The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance recommending government officials use encrypted messaging apps like Signal to secure their communications from potential threats, notably cyber intrusions allegedly linked to China.
Just The News reported that the recommendation follows revelations of cyber threats against U.S. telecommunications infrastructure and coincides with investigations into past uses of encrypted messaging by government officials.
In December 2024, as part of the Biden administration's efforts to reinforce the security of government communications, CISA advised the use of apps with end-to-end encryption. This policy aims to protect officials who may be highly targeted by cyber actors.
The guidance highlighted the growing risk of interception or manipulation of communications, which further emphasizes the need for secure messaging solutions.
CISA defined "highly targeted individuals" as senior government and political figures possessing sensitive information.
This group is considered at heightened risk of having their communications intercepted. Consequently, CISA suggests that these individuals assume their communications, whether sent via government or personal devices, are under potential threat.
The memo reflects the general consensus among cybersecurity experts that no single measure can eliminate all cyber risks. Nonetheless, CISA stressed that adopting best practices with encrypted messaging significantly enhances the protection of sensitive communications from malicious cyber actors.
This guidance was issued after reports emerged of cyber-attacks targeting U.S. telecommunications infrastructure. Some of these attacks have been linked to state-affiliated entities from China.
Such breaches have raised alarms over potential national security implications, affecting both political figures and telecommunications infrastructure.
During a prior breach, hackers allegedly connected to China targeted personal devices associated with political figures, including Donald Trump, JD Vance, and individuals from Kamala Harris's campaign. These incidents underscore the importance of the new guidance.
The use of encrypted messaging apps is not a novel issue. During the Trump administration, senior officials faced scrutiny for using Signal to discuss sensitive military actions in Yemen.
An accidental inclusion of a journalist in a Signal group chat highlighted concerns over unintentional information disclosures despite technological safeguards.
In response to these incidents, officials from the Trump administration insisted that no classified information had been compromised. Recent comments from Sen. Tom Cotton suggested that the Biden administration's endorsement of Signal was in alignment with presidential record-keeping practices.
Additionally, CIA Director John Ratcliffe testified about the permissibility of employing Signal for work communications. He acknowledged that while such usage is allowed, any resulting decisions should also be recorded through formal channels to ensure proper documentation and accountability.
Similarly, Director of National Intelligence Tulsi Gabbard confirmed that no classified data had been exposed in the inadvertent journalist's inclusion in the Signal chat. Her statement served to allay further concerns regarding possible risks associated with the app's use by officials.
The overarching message of the CISA memo is one of vigilance. Officials have been cautioned against complacency, taking proactive steps to safeguard against interception threats, while accepting that no measure is foolproof.
As the geopolitical landscape evolves, cybersecurity remains a crucial facet of national security. The growing sophistication of cyber threats necessitates adaptive strategies. This includes employing state-of-the-art technology for protection and handling communications that could potentially impact national interests.
By promoting the use of encrypted apps, the Biden administration aims to bolster resilience, protecting sensitive communications from both foreign and domestic cyber actors. The expectation is for officials to embrace these suggested practices, recognizing the realities of digital communication challenges.
