The Stakes Nobody Is Pricing
Donald Trump landed in Beijing this week for two days of high-stakes talks with Xi Jinping. He brought the CEOs of Tesla and Nvidia with him. The first sitting US president visit to China in nearly a decade. The agenda: tariffs, rare earths, AI, the Iran war, and the perennial friction over Taiwan.
The talks are happening because both sides need them to. The US economy is exhausted from the Iran war, $112 oil, and a fifth straight quarter of energy-driven inflation. China is exhausted from export controls on advanced semiconductors and an industrial slowdown that has stretched into its third year. Both governments have political incentives to manufacture a productive-looking summit.
The thing nobody in the financial press is talking about: what happens if the talks fail. Not on trade. Not on tariffs. On cybersecurity. Because the Chinese state has spent the last seven years positioning inside US critical infrastructure for exactly this scenario.
What the Public Read on the Summit Misses
The official summit readout described "a good meeting" centered on economic cooperation. Both sides agreed the Strait of Hormuz must remain open and free of tolls — a notable concession given Iran's yuan-denominated toll system Beijing tacitly supported earlier this year. The White House announced new US-China boards on trade and investment to improve communication.
That is the surface. Underneath it: a senior US official described the AI discussions as a means of finding "channels of de-confliction" amid growing concerns about advanced AI models in sensitive areas like cyberespionage. Translation — both sides know that AI is dramatically accelerating offensive cyber capabilities on both sides, and both governments are nervous enough about it to put it on the summit agenda.
That sentence is the entire story. The two largest cyber powers in the world are now openly discussing the need for "de-confliction" because they have positioned offensive capabilities against each other that they cannot fully control. Talks succeed, those capabilities stay dormant. Talks fail, they activate.
Volt Typhoon: Pre-Positioned for Disruption
Volt Typhoon is the name given by Microsoft analysts in May 2023 to a Chinese state-sponsored hacking operation that has compromised thousands of devices inside US critical infrastructure. The targets are not what you would expect from a normal intelligence operation. Power grids. Water systems. Wastewater. Transportation. Telecommunications.
The Cybersecurity and Infrastructure Security Agency (CISA) assessed in 2024 that "Volt Typhoon's targeting of these companies carries limited espionage potential, and is instead part of an effort to prepare to disrupt U.S. infrastructure." Read that sentence twice. The hackers are not stealing secrets. They are getting positioned to break things.
What CISA actually said: "Volt Typhoon's targeting of these companies carries limited espionage potential, and is instead part of an effort to prepare to disrupt U.S. infrastructure." — Cybersecurity and Infrastructure Security Agency, 2024 Joint Advisory
In one documented case, Volt Typhoon operators maintained access inside a Massachusetts utility for ten months before being discovered. They did not exfiltrate trade secrets. They did not steal customer data. They mapped the network, learned the control systems, and waited.
This is the pre-positioning thesis. China is not running these operations for short-term intelligence gain. They are establishing what military planners call "left-of-launch" capabilities — the ability to disrupt civilian infrastructure if a crisis escalates to the point where they would benefit from American chaos.
The pre-positioning is now widespread. The 2026 ODNI Annual Threat Assessment specifically highlights Volt Typhoon as a persistent threat with operations across multiple sectors. China admitted in private meetings with US officials in 2024 that they had conducted the attacks. They did not apologize. They framed it as deterrence theory — if you can hurt us economically, we can hurt you physically.
Salt Typhoon: The Telecommunications Compromise
Salt Typhoon is the second major Chinese cyber operation in active discussion. Where Volt Typhoon targets industrial control systems, Salt Typhoon targets telecommunications networks. Active since at least 2019, the group has compromised major US telecom and internet service providers — stealing customer communications, law enforcement intercept records, and targeting political figures including reportedly the campaigns of both 2024 presidential candidates.
The implications are different from Volt Typhoon but equally serious. Salt Typhoon does not need to break infrastructure. They need to listen to it. Compromise of a major telecom provider means visibility into corporate communications, government wiretap programs, journalist source protection, and high-net-worth individual locations.
If you used a major US wireless carrier between 2019 and 2024, your metadata likely transited compromised infrastructure at some point. Voice content was probably not stored. Call records, text metadata, and location patterns almost certainly were.
This compounds with what the US government itself is already doing — the FBI confirmed it buys commercially available location data from data brokers without warrants. Your location metadata is collected by domestic carriers, sold to brokers, bought by federal agencies, and may also have transited Chinese-compromised infrastructure. Multiple parties have visibility into the same data stream.
What "Talks Collapse" Actually Looks Like
If the Trump-Xi summit produces no agreement and tensions escalate, the next 90 days could produce any of the following:
Selective infrastructure disruption. Volt Typhoon operators are not going to take down the US power grid all at once — that would invite kinetic retaliation. More likely: localized outages timed to specific events, water treatment disruptions in second-tier cities, transportation control system failures during peak demand. Each individual incident is plausibly deniable. The aggregate effect is to make Americans question whether their daily systems are reliable.
