Center for Cyber Diplomacy and International Security

The Future of Governmental Communications: Devices and Software Safety

by

VLADIMIR TSAKANYAN
in

Vladimir Tsakanyan

DOWNLOAD PDF

1. Introduction: The Critical Importance of Secure Governmental Communications in the Digital Age

The way governments conduct their operations and engage in communication has undergone a profound transformation in the digital age. Official exchanges, encompassing everything from highly classified intelligence to routine administrative functions, are increasingly reliant on digital devices and software. This evolution has brought about unprecedented levels of efficiency and connectivity, yet it has also ushered in significant challenges concerning security. The necessity for robustly secured governmental communications cannot be overstated, particularly when considering the sensitive nature of the information being transmitted and stored 1.

Secure channels for governmental communication are fundamental to national security. Any compromise in these systems can expose sensitive military strategies, diplomatic negotiations, and intelligence operations to hostile actors. The ramifications of such breaches can extend to the destabilization of international relations and the endangerment of national interests. Furthermore, the effective implementation of government policies relies on the secure exchange of information both internally within government bodies and externally with other organizations and the public. When these communication lines are vulnerable, the ability of governments to function effectively is severely hampered. Beyond the direct impact on governmental operations, the security of official communications is also intrinsically linked to public trust. Citizens rightfully expect their government to safeguard sensitive data and ensure the integrity of all official exchanges. Failures in this regard can erode public confidence and undermine the legitimacy of governmental institutions.

This report will undertake a comprehensive exploration into the future of governmental communications, with a specific emphasis on the safety and security of the devices and software that facilitate these exchanges. The analysis will begin by examining the current state of governmental communication technologies, including a detailed look at their existing security features and any known vulnerabilities. Subsequently, the report will delve into emerging technologies that hold the potential to significantly enhance the security of governmental communications in the coming years. A critical component of this analysis will involve identifying and dissecting the potential security risks and challenges that governments will face as they adopt these future technologies. Following this, the report will discuss various safety measures, protocols, and best practices that can be implemented to bolster the security of devices and software used in governmental communications. The pivotal role of government regulations, standards, and certifications in promoting the safety and security of these technologies will also be thoroughly examined. To provide practical context and valuable insights, the report will include global case studies of both successful and unsuccessful implementations of secure communication systems within government bodies. Finally, the report will synthesize the perspectives of experts in the fields of cybersecurity, government technology, and academia to outline the key trends, challenges, and potential solutions that will shape the future of governmental communication security.

2. The Current Landscape of Governmental Communication Technologies

  • 2.1. Devices and Software Currently in Use: An Overview

For the transmission and discussion of the most sensitive and classified information, governments around the world rely on dedicated, highly secure networks. In the United States, examples of such systems include the Secret Internet Protocol Router Network (SIPRNet) and the Joint Worldwide Intelligence Communications System (JWICS) 3. These networks are primarily utilized by the Department of Defense and intelligence agencies and are characterized by their physical isolation from the public internet, requiring specific security clearances and adherence to stringent protocols for access. Their fundamental purpose is to provide an environment where classified information can be discussed, shared, and transmitted with a high degree of confidence in its security.

In contexts where the information is less sensitive but still requires a degree of official handling, government entities may employ commercial platforms that have been adapted or configured to meet specific security requirements. Microsoft Teams, for instance, can be utilized within government settings, often with specialized security configurations and add-ons designed to comply with government standards 4. Additionally, secure messaging applications like Signal and Wickr have found their way into governmental use, sometimes even receiving recommendations for specific, unclassified purposes from agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) 4. However, it is crucial to note that the use of these commercial applications for the transmission of highly classified information is generally prohibited due to inherent security trade-offs and compliance concerns.

Beyond these specialized networks and adapted commercial platforms, government employees routinely utilize general-purpose devices for a wide array of official communications that do not necessitate the highest levels of security. These typically include government-issued laptops, desktop computers, and an increasing number of mobile phones. These devices are often equipped with specific security software and configurations mandated by government policies. Furthermore, a growing trend in governmental operations is the adoption of cloud-based services for various functions, including communication and collaboration 9. This shift towards cloud infrastructure necessitates careful consideration of cloud security protocols and adherence to government-specific compliance frameworks such as the Federal Risk and Authorization Management Program (FedRAMP).

The current landscape of governmental communication technologies presents a layered approach, with highly secure, purpose-built systems at one end of the spectrum for classified data and a more diverse range of options, including adapted commercial platforms and general-purpose devices, for unclassified communications. This multi-faceted approach reflects the varying security requirements for different types of governmental information and the ongoing efforts to balance security with usability and cost-effectiveness.

