Brad Bits: December 19, 2024 (RTO Mandates and Salt Typhoon)
RTO Mandates with some Salt Typhoon.
Welcome reader! We've made it to Thursday, December 19th, 2024 (or Friday for any APJC readers out there!). Today, I am going to discuss return to office (RTO) mandates and Salt Typhoon. Both headlines have a teleco nexus, so let's dive in...
RTO Mandates
AT&T joins Amazon and a growing list of companies with return to office (RTO) mandates.
This isn't a surprise, but it also requires further analysis and may have an adverse effect. From my perspective, are employees productive? What roles are better suited for in-person? Work isn't where you are, but what you get done to align with organizational goals. Productivity is about an obsession with quality over quantity, with the end work product in mind that meets organizational objectives. My experience spans leadership roles leading global, diverse, connected teams. It's how you communicate and the workplace norms that teams set. Connectedness is so important. As a co-worker, do you turn on your camera when you are meeting with coworkers? Are your communications intentional? Should your message be an email? Phone call? We’ve all been in meetings that should've been an email and exchanged Slack/Teams/WebEx messages that should've been an email. Teams consume, disseminate, and connect in different ways. Communication expectations are mission-critical for high-performing teams. For example, if I am sending an email to a colleague in Europe late afternoon U.S. time, I do not expect that colleague to impulsively respond. It should be on his/her time when they work best and during regular business hours. Email isn't urgent communication. If you are having regular conversations with colleagues and leaders, then this expectation should be set on how you work at your best and how you can work with them at their best. I see so many organizations that get this wrong. Does your team have regular conversations on how each team member works at their best? If not, bring this up in your next team meeting with your peers and one-on-one with your manager.
The office should be a magnet for employees to collaborate to accomplish objectives and meet deadlines, so as different organizations continue to mandate return-to-office, it's important for organizations to measure how work deliverables get completed and the best format for quality regardless of geo-location. Employees must continue to advocate for themselves and let the quality of their knowledge work be how they are measured versus the quantity of hours spent in an office. Dialogue and transparency are key for teams.
Salt Typhoon
Recently, a joint advisory about Salt Typhoon (also known as Earth Estries, Ghost Emperor, Famous Sparrow, or UNC 2286) targeting U.S. telcos. On December 3, the NSA joined the FBI and CISA to issue a joint advisory . On December 4th, the White House announced that Salt Typhoon had compromised at least eight telcos, which included AT&T, Lumen Technologies, and Verizon. CSO Online has a great timeline highlighting Salt Typhoon.
If you are in cybersecurity (especially my fellow DFIR colleagues on the frontlines responding to these intrusions), please have a conversation with your loved ones over the holidays on the significance of this threat and the importance of encrypting communications.
CISA has some good guidance here that you can share and use for talking points over the holidays: https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications
For defenders, I would also recommend reading more about Signaling System 7 (SS7) and continue to educate yourself on network protocols and vulnerabilities facing internet-facing devices; such as firewalls and routers. This will help you technically, but also begin to learn adversary tradecraft. Adversaries will continue to target network infrastructure and I could write a blog post or 1/n on this topic in the future based upon my experience. Well, that's all for today...patch your stuff, encrypt your comms, MFA everywhere, and bake your lessons learned back into your incident response plans. If you need an expert, please reach out.
References:
[i] https://www.inc.com/sarahlynch/rto-att-joins-amazon-return-to-office-are-mandates-a-good-idea/91068037[ii] https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications[iii] https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3982793/guidance-urges-visibility-and-device-hardening-against-prc-affiliated-threat-ac/[iv] https://www.csoonline.com/article/3621674/salt-typhoon-poses-a-serious-supply-chain-risk-to-most-organizations.html[v] https://www.404media.co/email/ac709882-1e4b-42fc-bcca-cf7ce4793716