Telecommunications Systems Under Attack: Securing Against State-Sponsored Cyber Threats

The Cybersecurity and Infrastructure Security Agency (CISA), recently released a report in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, highlighting the growing risks posed by cyber actors linked to the People’s Republic of China (PRC). These groups are exploiting vulnerabilities in telecommunications infrastructure for a range of objectives, from espionage to potential sabotage, and firms need to understand how secure their infrastructure against this growing threat.

Understanding the threat

Recent cyberattacks attributed to PRC-affiliated groups have revealed persistent and sophisticated efforts to exploit weaknesses in telecommunications networks. These cyber actors are not only targeting large enterprises, but also smaller network operators and third-party service providers. The goals of these attacks are varied, including:

• Eavesdropping on sensitive communications: Cyber actors can intercept calls, emails, and other private communications, posing significant privacy risks.
• Stealing intellectual property: Businesses may lose critical trade secrets, weakening their competitive advantage and economic stability.
• Disrupting critical services: Successful attacks can lead to outages that disrupt essential services, jeopardizing public safety and causing widespread economic harm.

One prominent example is the Salt Typhoon espionage campaign, which exposed vulnerabilities in U.S. telecommunications infrastructure and highlighted the critical importance of enhancing cybersecurity defenses. Such incidents underscore the interconnected nature of communications infrastructure and the shared responsibility across industries to strengthen cybersecurity.

To address these growing risks, CISA issued a set of recommendations designed to help organizations protect their telecommunications networks.

CISA’s Enhanced Visibility and Hardening Guidance: A roadmap for protection

CISA’s Enhanced Visibility and Hardening Guidance for Communications Infrastructure, provides organizations with essential tools to safeguard their networks. The guidance emphasizes proactive, layered security approaches to protect against increasingly sophisticated threats. CISA’s recommendations include:

1. Strengthen network visibility: Organizations are urged to enhance monitoring and logging across their networks to ensure early detection of potential threats, including:
   • Capturing detailed traffic logs o Analyzing access attempts and identifying anomalies
   • Tracking configuration changes that could indicate a breach
2. Implement stronger authentication and access controls: Enforcing Multi-Factor Authentication (MFA) for all access points, especially administrative accounts, is crucial for preventing unauthorized access. Additional measures include:
   • Limiting administrative privileges to essential personnel only
   • Conducting regular audits of user access to ensure privileges align with current needs
3. Keep systems updated and patched: One of the most effective ways to defend against cyberattacks is to ensure that systems are consistently updated with the latest security patches. This includes:
   • Prioritizing patches for known vulnerabilities in both hardware and software
   • Regularly testing systems for security flaws and weaknesses
4. Adopt a zero-trust architecture A zero-trust approach assumes no system or user can be trusted by default, minimizing the potential impact of intrusions. This strategy includes:
   • Verifying every access request, even from within the network
   • Segmenting networks to contain breaches
5. Improve supply chain security Organizations must address the risk of supply chain attacks by ensuring that third-party vendors and service providers meet rigorous security standards. This includes:
   • Regularly vetting suppliers for security vulnerabilities
   • Conducting security assessments of third-party software

Our guidance

Large-scale cybersecurity threats can pose significant risks to the financial health and operational resilience of a firm, as well as broader national security concerns. To help mitigate these risks, firms should identify gaps between their current cybersecurity policies, procedures, and controls and the guidance outlined by CISA, addressing identified gaps and working to resolve them. Following CISA's Enhanced Visibility and Hardening Guidance is essential to mitigate risks, strengthen system visibility, and improve authentication and access controls.

Additionally, the below steps are also important to secure your firm and your investments:

1. The importance of approved communication channels
   Incidents like the Salt Typhon campaign, which focus on the disruption or interception of business communications, serve as a reminder for compliance and technology leaders in the financial services industry to review and reinforce the firm’s policy on acceptable electronic communications. Disruptions of common communication channels may push employees towards encrypted but unapproved communication methods (e.g. Telegram, WhatsApp) that could result in regulatory violations. Firms should use this opportunity to remind employees of the appropriate communication channels and the security measures that are in place to encrypt these approved communication methods to ensure that employees are aware of the appropriate continuity plans in case there are disruptions in the firm’s telecommunication networks.
2. The need for portfolio oversight
   CISA’s warning and the Salt Typhon campaign pose particular challenges for private equity, venture capital, and private markets firms, as the companies in their investment portfolios may be particularly susceptible to intellectual property theft or communication surveillance from state-sponsored cybercriminals. Cybersecurity and compliance leaders in the private markets space should work to establish proper cybersecurity oversight of their portfolio companies to ensure that any cybersecurity gaps are closed.

With evolving cyber threats, securing your firm and, if necessary, your portfolio companies, requires a proactive, multi-layered defense. By implementing these strategies, companies can better protect themselves from state-sponsored cyberattacks.

How we help

ACA Aponix^® can help your firm build your cybersecurity program to strengthen your line of defense against cyberattacks. Our services include:

• Aponix Protect^TM is a cybersecurity and technology risk solution that helps you build a comprehensive risk management program tailored to your business needs.
• ACA Vantage for Cyber offers comprehensive cyber health monitoring for portfolio companies. It combines advisory services, ComplianceAlpha^® technology, and RealRisk assessments to provide insights, mitigate risks, and enhance your competitive edge.
• Aponix Business Continuity Plan (BCP) Assessment provides a comprehensive evaluation of your organization’s current preparedness for disruptions. It identifies critical business functions, assesses potential risks, and offers actionable recommendations to strengthen resilience.

Reach out to your ACA consultant or contact us to find out how ACA can help secure your firm against cyber threats and comply with regulatory expectations.

Contact us