  • 2.2. In-depth Analysis of Security Features in Existing Systems

Systems like SIPRNet and JWICS incorporate a multitude of security features designed to protect highly sensitive information. A fundamental aspect of their security is their physical isolation from the public internet and other unclassified networks, requiring physical access to designated secured facilities known as SCIFs (Secure Compartmented Information Facilities) or adapted secure offices 3. Access to these networks is strictly controlled through the requirement of specific security clearances and the completion of mandatory training programs that outline the proper usage protocols. These networks are engineered to function as completely secure environments where classified information can be discussed, shared, and transmitted without the risk of interception from external, unauthorized entities.

BlackBerry SecuSUITE stands out as a platform offering government-grade security through several advanced features 11. A cornerstone of its security architecture is a zero-trust identity verification process. Unlike consumer applications that often rely on self-registration mechanisms, SecuSUITE mandates that every user within the system undergoes explicit verification and is subject to continuous authorization. This robust approach effectively prevents unauthorized individuals from gaining access to sensitive communication networks, thereby mitigating risks associated with identity spoofing and unauthorized infiltration. Furthermore, SecuSUITE provides comprehensive metadata protection. While many consumer applications encrypt the content of messages, they often leave the associated metadata, such as who is communicating with whom, when, and for how long, exposed. This metadata can be exploited by adversaries to understand communication patterns and potentially gain insights into classified operations. BlackBerry Secure Communications addresses this critical vulnerability by ensuring that metadata is also encrypted and tunneled, rendering it invisible to potential threats. This dual-layered protection secures both the substance and the context of communications. Another key security feature of SecuSUITE is its commitment to sovereign data control. Consumer messaging applications typically store communication data on external servers, often located overseas, which can raise concerns about jurisdictional and operational security. BlackBerry Secure Communications offers tailored deployment models, including on-premises systems, hybrid solutions, and sovereign cloud options. This flexibility ensures that sensitive government data never leaves the designated jurisdiction, allowing governments and enterprises to maintain absolute control over their information, free from third-party dependencies and the risks associated with foreign infrastructure.

Wickr, now part of Amazon Web Services (AWS), is another secure collaboration platform designed for government agencies, offering a suite of security features aimed at providing unmatched protection for communications 6. A primary security feature is its end-to-end encryption, which ensures that all communications, including text messages, calls, video conferences, and file sharing, are protected between and throughout governmental agencies. This level of security aims to replicate the privacy of a face-to-face conversation. Wickr also functions as an ephemeral collaboration platform, meaning that messages and files can be configured to automatically expire and disappear after a predetermined period, thereby reducing the long-term risk of sensitive information being exposed. The platform includes features that are FIPS 140-2 validated, a significant certification indicating that the cryptographic modules used by Wickr meet the stringent security standards required by the U.S. federal government for safeguarding sensitive information. Wickr also offers global federation capabilities, allowing administrators of private Wickr networks to permit communication between users with free public accounts and those within the protected network without compromising its security. Furthermore, Wickr provides robust provisioning and administrative controls, enabling government agencies to effectively manage user access and permissions, ensuring that only authorized personnel can participate in secure communications.

Rocket.Chat, an open-source communication platform, offers a range of robust security features tailored to meet the stringent requirements of federal government agencies 8. A key aspect of its security is the flexibility in deployment options, including the cloud, on-premises, and even air-gapped environments, allowing agencies to maintain maximum control over their data and comply with specific regulatory and security mandates. The platform emphasizes data privacy and sovereignty through features like access controls, authentication mechanisms, and support for compliance with standards such as HIPAA, GDPR, ISO27001, and Iron Bank. Rocket.Chat provides messaging governance capabilities, enabling the monitoring of conversations, and offers end-to-end encryption to ensure that only intended recipients can read messages. For agencies utilizing artificial intelligence, Rocket.Chat AI allows for the deployment of self-hosted Large Language Models (LLMs), ensuring that classified information remains secure within the agency’s network. It also facilitates controlled data access based on user roles and clearance levels. To protect against threats, Rocket.Chat advocates for a zero-trust approach and allows for the implementation of Data Loss Prevention (DLP) strategies. Being built on open-source code provides transparency and allows for community scrutiny. The platform also supports multi-factor authentication and can be integrated with other security tools. Notably, Rocket.Chat is designed for use in air-gapped environments, preventing any connection to external networks for maximum security and legal compliance.

