Nicole Perlroth

IOC, indicators of compromise. That's tech speak for the digital crumbs, artifacts, and other clues that indicate you've been breached. And Volt Typhoon has figured out how to leave as few crumbs or IOCs as possible. Here's Kevin Mandia.

IOC, indicators of compromise. That's tech speak for the digital crumbs, artifacts, and other clues that indicate you've been breached. And Volt Typhoon has figured out how to leave as few crumbs or IOCs as possible. Here's Kevin Mandia.

After Telvent, China's infrastructure hackers started coming for other pipeline operations across the country. But in 2020, they started hacking U.S. infrastructure with an unnerving frequency. Something had changed. Something set them off.

After Telvent, China's infrastructure hackers started coming for other pipeline operations across the country. But in 2020, they started hacking U.S. infrastructure with an unnerving frequency. Something had changed. Something set them off.

You might recall from episode one, the CCP is obsessive about image control. It's why they hacked Google. It's why Xi agreed to the 2015 cyber detente. The CCP weren't willing to risk the embarrassment of the White House canceling Xi's first official trip or risk being greeted with sanctions. It's impossible to say what set them off in 2020. You'd have to be a fly on the CCP's wall.

You might recall from episode one, the CCP is obsessive about image control. It's why they hacked Google. It's why Xi agreed to the 2015 cyber detente. The CCP weren't willing to risk the embarrassment of the White House canceling Xi's first official trip or risk being greeted with sanctions. It's impossible to say what set them off in 2020. You'd have to be a fly on the CCP's wall.

Maybe they were set off by the mocking. Maybe it was the isolation and undercurrents of suspicion that dominated COVID. If we were already looking at each other through straws, then after COVID, we were now looking through needles, as Tom Friedman, the Times columnist, puts it. Whatever it was, in 2020, China's Volt Typhoon became the broadest, most active, most persistent cyber threat to U.S.

Maybe they were set off by the mocking. Maybe it was the isolation and undercurrents of suspicion that dominated COVID. If we were already looking at each other through straws, then after COVID, we were now looking through needles, as Tom Friedman, the Times columnist, puts it. Whatever it was, in 2020, China's Volt Typhoon became the broadest, most active, most persistent cyber threat to U.S.

infrastructure that American intelligence officials have ever seen.

infrastructure that American intelligence officials have ever seen.

To fully understand just what it was like to reckon with the scale and severity of this problem, you have to go beyond the news clips. You have to go beyond the public statements. It's time I bring in someone from inside the classified tent. Someone who's been tracking the Chinese cyber threat more than anyone. Meet Andrew Scott.

To fully understand just what it was like to reckon with the scale and severity of this problem, you have to go beyond the news clips. You have to go beyond the public statements. It's time I bring in someone from inside the classified tent. Someone who's been tracking the Chinese cyber threat more than anyone. Meet Andrew Scott.

Frankly, it's a miracle we're hearing from Andrew at all. Because over that same decade, I was stumbling around in the dark, trying to shine a spotlight on these breaches. Andrew was also tracing these assaults. Only he was doing it from classified skips, with the benefit of a giant intelligence apparatus at his back.

Frankly, it's a miracle we're hearing from Andrew at all. Because over that same decade, I was stumbling around in the dark, trying to shine a spotlight on these breaches. Andrew was also tracing these assaults. Only he was doing it from classified skips, with the benefit of a giant intelligence apparatus at his back.

And man, would I wouldn't have given to speak to him over that decade I was at the Times. If you happen to be watching C-SPAN during any major congressional testimony on Chinese cyber espionage, you may have glimpsed Andrew in the audience, sitting just beyond the agency heads.

And man, would I wouldn't have given to speak to him over that decade I was at the Times. If you happen to be watching C-SPAN during any major congressional testimony on Chinese cyber espionage, you may have glimpsed Andrew in the audience, sitting just beyond the agency heads.

He tracked Chinese cyber threats at the CIA, at the National Security Council, and most recently at CISA, the Cyber Defense Agency. And here I should disclose that as this threat began metastasizing in 2021, I left the New York Times. After writing about this threat for more than a decade, I could see pretty clearly where things were headed. And it wasn't good.

He tracked Chinese cyber threats at the CIA, at the National Security Council, and most recently at CISA, the Cyber Defense Agency. And here I should disclose that as this threat began metastasizing in 2021, I left the New York Times. After writing about this threat for more than a decade, I could see pretty clearly where things were headed. And it wasn't good.

I reckoned I could keep writing about these cyber attacks, or I could do something about it. So in 2021, I put down my pen and picked up a shovel. I joined CISA's advisory committee, and I served there through its disbanding in January 2025. And that is how I came to know Andrew.

I reckoned I could keep writing about these cyber attacks, or I could do something about it. So in 2021, I put down my pen and picked up a shovel. I joined CISA's advisory committee, and I served there through its disbanding in January 2025. And that is how I came to know Andrew.