Last May, Microsoft announced that a Chinese state-sponsored hacking group, Volt Typhoon, appeared to be targeting U.S. critical infrastructure and entities abroad in part through establishing a presence in a malware-infected network, or botnet, consisting of old devices located in the United States. At the end of January, the Justice Department announced it had removed the botnet from hundreds of American devices.
Cybersecurity experts Timothy Edgar and Paul Rosenzweig both wrote articles for Lawfare discussing the Volt Typhoon intrusion and the U.S. response. But the authors take away very different lessons from the intrusion. Edgar argued that although the removal of the botnet was a success in terms of cybersecurity, the legal theory the government relied on for conducting this operation has dangerous privacy implications. Rosenzweig, on the other hand, contended that the Volt Typhoon breach illuminates flawed assumptions at the core of the U.S. cybersecurity strategy, which he says must be reexamined.
Lawfare Research Fellow Matt Gluck spoke with Edgar and Rosenzweig about why the Volt Typhoon intrusion and the U.S. response that followed matter for the future of U.S. cybersecurity and privacy, how the government should weigh security and privacy when responding to cyber intrusions, whether nuclear conflict is a good analogy for cyber conflict, and much more.