Granicus, a provider specializing in digital services and citizen engagement for government entities, incorporates several security features into its platforms 14. These include encryption for sensitive personal data both when it is being transmitted and when it is stored. Granicus also implements access controls to ensure that only authorized personnel can access sensitive information and follows data minimization principles. Regular vulnerability scanning and security monitoring are conducted to identify and address potential weaknesses. The company also operates a bug bounty program to further enhance its security posture. Notably, Granicus is FedRAMP compliant, indicating that its cloud services have undergone the rigorous security assessment and authorization process required for use by federal government agencies. The platform utilizes technologies like SSL/TLS encryption for data in transit and encryption for data at rest in its databases. Its data centers adhere to top certification requirements to ensure the safety and privacy of data. Granicus also offers integration with MAX Authentication, enabling organizations to utilize multi-factor authentication for administrators accessing their systems. The cloud infrastructure relies on providers like Azure and AWS, which offer robust physical and operational security controls.

  • 2.3. Known Vulnerabilities and Limitations of Current Technologies

Despite the array of security features implemented in governmental communication technologies, vulnerabilities and limitations persist. A significant factor is human error. Even the most secure systems can be compromised by individuals making mistakes, such as unintentionally including unauthorized participants in secure communication channels. The incident involving top officials reportedly sharing sensitive military plans via a Signal group chat that inadvertently included a journalist serves as a stark reminder of this risk 11. Furthermore, the use of personal devices for official communication, against established policies, can introduce vulnerabilities as these devices may not have the same level of security controls as government-issued equipment 17. Phishing scams also represent a persistent threat, capable of bypassing even strong encryption if individuals are tricked into revealing their credentials or sensitive information 18.

Commercial messaging applications, while offering convenience and encryption, have inherent limitations when it comes to handling highly sensitive governmental communications 11. One concern is the potential exposure of metadata, which can reveal patterns of communication even if the content itself is encrypted. Additionally, these apps often lack the robust administrative controls and auditing capabilities that are typically required by government regulations. Features like disappearing messages, while enhancing privacy in some contexts, can also pose challenges for compliance with record retention laws, which mandate the preservation of official communications. The National Security Agency (NSA) even issued a warning to its employees about vulnerabilities in the Signal app, specifically highlighting the risk of phishing attacks targeting Signal users 18.

Beyond the vulnerabilities associated with human error and the limitations of commercial applications, government IT systems in general are susceptible to various systemic weaknesses. Research has uncovered configuration errors, instances of information disclosure, SQL injection flaws, and server-side request forgery vulnerabilities affecting systems used by prominent government agencies such as NASA, the Environmental Protection Agency (EPA), and the United States Department of Agriculture (USDA) 21. These findings underscore that even dedicated government systems are not immune to security flaws that can be exploited by malicious actors.

The increasing reliance on mobile devices for governmental work has also expanded the attack surface and introduced new vulnerabilities 22. Phishing attacks can be delivered via various channels on mobile devices, including email, SMS, and messaging apps. Exploits targeting vulnerabilities in mobile operating systems can compromise devices and grant unauthorized access to sensitive data. Moreover, insecure usage practices, such as connecting to public Wi-Fi networks or using personal Virtual Private Networks (VPNs), can expose devices and the information they contain to potential threats 23. Finally, many government agencies continue to operate legacy IT systems that were developed decades ago and were not designed to withstand modern cybersecurity threats 25. These outdated systems often lack the necessary security patches and updates, making them particularly vulnerable to exploitation by cybercriminals.

3. Emerging Technologies Shaping the Future of Governmental Communications

  • 3.1. Advancements in Encryption (including post-quantum cryptography)

The future of secure governmental communications will be significantly shaped by ongoing advancements in encryption technologies. One of the most pressing concerns is the potential threat posed by the rise of quantum computing to currently used encryption methods 1. Quantum computers possess the theoretical capability to break many of the public-key cryptography algorithms that underpin the security of much of our digital infrastructure, including governmental communications. To address this looming threat, significant research and development efforts are underway in the field of post-quantum cryptography (PQC). These new encryption algorithms are specifically designed to withstand the computational power of quantum computers, ensuring that sensitive data remains secure even in a post-quantum era.

The National Institute of Standards and Technology (NIST) has played a leading role in this area, announcing the first finalized post-quantum encryption standards in August 2024 30. These standards, including Federal Information Processing Standard (FIPS) 203 (based on the CRYSTALS-Kyber algorithm, renamed ML-KEM), FIPS 204 (based on the CRYSTALS-Dilithium algorithm, renamed ML-DSA), and FIPS 205 (based on the Sphincs+ algorithm, renamed SLH-DSA), are intended to provide the primary standards for general encryption and digital signatures, respectively. NIST is actively encouraging computer system administrators within government and other sectors to begin transitioning to these new standards as soon as possible to future-proof their systems against quantum attacks.

Beyond the realm of post-quantum cryptography, artificial intelligence (AI) is also emerging as a potential force in enhancing encryption technologies 1. AI-powered encryption leverages machine learning algorithms to adapt encryption methods in real time, potentially detecting threats and anomalies in encrypted data faster than traditional systems. By continuously monitoring encrypted communications for suspicious activity or potential vulnerabilities, AI could provide a proactive layer of defense, automating threat detection and response. This could significantly reduce the time required to identify and mitigate attacks, thereby improving the overall security posture of government agencies.

Finally, end-to-end encryption will continue to be a fundamental security feature for governmental communications 5. This method of encryption ensures that data is protected from the sender to the recipient, with no intermediate party, including the communication service provider, having access to the unencrypted content. As cyber threats become more sophisticated, the adoption and robust implementation of end-to-end encryption will remain a critical baseline for securing governmental exchanges.

  • 3.2. Developments in Secure Hardware and Trusted Computing

Developments in secure hardware and trusted computing are also poised to play a crucial role in shaping the future of governmental communications security. The concept of hardware-rooted security, particularly in mobile devices, is gaining increasing attention as a means of ensuring device integrity 32. This approach aims to establish a chain of trust starting from the device’s hardware, verifying the integrity of its software and firmware configurations. Technologies like Trusted Platform Modules (TPMs) and secure enclaves are designed to provide a secure foundation within devices for cryptographic operations and the protection of sensitive data. Secure boot processes and firmware integrity checks are also critical for preventing tampering with the device’s fundamental software.

Recognizing the importance of secure hardware, the U.S. government has announced plans to leverage its purchasing power to incentivize the development and adoption of more secure devices. Beginning in 2027, the U.S. government intends to buy only devices that carry a Cyber Trust Mark, indicating that they meet certain cybersecurity standards 31. This policy is expected to drive manufacturers to incorporate more robust security features into their hardware.

Conversely, there are growing concerns about the national security risks associated with the use of hardware manufactured by foreign adversaries 33. These concerns stem from the potential for backdoors or other vulnerabilities to be intentionally introduced into the hardware during the manufacturing process, which could then be exploited for espionage or other malicious purposes. This has led to increased scrutiny of foreign-manufactured Internet of Things (IoT) modules and other critical components used in various sectors, including government. There is a growing recognition of the need to develop and promote secure domestic alternatives to mitigate these risks.

  • 3.3. Specialized Secure Communication Platforms and Their Potential

The limitations of relying on commercial off-the-shelf applications for the most sensitive governmental communications are driving a renewed interest in the development and deployment of specialized, purpose-built secure communication platforms 16. These platforms, sometimes referred to as a potential “BlackBerry 2.0,” are envisioned as controlled environments incorporating layered security measures specifically tailored to the unique needs and threat landscape faced by governments. Such systems could integrate enhanced features that go beyond basic encryption, including biometric authentication for verifying user identities, multi-factor authorization to prevent unauthorized access, hardware-based encryption for robust data protection, and real-time intrusion detection systems to identify and respond to malicious activity. Furthermore, these platforms could be built upon hardened operating systems specifically designed for secure communications, minimizing the attack surface and reducing the potential for exploitation. For the most ultra-sensitive data, the use of air-gapped networks, which are physically isolated from the internet, could offer an additional layer of critical protection.

Another key area of focus is the need for secure communication platforms that facilitate seamless collaboration across different government agencies while maintaining appropriate security levels 4. The ability for various departments and entities to communicate and share information securely in real-time is crucial for effective governance and coordinated responses to critical situations. This necessitates the development of cross-agency chat and text systems that are owned and mandated for use across the government, ensuring a consistent and secure communication environment.

However, the development and deployment of new, specialized secure communication platforms also present challenges. One significant hurdle is ensuring interoperability with existing legacy systems, which many government agencies still rely on. Balancing the need for robust security with user-friendliness and operational efficiency will also be critical factors in the successful adoption of these future platforms.

