Five Eyes cyber-agencies launch bid to secure edge devices
Global security chiefs warn of a "a relentless wave of intrusions" as they urge organisations to secure the edge.
Cybersecurity chiefs from Five Eyes nations have issued a new set of guidelines to help manufacturers of edge devices secure their products and make it easier to investigate compromises.
Edge devices are internet-connected devices that sit at the borders of a network, acting as entry points for data between local networks and the wider internet. A useful biological parallel is selectively permeable cell membranes, which let some substances move through while blocking others.
Examples include routers, sensors, cameras, smart appliances and IoT devices, which are vulnerable because they connect directly to external networks and handle high-value, sometimes sensitive data that is extremely attractive to hackers.
GCHQ’s National Cyber Security Centre (NCSC), CISA in the US, and agencies from Australia, Canada, and New Zealand published the new guidance in response to an uptick in the number of "sophisticated malicious actors" targeting vulnerabilities in edge devices.
Their advice encourages device manufacturers to include and enable standard logging and forensic features that are robust and secure by default, so that network defenders can more easily detect malicious activity and investigate after an intrusion.
They also set minimum standards for forensic visibility to help network defenders secure organisational networks both proactively and in response to a compromise.
You can read the guidelines here.
An edgy global cybersecurity advisory
Ollie Whitehouse, NCSC Technical Director, said: "In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat.
“In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities require post intrusion.”
“Alongside our international partners, we are focused on nurturing a tech culture that bakes security and accountability into every device, while enabling manufacturers and their customers to detect and investigate sophisticated intrusions.”
READ MORE: Ex-CISA chief: Stop calling Chinese hackers silly names and start taking them seriously
The Canadian Centre for Cybersecurity set out further details of the threat, warning: "Edge devices can be compromised and leveraged by threat actors to gain access to your environment. A prominent vector is any device directly connected and used as a preventative and detective measure, such as a firewall. Threat actors will spend time and resources looking at all possible vectors to attempt to bypass boundary controls and protections in place."
Misconfigured edge device components such as router or VPNs can lead to a compromise, the agency warned. Exploitations also when threat actors leverage vulnerabilities that organisations have not patched or are unaware of.
"Threat actors focus their attention on the vulnerabilities of individual devices at the edge of the network," it added. "Edge devices are usually connected to the Internet and have public IP addresses that can be reached from anywhere. This makes edge devices particularly susceptible to exploitation as threat actors can leverage the Internet to identify and exploit vulnerabilities in these devices."
Notable edge exploits include a critical vulnerability in Fortinet FortiOS (CVE-2024-21762, CVE-2022-42475) that allowed unauthorised access to execute arbitrary commands. Hackers also exploited an unpatched firewall to compromise admin credentials.
Another example is a bug in Cisco IOS (Internetworking Operating System assigned CVE-2023-20198 and CVE-2023-20273 which enabled attackers to gain administrative access via zero-day vulnerabilities, creating persistent backdoors.
Commenting on the news, James Neilson, SVP International at OPSWAT, said: "Security must be prioritised throughout the edge device lifecycle; manufacturers must ensure that devices are secure-by-design, rather than relying solely on the owner-operators. The new Five Eyes guidance is a welcome step.
"Ensuring that edge device manufacturers follow minimum security best practices is crucial in combating sophisticated threats that target IoT devices, smart building sensors, and other network edge equipment.
"Increasingly, attacks exploit vulnerabilities that could have been mitigated during the design phase, paying particular attention to software update integrity, logging, and access authentication.
"Even when edge devices are air-gapped from the internet, these fundamental security capabilities make network-attached equipment more resilient to attacks and more manageable for security teams to monitor and protect.
"An organisation’s security strategy should be rooted in secure-by-design principles; still, it must also be reinforced by technologies such as content disarm and reconstruction, vulnerability assessments, data loss prevention, and multiscanning. This ensures that files, data, and devices remain safe when transferred through edge environments."
Mitigation strategies
To reduce the risk of compromise, organisations should:
- Subscribe to security notifications and apply patches promptly.
- Follow vendor hardening guides and disable unnecessary functions.
- Implement strong, phishing-resistant multi-factor authentication (MFA).
- Use centralised logging and monitoring for real-time threat detection.
- Restrict access through role-based authentication and out-of-band management.
- Regularly review security rules, device lifecycles, and support timelines.
- Include edge device compromise in incident response plans and conduct drills.
- Diversify vendors to mitigate supply chain risks.
Have you got a story or insights to share? Get in touch and let us know.
