Government, Critical Infrastructure, and the Future of Secure Communications
It was not long ago that it seemed our discussions and data were reasonably secure as they traversed well known ISP and communications networks.
We understand now that this was a false sense of security given the long-term Salt Typhoon attacks against communications infrastructure. The attacks reveal what can happen to our data and our most sensitive information and conversations unless we take secure communications into our own hands.
To explore what, exactly, this means, I recently hosted a webinar with fellow leaders at BlackBerry. And in case you haven’t been keeping track, BlackBerry is a global secure communications leader trusted by governments and highly regulated organizations. BlackBerry CEO John J. Giamatteo recently explained why: “I am proud to say we offer the world’s most comprehensive, highly secure, and extensively certified portfolio for critical communications, purpose-built to handle sensitive and even top secret level data.”
Discussion: The Future of Secure Communications
It is time we take a moment and ask ourselves: what are we doing to secure our communications? As it turns out, using consumer-grade tools is not enough.
Watch The Future of Secure Communications on demand or keep reading for excerpts from the discussion.
Why the Salt Typhoon Attacks Cut So Deep
Paul Webber, BlackBerry: “This is very deliberate. The nature of these threats allows the attackers to monitor activity and access unprotected data without being detected. And since there's no need to apply any tools or malware to end-users’ devices, for instance, and therefore little likelihood that we're going to see any detections by things like endpoint security tools, all of this means it can be carrying on for large periods of time.
“The attackers were able to use the exploits to compromise the network appliances, but then also access poorly protected admin credentials, and when they have those elevated privileges, obviously they can cover their own tracks as well. So you can't really be sure, even once you've detected this activity, that you've fully evicted them from the network, because when they have those privileges, they can keep deleting their own records and tracks and logs."
Fallout: Lost Confidence in Secure Communications
David Wiseman, BlackBerry: “My perspective is we have to assume that the networks are compromised globally, and from a telecommunications perspective, that's almost by design because telecommunication networks are designed for reachability. You can pick up a phone. You can reach anyone in the world. You know security has to be secondary to that, right? So therefore, you need to assume that the networks are compromised. Then you need to take actions as an organization, and as an individual, with that assumption in place. You have to protect your data and protect your communications, because you still need to traverse the [commercial] networks.”
Why Applications like WhatsApp and Signal Are Not Enough
“When people think about security and their communications, they're thinking about interception and ‘If I encrypt everything, end to end, that's going to be good. I'll be safe,’ says Wiseman. “That's certainly better than not encrypting it, but when we think about the free applications, they're all built on the model of building as large a user base as possible. They’re open to anyone, and it's still open to public registration. And I think that's kind of the first entry point people need to think about, is, can you be confident about who you're talking with?”
And as BlackBerry’s Shil Sircar pointed out during the discussion, generative AI is making that question much harder to answer in open environments, where anyone can claim to be anyone. “There is evidence that fraudsters impersonated various CEOs in WhatsApp accounts and calls. With voice data trained with these executives on YouTube footage, whether it's video or voice and employees, for example, receiving these multimedia elements where threat actors are impersonating and in a very convincing way with these types of generative AI technologies.”
This is one way you lose a critical piece of secure communications control when you use mass-market apps. But it’s not the only way, because a familiar rule also applies: If it’s free, you are the product. And the platform sets the terms and conditions, but your organization does not.
BlackBerry’s Webber summed it up nicely during the webinar:
“All of these tools tend to have some form of file-sharing capability. The problem with that is that the rules of engagement are usually that anything you share with a collaborating third party on those services becomes their property, and you don't have any retrospective way of deleting that data. And I think people that have true need to share sensitive data and classified data want the facility to do things like revoke access to that data retrospectively, maybe six weeks or six months later, and you can't do that in a publicly hosted service at all.”
How to Regain Control and Confidence in Your Secure Communications
There is a path forward, utilizing the right secure communications strategy and tools, which BlackBerry’s Wiseman summarized quite well during our conversation.
“The implication of that is that any type of public system is probably not going to be appropriate for security focused organizations. Going forward, you're going to need a system you control where sovereignty belongs to your organization. You're controlling the data and life cycles and you are controlling who is in the system. You also have confidence in the encryption and the validations that it's gone through. In some sense, it’s a move back to private comms and away from the push that's gone on for a couple of decades around more and more public communications.”
For the full discussion, watch The Future of Secure Communications.
Learn More About a Secure Communications Platform
Hopefully, these excerpts helped clarify why governments and highly regulated organizations must now take secure communications back into their own hands. BlackBerry provides secure and critical communications solutions to every G7 nation and most G20 countries, along with servicing 8 of the world's 10 biggest banks.
To learn more, explore BlackBerry® SecuSUITE® here, or reach out to have a conversation. Working together, we’ll help you regain trust that your communications can remain secure, even if they travel over potentially compromised infrastructure.
