CISA, NSA, FBI and International Partners Publish Guide for Protecting Communications Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and international partners published recently a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, that provides best practices to protect against a People’s Republic of China (PRC)-affiliated threat actor that has compromised networks of major global telecommunications providers. The recommended practices are for network engineers and defenders of communications infrastructure to strengthen visibility and harden network devices against this broad and significant cyber espionage campaign.

CISA and FBI recently warned of this campaign. This guide recommends actions to quickly identify anomalous behavior, vulnerabilities and threats, and to respond to a cyber incident. It also guides organizations to reduce existing vulnerabilities, improve secure configuration habits, and limit potential entry points.

“The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses. This guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors,” said CISA Executive Assistant Director for Cybersecurity Jeff Greene. “Along with our US and international partners, we urge software manufacturers to incorporate Secure by Design principles into their development lifecycle to strengthen the security posture of their customers. Software manufacturers should review our Secure by Design resources and put their principles into practice.”

“Threat actors affiliated with the People’s Republic of China (PRC) are have targeted commercial telecommunications providers to compromise sensitive data and engage in cyber espionage,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “Together with our interagency partners, the FBI issued guidance to enhance the visibility of network defenders and to harden devices against PRC exploitation. We strongly encourage organizations to review and implement the recommended measures in this guide and to report suspicious activity to their local FBI field office.”

Although tailored to communications infrastructure sector, this guidance may also apply to organizations with on-premises enterprise equipment. CISA encourages all critical infrastructure organizations to implement security best practices.

For more information, visit CISA’s PRC Cyber Threat webpage.

Featured

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.