Manish Dhawan, VP Sales Engineering, North America
March 27, 2025
Sponsored by Nokia
Telecom infrastructure has long been a target for cybercriminals, but recent incidents, such as the Salt Typhoon attacks, have highlighted the urgent need to improve network security in this sector. For communications service providers (CSPs) in North America, these attacks serve as a clear reminder that cyber threats are becoming more sophisticated.
A Wake-Up Call for North American Operators
The Salt Typhoon cyberattacks (also referred to as RedMike) targeted critical telecom infrastructure and sent shockwaves through the industry. Reports indicate that vulnerabilities, including uned network devices and lawful intercept (LI) systems, may have been exploited in telecom networks. Some analysts have pointed to potential national risks, including unauthorized access to sensitive communications.
CISA and FCC Guidelines: A New Era of Telecom Security
In response to the recent attacks, the U.S. government has introduced new cybersecurity guidelines to help CSPs enhance their cybersecurity posture.
CISA’s new guidelines emphasize the need for regular telco risk audits, incident response plans, and improved coordination between public and private sectors. CISA recommends adopting phishing-resistant authentication tools, moving away from SMS-based MFA, using password managers consistently, and regularly updating software. They also suggest and implement strong certificate management practices (e.g., PKI-based certificates),
The FCC is taking action to strengthen telecom security with a proposed Declaratory Ruling that would require carriers to protect their networks from cyber threats under the Communications Assistance for Law Enforcement Act. If passed, the ruling would take effect right away. Additionally, telecom providers would be required to submit an annual attestation, ensuring they have a cybersecurity risk management plan in place and are actively following it.
Enhancing security for North American CSPs
A multi-layered approach to cybersecurity can help strengthen defenses against evolving threats. Here are a few key strategies:
Zero trust principles – Assume breach by continuously verifying users, devices, and access, while leveraging micro-segmentation to prevent attackers from moving laterally within the network.
AI-driven threat detection and response – Identify anomalies early to stop attackers in their tracks and automate your response to cut dwell time from weeks to minutes.
Supply chain risk management— Screen vendors and ensure firmware integrity, as targeting telecom gear is a known tactic. Securing 5G components, like CNF image assurance, is essential for protecting your network.
How Nokia Can Support
As cybersecurity challenges intensify in the U.S. telecom industry, Nokia leverages deep telecom expertise to help CSPs secure their networks. Our security solutions, including privileged access management, certificate management, real-time threat detection, and mitigation, are designed to identify and respond to potential threats early. Additionally, Nokia offers advanced cybersecurity consulting services to help CSPs develop tailored security strategies, conduct risk assessments, implement strong security frameworks, and ensure compliance with the latest CISA and FCC guidelines.
Conclusion
Securing telecom infrastructure in North America is more urgent than ever. CSPs must act swiftly to strengthen their security frameworks. Adopting enhanced monitoring, regular updates, and focusing on supply chain security is essential to mitigate the growing risks from increasingly sophisticated cyber threats
You May Also Like
