Guidelines Released by CISA and FBI to Ensure Secure Communications Infrastructure
On December 3, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, along with global partners, published advice on fortifying systems against intrusions by malicious actors targeting telecommunications. These recommendations were influenced by recent breaches associated with the Chinese government.
The suggestions were issued following the identification by the FBI and CISA that threat actors linked to China had breached networks at multiple telecommunications firms. Initially, these breaches were thought to be aimed at specific individuals in government or political positions. However, on December 3, the FBI clarified that these individuals might not have been the primary targets but were inadvertently caught up in the operation. T-Mobile was reportedly one of the companies affected.
Assistant Director Bryan Vorndran of the FBI’s Cyber Division mentioned in a news release, “Threat actors connected with the People’s Republic of China (PRC) are focusing on commercial telecommunications providers to compromise sensitive data and carry out cyber espionage. Alongside our partners from different agencies, the FBI has issued advice to improve the visibility of network defenders and fortify devices against PRC exploitation.”
SEE: Live: AWS re:Invent features fresh AI infrastructure, foundation models, and more.
Key Points for Enhancing Visibility and Strengthening Security
The manual emphasizes enhanced visibility, which refers to organizations’ capacity to oversee, detect, and comprehend activities within their networks, along with fortifying systems and devices.
Enhancing monitoring involves:
- Installing comprehensive alert systems to identify unauthorized alterations in your networks.
- Utilizing a robust network flow monitoring solution.
- Minimizing exposure of management traffic to the Internet, when feasible, including confining management to dedicated administrative workstations.
“Strengthening systems and devices” encompasses various aspects of securing device and network frameworks. This advisory section is divided into two subsections: protocols and management procedures and network protection. The recommendations consist of:
- Deploying an out-of-band management network physically isolated from the operational data flow network.
- Enforcing a stringent default-deny ACL strategy to regulate inbound and outbound traffic.
- Administering devices from a trusted network rather than the internet.
- Routing all authentication, authorization, and accounting (AAA) logging to a centralized logging server with modern safeguards.
- Deactivating Internet Protocol (IP) source routing.
- Safeguarding passwords with secure hashing algorithms.
- Mandating multi-factor authentication.
- Restricting session token durations and instructing users to re-authenticate upon session expiration.
- Applying role-based access control.
FBI and CISA Advise Disabling Numerous Cisco Defaults
The document additionally offers recommendations for utilizing Cisco-specific equipment and functions. It mentions that Cisco operating systems are frequently targeted by, and linked with, the cyber threats posed by PRC actors.
For individuals using Cisco products, the FBI and CISA outline numerous suggestions for deactivating services and securely storing passwords. Specifically, IT and security professionals within susceptible organizations should turn off Cisco’s Smart Install service, Guest Shell access, all unencrypted web management capabilities, and telnet.
Regarding password use on Cisco devices, users should:
- Make use of Type-8 passwords whenever feasible.
- Avoid using outdated hashing or password types for password storage, such as Type-5 or Type-7.
- Secure the TACACS+ key as a Type-6 encrypted password whenever possible.
The guide complements the principles of Secure by Design.
“PRC-related cyber activities present a significant threat to critical infrastructure, government entities, and enterprises,” stated CISA Executive Assistant Director for Cybersecurity Jeff Greene. “This manual will aid telecommunications and other organizations in identifying and preventing compromises by PRC and other cyber assailants.”
The comprehensive list of recommendations can be accessed from the manual.
About Author
