Publisher: Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)
Published: December 2024
Summary: This guide, developed by intelligence agencies of the Five Eyes alliance, addresses the threat posed by cyber espionage campaigns, particularly those linked to People’s Republic of China (PRC)-affiliated threat actors targeting global telecommunications infrastructure. It offers actionable best practices for network engineers and defenders to enhance visibility, monitor activity, and harden network devices. While tailored for the communications sector, the guidance is applicable to any organisation with on-premises enterprise equipment. The emphasis is on mitigating vulnerabilities, improving network security configurations, and maintaining robust monitoring to prevent and detect exploitation.
The guide outlines practical strategies for strengthening visibility into network activity, such as employing centralised logging, monitoring anomalous behaviours, and leveraging tools like security information and event management (SIEM) for rapid incident detection. It also highlights critical hardening practices, including adopting secure protocols, segmenting networks, and securing device management. Additionally, the guide stresses the importance of proactive patch management, robust access controls, and collaboration between network engineers and defenders to safeguard critical infrastructure from evolving cyber threats.
Available from: