US federal government guidance on encryption reflects elevated risk to communication infrastructure in 2025

Written By fra juniper

Event:

The US Cybersecurity and Infrastructure Security Agency (CISA) issued urgent guidance for senior government and political officials on 18-Dec-24, requiring them to use “only” end-to-end encrypted applications for mobile communications [LINK, LINK].

Assessment:

A US government agency openly advocating the use of end-to-end encryption represents a significant about-face given competing equities between security, law enforcement, and intelligence agencies over widespread adoption of this technology. 

The guidance was issued in response to a campaign of cyber-espionage attributed to China. Industry and government reporting has detailed a campaign of activity by the SALT TYPHOON threat actor targeting US telecommunications providers to facilitate targeted intelligence collection against senior figures [LINK].  

This comes amid a growing body of evidence that adversaries are targeting the confidentiality, integrity, and availability of key communications infrastructure. Western officials have identified multiple cases of apparent Russian or Chinese targeting of submarine telecommunications infrastructure [LINK, LINK] and developing anti-satellite capabilities [LINK, LINK]. 

Outlook:

This development strengthens our assessment that 2025 will see a shift in the security posture of the US government and allied states in the cyber domain, reflecting an elevated assessment of the threat posed by adversaries both in terms of capability and intent.  

This will involve a shift from a focus on the security of separate communication systems to a more channel-agnostic approach focused on the security of the message. Enabling such a transformation will require developing resilience and redundancy across communication channels, so that when one fails or is compromised communications can move more seamlessly to other channels.

There is also likely to be increased interest from governments and the private sector in re-vitalising older communication channels as a means of adding redundancy and avoiding reliance on digital bottlenecks. US military exercises have long highlighted the value of multiple, non-traditional means of communication [LINK]. Fax machines [LINK], shortwave numbers stations [LINK], and carrier pigeons [LINK] never went away, but in 2025 they may look less like novelties and more like a crucial backstop.

fra juniper
Previous

US Treasury hack highlights threat of Chinese supply chain espionage
Next

BT purchase to go ahead following UK government security review