The Department of Homeland Security’s chief information officer issued internal guidance to all agency personnel on Friday, reminding employees to use only DHS-assigned devices for official business, according to the email text obtained by Nextgov/FCW. The email was sent amid an ongoing government investigation into Chinese infiltration of US telecommunications systems.

DHS CIO Eric Hysen also advised staff to use Microsoft Teams only to communicate whenever possible and to be cautious with phone calls and SMS text messages. The notice comes amid recent Chinese infiltration of a host of telecommunications and infrastructure firms related to court-authorized wiretapping requests through a group called Salt Typhoon, though the email does not explicitly mention the hacking collective or its recent intrusions.

The Wall Street Journal reported Thursday that the Consumer Financial Protection Bureau’s Office of the Chief Information Officer advised staff to stop using the phone for work-related matters, though the agency later said it had not been compromised by hackers.

A DHS spokesman did not immediately respond to a request for comment.

Representatives of the US intelligence community yesterday informed congressional committees about violations.

The Department of Homeland Security previously confirmed that it would be done by the Cybersecurity Review Board conduct an investigation in breaches, triggered by the creation of a Unified Coordination Group that conducts a large-scale government response to the breach.

Salt Typhoon infiltrated several telecommunications companies, including AT&T, Lumen, Verizon and others. The group may have been integrated into telecommunications systems about eight months ago, the Wall Street Journal previously reported.

A person familiar with Salt Typhoon described the collective as “exceptionally talented”, with members who are very skilled and patient. The person, who spoke on condition of anonymity to share his knowledge of the infiltration, said the targeted telecommunications data was high-quality information that any nation-state adversary would want access to.

It remains unclear whether other surveillance systems, such as those governed by the Foreign Intelligence Surveillance Act, were penetrated in the hacks. Data from these networks could provide Beijing with information about US foreign intelligence objectives.

“If you want to know what diplomats are thinking, it’s in their email, it’s in their texts. And that’s the kind of thing I think people have always targeted,” said Kevin Mandia, who founded the eponymous threat intelligence firm Mandiant. Nextgov/FCW last month.

The infiltrations are “very troubling,” former NSA director General Paul Nakasone said in a recent interview. “The scope and scale of the alleged occurrence in American telecommunications companies — that’s a different game,” he said. “I think the next question now is, well, what do we do about it?”

The breach called into question security standards governed by the Communications Assistance for Law Enforcement Act, or CALEA, which requires carriers to design their systems to allow law enforcement authorities to intercept them for surveillance.

Under current standards, the Federal Communications Commission says such companies can develop their own solutions tailored to their networks, buy solutions from their equipment manufacturers or rely on a third party to determine whether they are PATH compliant. Some cyber experts say it’s time for these standards to be reviewed.