The Canadian Centre for Cyber Security (Cyber Centre) has joined the following international partners in releasing a series of complementary publications on cyber security for edge devices:
- Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- United Kingdom’s National Cyber Security Centre (NCSC-UK)
- United States’ (U.S.) Cybersecurity and Infrastructure Security Agency (CISA)
- U.S. National Security Agency (NSA)
Edge devices refer to hardware or software tools that sit at the perimeter of networks, such as VPNs, firewalls and routers. These devices help facilitate and secure the connection between internal networks and external ones like the Internet.
In the last year, cyber threats actors have increasingly exploited vulnerabilities in edge devices to compromise organizations worldwide. Canada and its Five Eyes partners have been warning about this threat since early 2024. Targeting edge devices has now become a tactic of choice for many cyber threat actors, including state-sponsored actors.
This guidance series aims to inform organizations of the growing threat to edge devices and encourage swift implementation of appropriate measures to defend against it. It includes 4 publications, tailored to different audiences. This is the first time the Cyber Centre has written guidance jointly endorsed by its Five Eyes partners.
Security considerations for edge devices
This joint guidance developed by the Cyber Centre is a management publication that outlines the security considerations for commonly used edge devices. The publication provides recommendations for mitigating threats to virtual private networks, routers and firewalls.
Read the joint guidance Security considerations for edge devices.
Mitigation strategies for edge devices: Executive guidance
This joint guidance developed by ACSC is an executive-level summary that consolidates key practices to effectively manage and secure edge devices.
Read the joint guidance Mitigation strategies for edge devices: Executive guidance.
Mitigation strategies for edge devices: Practitioner guidance
This joint guidance developed by ACSC expands on the previous one and provides a list of principle mitigation strategies to improve security and resilience against cyber threats.
Read the joint guidance Mitigation strategies for edge devices: Practitioner guidance.
Digital forensics and protective monitoring specifications for producers of network devices and appliances
This joint guidance developed by NCSC-UK helps network defenders secure their organization’s environments before and after a compromise. The publication outlines definitions for the minimum requirements for forensic visibility.
Read the joint guidance Digital forensics and protective monitoring specifications for producers of network devices and appliances.