On the topic of Salt Typhoon and Lawful Intercept, in 2010 I published a security analysis of Cisco’s Lawful Intercept features at Blackhat DC, which included specific recommendations for telecommunications operators.

CISA has published a set of security recommendations for communications service providers. These recommendations are good “best practices” for anyone running Cisco routers, but they aren’t specific to Lawful Intercept.

I have no inside information on Salt Typhoon but I stand by the recommendations in my original paper and I believe they are still largely relevant to this protocol today.

My paper: https://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-wp.pdf

CISA’s recommendations: https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure