Trump axes key cyber defense group amid Chinese hacking investigation

The Trump administration’s decision to dismiss all members of the Department of Homeland Security’s advisory committees has halted a critical investigation into Chinese cyber operations against U.S. telecommunications infrastructure.

Acting Department of Homeland Security Secretary Benjamine Huffman issued a memo on January 20 that terminated all current advisory committee memberships, citing a need to eliminate “misuse of resources.” The sweeping action affects multiple committees, but cybersecurity experts warn that dissolving the Cyber Safety Review Board (CSRB) poses particular risks to national security. 

The CSRB, which included both government and private sector experts, was investigating the “Salt Typhoon” attacks—a sophisticated Chinese operation that targeted U.S. telecommunications providers and accessed communications metadata of high-ranking officials, including President Trump himself and Vice President JD Vance.

“Shutting down all DHS advisory boards without consideration of the impact was horribly shortsighted,” said a former CSRB member to TechCrunch. “Stopping the CSRB review when China has ongoing cyberattacks into our critical infrastructure is a dangerous blunder. We need to learn from Salt Typhoon and protect ourselves better. The fact this isn’t a priority for Trump is telling.”

Democratic Senator Ron Wyden called the move “a massive gift to Chinese spies” in a statement and said it effectively “waved a white flag” to hackers targeting American infrastructure. The decision comes at a particularly sensitive moment, as evidence suggests Chinese state-sponsored groups continue to probe U.S. telecom networks.

The board previously earned widespread praise for its March 2024 report on Chinese infiltration of Microsoft email systems. That investigation revealed critical security gaps and provided concrete recommendations to prevent similar breaches.

Former CSRB members note a particular irony in the administration’s stated rationale of resource conservation, as all advisory board members work without compensation. 

Brian Harrell, who served as a DHS cybersecurity official during Trump’s first term, defended the move as routine. “This happens with every new administration,” he said. “The Trump team wants to build their own group aligned with their priorities.”

The administration’s decision affects other key advisory bodies focused on artificial intelligence, telecommunications, and emergency preparedness. Per the memo, committee members can reapply for their positions,  but sources say the CSRB’s investigation into Salt Typhoon will effectively need to start over, even if new members are appointed quickly. 

Rep. Mark Green, Republican chairman of the House Homeland Security Committee, suggested the administration might reconsider the CSRB’s structure or potentially replace it with a different mechanism for examining cyber intrusions.

Critics argue that dismantling an active investigation into state-sponsored hacking demonstrates misplaced priorities. According to CISA, Salt Typhoon is an active threat that has impacted 8 companies in the U.S. at minimum.

The move mirrors broader changes at DHS, where the administration has signaled its intent to reshape various agencies and programs. However, the cybersecurity community warns that political reshuffling shouldn’t come at the expense of national security.

As U.S. telecommunications networks face continued threats from foreign actors, the gap left by the CSRB’s dismissal raises questions about America’s cyber readiness. With the Salt Typhoon investigation now suspended, security experts worry that crucial lessons about protecting critical infrastructure will remain unlearned.

While Salt Typhoon hasn’t directly targeted healthcare organizations, any major disruption to telecommunications could paralyze modern medical operations like cloud-based medical records, remote monitoring, and the coordination of emergency responses.

The DHS has not provided specific plans for reconstituting its advisory committees or continuing ongoing cybersecurity investigations. Meanwhile, the broader cybersecurity community awaits signs of how the administration plans to address sophisticated state-sponsored threats without the expert guidance these committees provided.