FBI and CISA officials are recommending the use of encrypted applications for instant messaging, texts and voice calls. However, consumer applications like WhatsApp and Signal do NOT mitigate the full nature of this threat vector and certainly do not protect metadata, including user location.
A federated, sovereign, cross domain architecture for secure communications – voice, instant messaging and video conferencing – can protect against these threats. Such a solution can provide interoperability across organisations, from low to high classifications and assurance levels, and must be supported by recognised security accreditations, delivering the security necessary to mitigate against the growing cyber risks and threats in this area, while delivering consumer app ease of use.
Touted as the biggest, most blatant cyber-espionage attack in history, PRC (People’s Republic of China) is behind the hacking of some of the world’s largest telcos. While the US is hitting the headlines, The Register has reported that other countries such as Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, and Vietnam have all been targeted. And it’s not just telcos, other target industry sectors include: technology, consulting, chemical and transportation industries, government agencies, and non-profit organizations (NGOs) in the US, the Asia-Pacific region, the Middle East, and South Africa.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued recommendations that citizens use encrypted apps to protect the privacy of their communications.
While this is highly concerning news for governments, public sector organisations, organisations supporting critical national infrastructure (CNI), journalists, law enforcement and anyone with a sensitive job role, it is also worrisome for everyone, at every level. Indeed, in the NCSC’s recently published Annual Review, NCSC CEO Richard Horne states: “We face enduring threats from hostile states and cyber criminals looking to exploit our dependency on the technology that now underpins all aspects of modern life.
Advice from NCSC over 5 years ago is even more pertinent now: “Consider options for secure or alternative communications in event of a sensitive incident, or where normal channels are unavailable due to network/email/phone system outage.”
The Salt Typhoon attack is using multiple activities to cause a range of issues including:
Intercepting and eavesdropping communications
Salt Typhoon is using its presence on telecom provider networks to intercept calls and messages of targeted individuals, which include government officials and politicians, amongst others. This means that communications involving sensitive topics or national security could be falling into the hands of an unfriendly regime. Any product that uses end to end encryption can mitigate this particular risk, including Armour Mobile. However, UK military and defence organisations have been discouraging the use of consumer grade apps for messaging for a number of years now and have already implemented more secure comms mechanisms. A key reason for using dedicated secure systems is that there is a lot more to securing communications than just encryption (as we explain in our blog: If there’s more to security than encryption – what else do you need?)
Accessing and mining metadata
The attacker has stolen large amounts of call detail records (metadata), for example, caller and receiver phone numbers, call duration, call type and phone location. So, even if the detail of the conversation/communication cannot be read (when using end to end encryption), adversaries can glean a lot of valuable intelligence just from knowing who is speaking to whom, when and where. For example, knowing the location of a journalist or activist in a rogue state can quite literally be a matter of life and death for those individuals.
The fact that social media companies sell their members’ metadata to advertisers demonstrates just how valuable it is, even for the ordinary citizen (and clearly, even more valuable if it is a politician or public official).
Whilst it’s not possible to stop metadata from being generated, steps can be taken to control access to it. Armour Comms securely manages communications in the cloud ensuring metadata is minimised and protected. In addition to private SaaS deployment, we also offer an on-premises solution for those who want complete control, allowing customers to store metadata on their own servers. Our solutions not only protect the content of communications, but also consider the broader aspects of securing your data and privacy. Consumer apps such as WhatsApp, and even Signal, do not protect metadata to the same degree.
For more information about the value of metadata read our blog: What does your smart phone say about you?
Secure comms when handling a major security incident
NCSC advises that a key step for preparing communications strategy as part of incident response is to set up an alternative communications channel, i.e. one that does not rely on the organisation’s usual channels, since these may have been compromised in the attack. NIST SP800.61 also recommends having multiple back up communications solutions in place.
Both NIST and the Digital Operational Resilience Act (DORA) suggest that incident response groups with key contacts/structures are pre-defined and set up in advance, so that communications can begin immediately on the secure channel once an incident occurs. Groups can be internal and external to an organisation, typically including suppliers, law enforcement, internal groups, employees, key stakeholders and the SOC team, etc.
Armour provides a standalone, independently or in-house hosted secure communications platform that is as engaging and easy to use as a consumer-grade app. Armour can ensure that your employees have a solution that keeps data secure, while providing the capability to communicate effectively throughout a major incident. The Armour secure comms platform delivers:
- Data protection using UK Government and NATO approved tools, Secure by Design/Secure by Default
- One easy-to-implement solution that enables multi-domain integration of communications amongst trusted third parties and stakeholders
- Instant, remote and mobile secure collaboration
Trusted federated communications
Federated, controlled communication between separate instances of the Armour secure comms platform ensures that different organisations, departments, and locations can communicate securely. Data is held within an organisation’s own servers, or in a secure cloud, providing a highly secure, scalable architecture for low to high assurance environments.
Armour Bridge and Armour Connect provide interoperability with third party messaging and voice systems.
For more information about how Armour Comms can help your organisation to safeguard privacy of messaging, voice and video communications, read our Securing Communications Channels Buyer’s Guide, or contact us today sales@armourcomms.com
