Wednesday 04 Nov 2015 @ 12:20
CESG
Printable version

CESG releases new guidance for secure voice technology

Risks to voice data

Voice data is subject to a number of key threats:

  • calls are placed to or received from an attacker and the user doesn't realise, resulting in compromise of spoken data
  • attacker with privileged network access can access all call content and metadata for a user on that network
  • attacker compromises a cellular base station, or uses a false base station, and gains access to all call content and metadata for all users on that base station
  • attacker could cause calls to be routed via infrastructure they control (e.g. offering low-cost routing), enabling interception

New CESG guidance

Secure Voice technology is changing rapidly, and CESG policy is evolving to keep up with the pace of change.

The Secure Voice at OFFICIAL guidance (PDF 351KB) describes the current status and policy of secure voice technology for protecting OFFICIAL and OFFICIAL SENSITIVE communications.​

 

Channel website: https://www.ncsc.gov.uk/

Share this article

Latest News from
CESG

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.