U.S. officials admit they don’t know when telecommunications companies will be free of Chinese interference
The admission follows guidance from the US Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Center on strengthening networks against Chinese hackers.
Officials from the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have urged people to turn to encrypted messaging apps to prevent their communications from being intercepted by Chinese threat actors embedded in some of the largest telecommunications companies in the country.
CISA Executive Deputy Director for Cybersecurity Jeff Greene joined a senior FBI official (who chose not to be identified) on a press call to make the recommendation on December 3.
“Our suggestion, what we’ve told people internally, is not new here: Encryption is your friend, whether it’s in text messages or if you have the ability to use encrypted voice communications. Even if the adversary is able to intercept the data, if it is encrypted, it will be impossible,” Greene told the media.
According to Greene, it is currently impossible to “predict a time frame in which we will have a complete evacuation.”
The FBI official said that while the current campaign is quite sizable, it remains largely traditional.
“We view this as a cyberespionage campaign, not unlike any other approach. “Certainly the way they did it was very, very specific about telcos and ISPs, but it fits into the cyberespionage umbrella,” the official said.
The FBI official added that keeping smartphones up to date was a good choice in the current environment.
“Individuals looking to further secure their mobile device communications would benefit from considering using a cell phone that automatically receives timely operating system updates, responsibly managed encryption, and phishing-resistant multi-factor authentication for email accounts, social networks and collaboration tools,” the official said.
On the same day, CISA and its partners, including the Australian Signals Directorate’s Australian Cyber Security Centre, published guidance on how to protect networks from PRC-affiliated threat actors and improve visibility of their activities. .
The guide – Improved visibility and hardening guidance for communications infrastructure – offers advice on monitoring techniques for network engineers and defenders, as well as management protocols and processes to actively strengthen networks against cyberespionage.
“CISA and its partners encourage network defenders and communications infrastructure engineers and other critical infrastructure organizations with local business teams to review and apply provided best practices, including patching vulnerable devices and services, to reduce opportunities for intrusion,” CISA said. in a statement.