CISA Releases Guidance For Network Monitoring to Detect Malicious Cyber Actors

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, has released crucial guidance for monitoring networks and hardening devices.

This initiative comes in response to a widespread cyber espionage campaign attributed to a People’s Republic of China (PRC)-affiliated threat actor that has compromised networks of major global telecommunications providers. The newly published Cybersecurity Information Sheet (CSI), titled “Enhanced Visibility and Hardening Guidance for Communications Infrastructure,” offers a comprehensive set of best practices aimed at strengthening network visibility and security.

Moreover, the analysts at NSA identified that this guidance is primarily designed for network engineers and defenders of communications infrastructure but is also applicable to organizations operating on-premise enterprise equipment.

Significance of the Guidance
The CSI outlines several critical measures to enhance network security:-

  1. Improved Visibility: The guidance emphasizes the importance of maintaining detailed insight into network traffic, user activity, and data flow.
  2. Device Hardening: Recommendations include disabling unused protocols, secure password management, and limiting management connections.
  3. Timely Updates: Regular patching and upgrading of devices are stressed as crucial steps in maintaining security.
  4. Enhanced Logging: The CSI advises logging all configuration changes and management connections, with alerts set for unexpected activities.
  5. Strong Cryptography: Only allowing strong cryptographic protocols is highlighted as a key security measure.

Dave Luber, NSA Cybersecurity Director, underscored the importance of vigilance, stating, “Always have eyes on your systems and patch and address known vulnerabilities before they become targets”.

This guidance is particularly significant given the sophisticated nature of the cyber threats targeting exposed services, unpatched devices, and under-secured environments. The document also provides specific hardening practices for Cisco operating systems, which were identified as targets in this cyber campaign. This tailored advice demonstrates the comprehensive and practical approach of the guidance.

CISA Executive Assistant Director for Cybersecurity, Jeff Greene, emphasized the serious threat posed by PRC-affiliated cyber activity to critical infrastructure, government agencies, and businesses. The collaborative effort in producing this guidance, involving multiple U.S. agencies and international partners, highlights the global nature of the cybersecurity challenge and the need for coordinated responses.

By implementing these recommendations, organizations can significantly improve their ability to detect, prevent, and respond to cyber incidents, which will enhance the overall security of global communications infrastructure.

Tushar Subhra Dutta, Cyber Security News