US offers telcos tips on thwarting Chinese foul play

No less than three US agencies – CISA, NSA and FBI – put their name to the unsolicited set of security top tips, alongside their contemporaries in Canada, Australia and New Zealand, implying they too have been affected. The only other member of the Five Eyes intelligence alliance is the UK. It’s anyone’s guess what the significance of its absence is, but maybe China just can’t be bothered to interfere with our networks.

The premise of the publication, titled ‘Enhanced Visibility and Hardening Guidance for Communications Infrastructure’, is the hack flagged up by CISA and the FBI last month, which was allegedly perpetrated to get hold of subscriber data and communications. Somewhat redundantly, these spy agencies have even gone so far as to recommend people use encrypted messaging services if they don’t want their private communications to be read by nosey third parties. Great advice!

It seems that, despite the heroic efforts of some operators, the affected networks remain compromised. The publication of these recommendations infers the security agencies think telcos need to raise their game when it comes to defending themselves from this sort of thing, as if they don’t already have all the incentive they need to invest in security measures.

But just in case it hadn’t occurred to them, telcos are urged to improve their network visibility, monitor suspicious activity, get better at network defence, and generally improve their network management practices. Even more great advice but it would be surprising if any operators weren’t already doing what is recommended and more.

Donny Chong of security Nexusguard said, in emailed comments, that he doesn’t think the recommendations go far enough. “CISA’s updated guidance focuses far too much on visibility for defenders of critical infrastructure, rather than protection,” he said. “Highly sophisticated attackers, capable of remaining undetected for months or even years, require more than network monitoring and general security recommendations to be thwarted. The guidance covers security measures that CSPs should already have in place.

“The guidance also has glaring omissions in the critical area of API security, which has become a cyber nightmare for CSPs. With APIs proliferating across their ecosystems, many CSPs don't even know they have exposed APIs within their infrastructure. These vulnerabilities provide an entry point for nation-state attackers, enabling them to access vast stores of sensitive data.

“CISA’s suggestion to log application activities is insufficient for mitigating API threats. Traditional network solutions, such as Web Application Firewalls (WAFs), are perimeter-focused and lack the depth to address threats beyond their scope. Sophisticated attackers increasingly find ways to masquerade as legitimate users, bypassing conventional defenses.

“API security requires more than just visibility due to the sheer volume of log data generated by API traffic. CSPs must adopt proactive remediation solutions capable of detecting and blocking suspicious requests in real time, preventing data leaks before they occur. Without robust API protection, CSPs remain vulnerable to exploitation, even with enhanced network visibility.”

Meanwhile, the US has also unveiled the latest round of sanctions whack-a-mole, designed to make sure China doesn’t get too good at technology. While the stated justification continues to be the apparent need to impede China’s military modernization, the military bit is just window dressing. The simple fact is that China is a growing geopolitical rival and the US wants to cling onto its status as global hegemon for as long as possible.

“This action is the culmination of the Biden-Harris Administration’s targeted approach, in concert with our allies and partners, to impair the PRC’s ability to indigenize the production of advanced technologies that pose a risk to our national security,” said U.S. Secretary of Commerce Gina Raimondo.

“The United States has taken significant steps to protect our technology from being used by our adversaries in ways that threaten our national security,” said National Security Advisor Jake Sullivan. “As technology evolves, and our adversaries seek new ways to evade restrictions, we will continue to work with our allies and partners to proactively and aggressively safeguard our world-leading technologies and know-how so they aren’t used to undermine our national security.”

Three other bureaucrats were also quoted saying more or less the thing. Here’s what the release says about the specific measures: ‘The rules include new controls on 24 types of semiconductor manufacturing equipment and 3 types of software tools for developing or producing semiconductors; new controls on high-bandwidth memory (HBM); new red flag guidance to address compliance and diversion concerns; 140 Entity List additions and 14 modifications spanning PRC tool manufacturers, semiconductor fabs, and investment companies involved in advancing the PRC government’s military modernization; and several critical regulatory changes to enhance the effectiveness of our previous controls.’

Chinese state-controlled news site Global Times is predictably defiant in its editorial response to these latest measures, downplaying their significance. Radio Free Mobile, however, thinks they will be effective. Both agree that the broader consequence of this tech war will be the division of the world into US and Chinese spheres of influence that increasingly avoid interacting with each other. That, in turn, will suppress economic growth for everyone.