- Posted February 05, 2025
The National Cyber Security Centre (NCSC) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the National Cyber Security UK (NCSC-UK), and other international partners to release guidance on edge device security.
Five Eyes cyber security agencies have observed an increase in targeted attacks on edge devices. The term ‘edge devices’ includes systems such as firewalls, routers, virtual private network (VPN) gateways, internet of things (IoT) devices, internet-facing servers, and internet-facing operational technology systems. Failing to secure these network perimeters is equivalent to leaving doors open, inviting malicious cyber actors to access sensitive data, disrupt operations and initiate further exploits.
To counter the increasing number and sophistication of malicious actors targeting edge devices, we have collaborated with international cyber security agencies to release harmonised, timely and relevant edge device publications targeting executives, middle managers and practitioners. The publications do not contain duplicative information, and they focus on unique aspects of the issue while complementing existing or upcoming publications.
The following publications have been released:
- Mitigation strategies for edge devices: executive guidance(external link) (led by ASD). Originally released by ASD on 3 October 2024, this publication has been adjusted to be more relevant to international audiences. The executive guidance is intended for executives within large organisations and critical infrastructure sectors responsible for the deployment, security, and maintenance of enterprise networks. It covers offers a high-level summary of existing guidance for securing edge devices.
- Mitigation strategies for edge devices: practitioner guidance(external link) (led by ASD). The practitioners’ guidance is designed for operational staff, cyber security staff and procurement staff. It provides a list of principle mitigation strategies for edge devices to improve security and resilience against cyber threats. These strategies are vendor agnostic and apply to some of the most common types of edge devices and appliances across enterprise networks and large organisations.
- Security considerations for edge devices(external link) (led by CCCS). This publication provides high level guidance for management for securing virtual private networks (VPNs), routers, and firewalls in an organisational context.
- Guidance on Digital Forensics and Protective Monitoring Specifications for Producers of Network Devices and Appliances(external link) (led by NCSC-UK). This publication is for edge device manufacturers. It outlines definitions for the minimum requirement for forensic visibility and encourages including standard logging and forensic features that are robust and secure by default, to more easily detect malicious activity following an intrusion.
For more NCSC updates, follow us on LinkedIn.(external link)