The Salt Typhoon campaign has been described by many experts as one of the most significant cyber espionage operations in recent history. Yet for most outside the cybersecurity and intelligence sectors, it barely registered.

That’s part of what makes it so concerning.

This was not a high-profile, disruptive event. It was a carefully designed operation targeting telecommunications and critical infrastructure systems, with the aim of long-term access and quiet persistence. The objective was not to draw attention, but to blend in and remain operational over time.

These types of operations do not tend to make front-page news, but they represent some of the most sophisticated threats we face today.

Over the past two decades, across military and enterprise environments, I’ve observed how silent, sustained intrusions can often have greater long-term impact than immediate disruptions. When a malicious actor gains access to infrastructure that underpins communications, energy, or emergency systems, the concern extends far beyond data. It becomes about trust, continuity, and national resilience.

Similar patterns have emerged in other notable campaigns over the past few years. The challenge is not simply in identifying these threats but in understanding how they function as part of broader strategic objectives. Today’s cyber operations are not isolated incidents. They often form part of a long game,  designed to quietly accumulate advantage over time.

In this context, the importance of robust oversight and coordination cannot be overstated.

One of the concerns emerging from the Salt Typhoon incident is not just the technical nature of the breach, but the limited public response and the dissolution of independent mechanisms built to review and learn from events of this scale. A former member of the Cyber Safety Review Board has recently advocated for its reinstatement, highlighting the need for structures that are empowered to assess, investigate, and advise across sectors.

This is not about assigning blame. It’s about acknowledging that modern cybersecurity threats require equally modern responses,  ones that are cross-disciplinary, intelligence-led, and designed with long-term resilience in mind.

Throughout my career, I’ve worked with organisations across critical infrastructure, finance, and government sectors who believed they were secure because they met compliance benchmarks. But compliance alone is not protection. In several cases, by the time we were called in to assess an incident, the compromise had been active for months, undetected and unrestricted.

This points to a recurring gap, between perceived security and actual security. Between documentation and detection. Between technical readiness and strategic readiness.

Cybersecurity today is not a purely technical function. It is deeply connected to business continuity, national strategy, and public confidence. Addressing sophisticated campaigns like Salt Typhoon requires collaboration across all of those domains.

Inaction should not be confused with neutrality. When the threat landscape evolves quietly, so must our defences. That means continuing to invest in the structures, partnerships, and intelligence capabilities that will allow us to see clearly and act decisively, not just when an incident occurs, but long before.

Salt Typhoon is a reminder. Not just of the capabilities that exist in the world, but of the importance of building systems that are mature, adaptive, and ready to respond when silence itself is the signal.