Telecom surveillance escalation. Salt Typhoon access expands from "passive collection" to "active manipulation." Politically sensitive communications get leaked. Specific individuals get targeted. The chilling effect on free speech and political organizing becomes meaningful.
Cyber-enabled economic warfare. Coordinated DDoS attacks on payment processors, financial exchanges, and major retailers during high-traffic shopping periods. Each incident is recoverable. The cumulative confidence damage is the point.
Supply chain disruptions. Industrial control system attacks on logistics infrastructure — ports, rail switches, fuel pipeline pumps. The 2021 Colonial Pipeline attack showed the playbook. Modern operations would be more sophisticated.
None of these scenarios are speculation. All of them are within the documented operational capability of groups currently positioned inside US infrastructure. The only thing keeping them dormant is the political calculation that activating them costs more than it gains. That calculation can change in a single afternoon.
What This Means for Ordinary Americans
If you are not a senior government official, military contractor, or critical infrastructure operator, you are not directly in the crosshairs of Volt Typhoon or Salt Typhoon. The infrastructure that affects your life — the local utility, the regional ISP, the financial institutions you use — is in the crosshairs.
The defensive posture you should adopt is not paranoid. It is reasonable. Three layers matter.
Layer 1: Network encryption. Your home internet connection transits commercial infrastructure that has been compromised at various points by both Salt Typhoon and other actors. Encrypting your traffic with a VPN means that even if the infrastructure between you and your destination is compromised, your data transits encrypted. NordVPN is the recommendation — Panama-headquartered, audited no-logs, RAM-only servers, fast WireGuard-based protocol. Most importantly: includes Threat Protection that blocks known malicious domains at the network layer. Setup takes five minutes. Set it to auto-connect on every network and forget about it. (For a deeper breakdown of operational security stacks, see our complete OPSEC guide for high-target individuals.)
Layer 2: Communications hardening. If telecom infrastructure may be compromised, your communications strategy needs to assume voice and SMS metadata may be collected. Use Signal for sensitive personal communications — end-to-end encryption with no metadata collection. Use ProtonMail or another encrypted email service for sensitive correspondence. Avoid using SMS for anything you would not want a foreign intelligence service to read. (For the full step-by-step on hardening your phone, browser, and financial layer against modern surveillance, see our complete privacy protection guide.)
Layer 3: Resilience preparation. If localized infrastructure disruption is possible, basic resilience matters. Two weeks of food and water. Battery backup for medical devices and communications. Cash on hand in case payment systems briefly fail. None of this is doomsday prep. It is normal household resilience that became unfashionable during a long period of stability that may be ending.
The Bigger Reading on This
If you want to understand the institutional history of how the US arrived at a moment where Chinese state actors are pre-positioned inside its critical infrastructure, The Pentagon's Brain by Annie Jacobsen is the foundational text. It traces seventy years of decisions inside DARPA and the broader Department of Defense that produced the current cybersecurity environment.
For the specific history of state-sponsored cyber operations and how groups like Volt Typhoon and Salt Typhoon evolved, Sandworm by Andy Greenberg is the definitive book. Greenberg traces Russian operations primarily but the institutional dynamics he documents apply directly to Chinese state actors operating under similar doctrines.
For the broader semiconductor war framing — why China cares so much about advanced chip access and why that pressure could push them toward escalation if talks collapse — Chip War by Chris Miller is the modern reference. It explains how the global semiconductor industry was built and why control over advanced chips became the central strategic competition between the US and China.
What to Watch Over the Next 90 Days
Three indicators will tell you whether the talks succeeded or whether they failed quietly behind the diplomatic optics:
1. Rare earth export licenses. If China issues normal volumes of rare earth export licenses to US companies in the next 30 days, the talks succeeded on substance. If volumes remain restricted or new categories get added to the export control list, the talks failed.
2. Taiwan air activity. Chinese air force sorties around Taiwan are the clearest temperature gauge of US-China tension. Normal baseline: 5-15 incursions per day. Tense baseline: 25-50 per day. Crisis baseline: 75+ per day with simulated attack profiles. Watch the number daily.
3. CISA advisories. If new alerts about Chinese state actor activity in US infrastructure spike in the 60 days after the summit, the cyber dimension of the relationship is deteriorating. CISA publishes these advisories publicly. Subscribe.
The Bottom Line
Trump is in Beijing trying to manufacture a productive-looking summit. Xi is hosting him while Chinese state actors remain positioned inside US infrastructure waiting for political instructions. The talks could produce a meaningful de-escalation that keeps those capabilities dormant. They could also produce a polite handshake and a slow deterioration that activates them.
The defensive posture for individuals is reasonable, not paranoid. Encrypt your network traffic. Use end-to-end encrypted communications for sensitive matters. Keep two weeks of resilience in your household. None of this assumes the worst. All of it makes the worst less impactful if it arrives.
The cost of preparation is small. The cost of not preparing — if the talks fail and Volt Typhoon activates — is significant. The math on this one is not close.
