US Agencies Issue Guide to Thwart Cyberthreats From China
[Stay on top of transportation news: Get TTNews in your inbox.]
Three federal agencies issued a guide Dec. 3 to help companies protect their telecommunications from hackers involved in a far-reaching cyber espionage campaign.
The guide, “Enhanced Visibility and Hardening Guidance for Communications Infrastructure,” was co-published by the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
It contains a series of measures to protect against People’s Republic of China-affiliated actors that U.S. government agencies have identified as already being inside global telecommunication provider networks.
Chinese threat actors “have targeted commercial telecommunications providers to compromise sensitive data and engage in cyber espionage,” said Bryan Vorndran, FBI assistant director of the Cyber Division. “Together with our interagency partners, the FBI issued guidance to enhance the visibility of network defenders and to harden devices against PRC exploitation. We strongly encourage organizations to review and implement the recommended measures in this guide and to report suspicious activity to their local FBI field office.”
The public release comes after a Nov. 13 warning by CISA and the FBI that “PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data.” The notice said “a limited number” of people in government or active in political activities had their private telecommunications infiltrated. The cyber campaign also made copies of “certain information” from U.S. law enforcement in court orders.
RELATED: CISA Issues Global Cyber Plan to Protect US Infrastructure
The guide outlines actions “to quickly identify anomalous behavior, vulnerabilities and threats, and to respond to a cyber incident. It also guides organizations to reduce existing vulnerabilities, improve secure configuration habits, and limit potential entry points,” CISA stated.
Guide recommendations will help network engineers and security personnel strengthen visibility and harden network devices to thwart the widespread cyber espionage campaign.
Lori Heino-Royer of Waabi discusses the latest developments, breakthroughs and key industry partnerships in autonomous trucking. Tune in above or by going to RoadSigns.ttnews.com.
“The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies and businesses. This guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors,” said Jeff Greene, CISA’s executive assistant director for cybersecurity. “Along with our U.S. and international partners, we urge software manufacturers to incorporate Secure by Design principles into their development life cycle to strengthen the security posture of their customers. Software manufacturers should review our Secure by Design resources and put their principles into practice.”
The FBI and CISA continue to provide technical assistance, share information to help other potential victims and partner to protect commercial communication cyber defenses.
In February, CISA, NSA and the FBI issued an advisory to warn critical infrastructure organizations about a Chinese government-backed group called Volt Typhoon that compromised information technology systems in multiple critical infrastructure organizations. In the U.S., the primary targets were transportation systems, energy, telecommunications and water and wastewater sectors. This public advisory also factored in information from government cyber organizations in Australia, Canada, the U.K. and New Zealand.
Want more news? Listen to today's daily briefing above or go here for more info
“Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT [operational technology] assets to disrupt functions. The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts,” CISA stated.
