In a joint effort to combat cyber espionage threats targeting global communications networks, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and their international partners have released a comprehensive set of guidelines. The publication, entitled “Enhanced Visibility and Hardening Guidance for Communications Infrastructure,” aims to equip network engineers and defenders with critical advice to protect against advanced persistent threats (APTs) linked to the People’s Republic of China (PRC).
The need for enhanced security measures in the telecommunications sector was underscored by recent warnings from CISA and the FBI about an ongoing cyber espionage campaign orchestrated by PRC-affiliated threat actors. This campaign has targeted major telecommunications providers worldwide, infiltrating their networks and compromising sensitive data. The ultimate goal of these cybercriminals is to gather intelligence by extracting valuable information, posing a significant threat to national security, critical infrastructure, and private businesses.
Jeff Greene, Executive Assistant Director for Cybersecurity at CISA, emphasized the severity of the threat posed by PRC-affiliated cyber activity and highlighted the importance of the newly released guidance in detecting and preventing compromises by these actors.
The guidance outlines a series of best practices geared towards strengthening networks against cyber threats, with a particular focus on enhancing visibility within networks. By improving visibility, network defenders can detect and analyze activity across their systems, enabling them to identify and eliminate potential threats before they escalate into serious breaches.
Recommendations for boosting visibility include implementing robust monitoring systems to detect abnormal behaviors or unauthorized changes in configurations, monitoring user and service accounts for suspicious activity, and ensuring secure logging and data analysis practices.
In addition to enhancing visibility, the guide emphasizes the importance of hardening network systems and devices to reduce vulnerabilities and limit potential entry points for cyber actors. Key recommendations for hardening devices include managing devices through a separate network for out-of-band management, enforcing strict access controls through default-deny ACLs and network segmentation, utilizing strong encryption practices, disabling unnecessary services, and ensuring regular updates and patching.
By implementing these measures, organizations can significantly increase the resilience of their networks against cyber threats and mitigate the risk of unauthorized access and data breaches. The collaborative effort between CISA, NSA, and FBI underscores the unified commitment to safeguarding critical infrastructure and enhancing the overall security posture of essential sectors.
Ultimately, the guidance serves as a call to action for all organizations, particularly those involved in critical infrastructure, to adopt best practices to defend against evolving cyber threats. By integrating Secure by Design principles and collaborating with interagency partners, organizations can better protect sensitive data, maintain the integrity of essential services, and stay ahead of cyber adversaries.