


U.S. and international cybersecurity officials are urging the use of stronger digital encryption to protect against suspected Chinese hackers who penetrated American telecommunications systems.
American officials and their allies in Australia, Canada, and New Zealand issued joint guidance this week for information technology professionals to harden their networks in response to the suspected Chinese hacking operation that targeted AT&T and Verizon, among others.
The new guidance for network engineers recommends using encryption “to the maximum extent possible,” with as little connection to the internet as possible.
“If feasible, limit exposure of management traffic to the internet,” the officials’ guidance said. “Only allow management via a limited and enforced network path, ideally only directly from dedicated administrative workstations.”
Such advocacy in favor of encryption represents a significant departure for the FBI, which helped author the guidance alongside the Cybersecurity and Infrastructure Security Agency and National Security Agency.
The FBI had been among the strongest opponents of digital encryption in the U.S. for years, citing concerns that the technology makes it much harder for the bureau to catch criminals.
For example, FBI officials exaggerated the number of devices they were unable to access in fiscal year 2017 due to encryption and later issued a correction acknowledging the error while still withholding more accurate data.
The bureau’s leadership has ardently supported policies enabling court-approved wiretapping. The alleged Chinese hackers, however, are believed to have breached systems used to cooperate with the wiretapping.
Now, the FBI wants network defenders and engineers to harden their networks and tell federal investigators if the cybersecurity professionals spot anything anomalous.
“We strongly encourage organizations to review and implement the recommended measures in this guide and to report suspicious activity to their local FBI field office,” said Bryan Vorndran, FBI assistant director, in a statement.
Officials from the FBI and CISA also urged Americans to use encrypted messaging apps to frustrate Chinese espionage efforts, according to NBC. A senior FBI official recommending encryption on Tuesday reportedly asked to remain anonymous.
The shift in recommendations from U.S. officials suggests the suspected hack of American telecom giants may be more damaging than previously known.
Cybersecurity writer Brian Krebs said U.S. officials’ new messaging in favor of encrypted communications is an acknowledgment of how China-sponsored hackers and others have successfully corrupted telecom companies’ security.
“This is such a remarkable turn after years of the feds insisting we need ’backdoors’ in all our encryption,” Mr. Krebs wrote on LinkedIn.
Longtime proponents of encryption are cheering the federal government’s newfound support. The Center for Democracy and Technology’s Greg Nojeim said Wednesday that his team was pleased to see national security officials recognizing the need for encryption to keep Americans safe and secure phone communications.
“If anti-encryption advocates had their way, the United States would now be defenseless to this type of mass snooping from a foreign power,” Mr. Nojeim said in a statement.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.