Salt Typhoon poses a serious supply chain risk to most organizations

“I think the idea that they are hoovering up lots of information is not at all out of the realm of possibility,” Chertoff’s Isles says. “I think we can overweight that towards call content. They’re going to get the audio of CEOs, et cetera.”

Guidance on how to strengthen visibility, harden assets
The guidance issued by US, Canadian, Australian, and New Zealand authorities offers a series of detailed and rigorous steps for communications networks and other critical infrastructure providers to strengthen visibility and harden devices and architecture. It also provides hardening best practices for Cisco operating systems, which authorities say Salt Typhoon targeted.

The nine-page alert says organizations should engage in proactive monitoring, emphasizing early detection through robust visibility and anomaly tracking; defense-in-depth, adding layers of protection through encryption, segmentation, and secure device configurations; enhanced protection focus, emphasizing patching, turning off unnecessary services, and securing protocol usage; and collaboration, encouraging organizations and manufacturers to work together for a more secure infrastructure.