In conversations with CIOs, CISOs, and policymakers across the globe, their concerns are strikingly similar: our communications infrastructure is under extraordinary strain, and our ability to trust it is eroding. The global espionage campaign, Salt Typhoon, has already infiltrated over 600 telecom providers in more than 80 countries, with similar campaigns being uncovered in more recent times. Exploiting unpatched systems and aging infrastructure, attackers are stealing call records, location data, and metadata at an unprecedented scale. With AI now at criminals’ fingertips, rates of compromise once unimaginable have become routine, with entire networks being mapped, cloned, and weaponized in hours.
No country is immune. Because communications travel the same global networks, compromised core infrastructure abroad leaves government traffic everywhere vulnerable. Secure communications, therefore, are not just a regional challenge; they are a global imperative.
From Personal Privacy to National Security
Despite the potential risks, many organizations, including government departments, fall back on the convenience of widely available consumer messaging apps for official communication. These platforms were built to democratize privacy, giving citizens encryption once unavailable through standard text messaging. But tools designed to protect an individual’s privacy were never built to secure a nation’s classified information.
International audits underscore the gap. A 2023 review by Australia's OAIC found 73% of agencies permitted these apps for official business, yet only half had policies ensuring compliance with archival or privacy law. Other countries face the same governance question: Should classified documents, procurement negotiations, or law enforcement investigations occur on platforms often exploited by criminals?
The threat is compounded by what we often overlook — the metadata.
The Metadata Problem
Even when messages are encrypted, metadata tells the story of who contacted whom, when, how often, and from where.
Free apps monetize metadata by collecting phone numbers, device identifiers, IP addresses, and usage statistics, and selling them to third parties. For governments and critical infrastructure, this isn’t a minor detail; it’s unacceptable security exposure. Metadata reveals patterns of military movement, travel schedules, and negotiation timelines. In national security terms, metadata is intelligence.
And this exposure is about to grow exponentially.
The AI Multiplier
Artificial intelligence has changed the game. Attackers now use AI to map networks, automate reconnaissance, and generate lifelike forgeries of voice, image, and behavior. In 2024, a Hong Kong subsidiary of the engineering firm Arup lost USD $25M after staff were deceived by a video call where most participants were AI-generated deepfakes. For CIOs everywhere, the message is clear: the barrier to creating convincing forgeries of your voice, image, or communication style has all but disappeared. The spy of the future isn’t in a trench coat. It’s an algorithm in the cloud.
The time for discussion is over; governments and their allies have already moved to act.
Learning from Global Partners
Allied nations are learning from each other and taking decisive steps. Australia, for instance, has redefined its telecommunications sector as critical infrastructure. In response to state-sponsored attacks from groups like Salt Typhoon, Canberra expanded its Security of Critical Infrastructure (SOCI) Act, introduced an Enhanced Response and Prevention Act granting regulators powers to compel remediation, and launched the Telecommunications Security and Risk Management Program (TSRMP).
Under these reforms, providers must maintain risk management plans across cyber, personnel, supply chain, and physical threats, with mandatory incident reporting to the Australian Cyber Security Centre. By 2027, providers will also be required to meet strict minimum cybersecurity maturity levels.
A similar shift is taking place in the United States under the Cybersecurity Maturity Model Certification (CMMC) 2.0, which from 2025 makes robust cyber controls mandatory for all defense contractors handling Controlled Unclassified Information. Built around NIST SP 800-171, CMMC 2.0 requires verified protection of sensitive data across every system and communication channel. Together, such frameworks illustrate a coordinated global movement toward stronger, enforceable standards for protecting critical systems — where alignment, accountability, and shared intelligence are essential to collective resilience.
What This Means for Global Leaders
Put simply: national security depends on trust in communication. NATO, ASEAN, and EU nations are already moving away from consumer-grade apps and toward sovereign platforms that can be hosted, governed, and audited under national control. It is a necessary move, not out of fear, but out of foresight.
How BlackBerry Secure Communications Solves This Challenge
At BlackBerry, we have built secure communications solutions that already protect world leaders, defense ministries, and G7 partners.
Our NIAP-, BSI-, and NATO-certified encryption protects conversations at the highest classification levels. Deployments can be hosted in sovereign clouds or on-premises, ensuring full control of data and keys. We are FedRAMP-authorized, trusted by the U.S. federal government, and are already preparing for post-quantum cryptography to help countries remain resilient against tomorrow’s threats.
The vulnerabilities that make communications fragile today are the very challenges BlackBerry is solving.
Final Reflection
Having met with global leaders and seen firsthand how nations are hardening their communications, I believe governments stand at a pivotal moment. We cannot wait for a breach to force our hand. The next decade will not be decided by who fields the largest military or the most satellites — it will be decided by who can trust their communications.
For BlackBerry, protecting that trust is not new — it has been our mission for over 40 years. What has changed is the sense of urgency. Governments around the globe must make a clear choice: lead in trust or be led by compromise.
