iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The new advisory offers advice to “critical infrastructure leaders” on how to manage the threat of Chinese cyber espionage.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory on behalf of the Five Eyes intelligence alliance, warning of the “urgent risk” posed by the state-backed Chinese hacking group Volt Typhoon.
The alliance warned in February that the hacking group was pre-positioning itself on major critical infrastructure networks, a contingency in case of increased geopolitical or military conflict between China and the US.
The advisory released overnight cautions executive leaders to “empower cyber security teams to make informed resourcing decisions to better detect and defend against Volt Typhoon and other malicious cyber activity”.
The first step, according to CISA, is to use “intelligence-informed prioritisation tools” that can empower cyber security teams to make the right investments of time and resources on implementing the most “high-impact” solutions. Knowledge of Volt Typhoon’s techniques, which rely on living off the land and making use of valid network functions rather than deploying malware, is also key to combating them. Keeping up with CISA and its allies’ reporting is a key component of this.
One of the simpler things that can be done to stay on top of the threat is to implement logging across all systems and applications and to make sure those logs are centrally stored.
“Robust logging is necessary for detecting and mitigating living off the land,” the advisory suggests. “Ask your IT teams which logs they maintain as certain logs reveal commands used by Volt Typhoon actors. If your IT teams do not have the relevant logs, ask which resources they may need to effectively detect compromise.”
Cyber security training is also important, as is running regular tabletop exercises. Supply chain security is another key plank.
“Establish strong vendor risk management processes to evaluate and monitor third-party risks, ensuring that suppliers and partners adhere to strict security standards and any foreign ownership, control, or influence (FOCI) are clearly identified and managed, including consideration of, for example, the US Department of Commerce Entities List and Unverified List,” the advisory said.
Individuals involved in the procurement process need to exercise due diligence when it comes to sourcing software and any other kind of service provider. Any vendor chosen needs to have its own security and patching plans, while any products that do not meet minimum security standards should have their usage limited or restricted.
Finally, leaders need to instil a culture of cyber security across their organisations. Collaboration between disparate business units should be encouraged, while external cyber security experts should be engaged to run independent network assessments.
“The authoring agencies urge leaders to recognise cyber risk as a core business risk,” CISA said.
“This recognition is both necessary for good governance and fundamental to national security.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
