The recent Salt Typhoon cyber campaign has reignited the global conversation about securing mobile communications, particularly as threat actors increasingly target the telecommunications sector. In response, the Cybersecurity and Infrastructure Security Agency (CISA) released updated best practices for secure communications. While these recommendations provide a solid foundation, cybersecurity experts warn that they may not be sufficient for high-stakes scenarios involving government agencies and critical infrastructure.
“CISA’s mobile communications best practices establish a strong foundation for improving security, particularly for the public,” said David Wiseman, Vice President of Secure Communications at BlackBerry. “However, for government agencies and critical infrastructure organizations, these guidelines should be considered just the beginning. To ensure comprehensive protection, additional layers of security must be added, including continuous identity validation, control over communication metadata, and governance of the systems in use.”
Why Not All Secure Communication Apps Are Equal
Apps like Signal and WhatsApp are often recommended for their end-to-end encryption, but experts highlight their vulnerabilities in sophisticated threat environments. These consumer-grade platforms prioritize ease of use and connectivity, often relying on open registration models that can be exploited by attackers to spoof identities or infiltrate sensitive conversations.
“While these best practices will enhance the protection of communications against many threats, they may not fully defend against sophisticated groups like Salt Typhoon,” Wiseman noted. “The attackers' ability to collect metadata and target individuals using deepfake technology could still present significant risks, highlighting the need for even stronger safeguards.”
For critical sectors, cryptographic authentication offers the best available solution. By cryptographically binding identities to devices, these systems provide ongoing validation of both users and devices, reducing the risk of identity spoofing and unauthorized access. Additionally, secure communication platforms designed for high-security environments often include features like metadata governance, ensuring sensitive information about communication patterns is not exposed.
The Rise of Deepfakes and Sophisticated Threats
Salt Typhoon and similar campaigns illustrate how advanced threat actors are evolving their tactics to exploit communication networks. By harvesting metadata, attackers can map communication patterns, enabling precision-targeted social engineering attacks. Over time, this data can be fed into artificial intelligence models to create realistic deepfakes, amplifying the potential for deception.
“Looking ahead, communications-driven attacks are expected to become increasingly sophisticated as adversaries leverage the metadata and identity associations harvested in initial attacks,” said Wiseman. “The stolen voice and message data can be fed into AI models to generate realistic deepfake content, amplifying the potential for successful social engineering attacks.”
Organizations must prepare for these evolving threats by adopting a proactive and resilient approach to communication security. This includes implementing continuous identity validation, maintaining full control over data and metadata, and ensuring compliance with specialized security certifications tailored to their operations.
Future-Proofing Secure Communications
The threat landscape targeting communications is expected to grow as nation-states and cybercriminal groups refine their methodologies. This makes robust and adaptive security measures not just advisable but essential for any organization managing sensitive information.
CISA’s guidelines are a valuable starting point, but experts emphasize the importance of looking beyond basic encryption to embrace comprehensive solutions that integrate cryptographic authentication, metadata governance, and ongoing validation. By doing so, organizations can not only protect their communications in the present but also mitigate long-term risks associated with emerging threats like deepfakes and AI-driven attacks.
As Wiseman summarized, “By incorporating these extra layers, agencies can better mitigate the evolving and increasingly sophisticated threats targeting critical communication channels.”