then, when that doesn't work, it's time to "actually do something" and have the U.S. Cyber Command or NSA draft a menu of possible offensive responses, he added.

What they're saying: "One of the reasons I think we're all frustrated is that we actually know what to do now," Lewis said. "We know how to lower the threats considerably, we just aren't doing it."

What we're watching: All eyes continue to be on Mar-a-Lago as Trump weighs who will lead the new administration's cyber response.

• The Department of Homeland Security's Cyber Safety Review Board has also just started its investigation into Salt Typhoon and its origins.