  • 3.4. The Role of Artificial Intelligence in Enhancing Security

Artificial intelligence (AI) is poised to play an increasingly significant role in both enhancing and challenging the security of governmental communications in the future 1. On the defensive side, AI offers the potential to revolutionize threat detection and analysis. By analyzing vast amounts of communication data, AI algorithms can identify patterns and anomalies that may indicate malicious activity or potential security breaches. This capability could significantly improve the speed and accuracy of threat detection, allowing for more timely and effective responses. AI can also be leveraged for vulnerability discovery and patch management. By automatically scanning software code and system configurations, AI could identify potential weaknesses that could be exploited by attackers, and even potentially automate the process of applying necessary security patches. Furthermore, AI could contribute to the development of more sophisticated and secure authentication methods, potentially incorporating behavioral biometrics or other advanced techniques to verify user identities.

However, it is crucial to acknowledge that AI also presents potential risks and challenges. Adversaries can also harness the power of AI for malicious purposes, developing more sophisticated and targeted cyberattacks. AI could be used to create more convincing phishing campaigns, generate deepfakes for disinformation purposes, or even automate certain aspects of cyberattacks, making them faster and more difficult to defend against. Therefore, as governments explore the potential of AI to enhance communication security, they must also be mindful of the potential risks and invest in proactive security measures to counter AI-powered threats.

4. Analyzing Potential Security Risks and Challenges in the Future

  • 4.1. Threats from State-Sponsored Actors and Advanced Persistent Threats (APTs)

In the future landscape of governmental communications, threats from state-sponsored actors and Advanced Persistent Threats (APTs) will continue to pose a significant challenge 11. These actors, often backed by nation-states, possess sophisticated capabilities and are highly motivated to target government communications for cyber espionage and intelligence gathering. Their objectives can range from obtaining sensitive national security information and diplomatic secrets to disrupting critical infrastructure and influencing geopolitical events. The tactics and techniques employed by these groups are constantly evolving, making it imperative for governments to maintain continuous vigilance and implement advanced security measures to defend against these persistent threats. The risk of APTs targeting communication systems that underpin critical infrastructure is particularly concerning, as successful attacks could lead to widespread service disruptions and significant harm to public safety and the economy.

  • 4.2. The Evolving Landscape of Cybercrime and Ransomware

The realm of cybercrime, particularly ransomware attacks, is also expected to present an ongoing and evolving threat to governmental communications in the years ahead 1. Driven primarily by financial gain, cybercriminals are increasingly targeting government agencies with ransomware, encrypting critical data and demanding significant ransom payments for its release. The rise of Ransomware as a Service (RaaS) has further exacerbated this problem, making ransomware attacks more accessible to a wider range of actors with varying levels of technical expertise. Successful ransomware attacks can have severe consequences for government agencies, disrupting essential public services, compromising sensitive citizen data, and incurring significant financial losses.

  • 4.3. Insider Threats and Human Error in Secure Communications

Despite technological advancements, insider threats and human error will likely remain critical vulnerabilities in the security of governmental communications 2. Insider threats can involve individuals with authorized access intentionally misusing their privileges to leak, steal, or tamper with sensitive information. Unintentional errors and negligence on the part of employees also represent a significant risk. These can include actions such as accidentally sharing information with unauthorized individuals, falling victim to social engineering attacks, or misconfiguring security settings. Detecting and preventing insider threats can be particularly challenging, as these actors often have legitimate access to the systems and data they target.

  • 4.4. Challenges Posed by Quantum Computing

As discussed earlier, the emergence of quantum computing poses a significant long-term challenge to the security of current cryptographic standards used to protect governmental communications 1. The threat of “harvest now, decrypt later” attacks is particularly concerning. Adversaries can collect encrypted data today with the anticipation of being able to decrypt it in the future when quantum computers become sufficiently powerful. This underscores the urgent need for governments to proactively plan and execute a transition to post-quantum cryptographic algorithms to mitigate these future risks.

  • 4.5. Supply Chain Vulnerabilities in Hardware and Software

The increasing complexity of modern technology and the reliance on third-party vendors for hardware and software introduce significant supply chain vulnerabilities that could be exploited to compromise governmental communications 26. These vulnerabilities can arise at various stages of the supply chain, from the design and manufacturing of hardware components to the development and distribution of software. The use of components from foreign adversaries is a particular concern, as it raises the possibility of intentional backdoors or other malicious elements being introduced into the systems. Ensuring the security and integrity of the entire supply chain, including greater transparency through measures like Software Bills of Materials (SBOMs), will be crucial for safeguarding future governmental communications.

5. Safety Measures, Protocols, and Best Practices for Future Communications

  • 5.1. Robust Authentication Methods (including FIDO)

Implementing robust authentication methods will be paramount for securing future governmental communications 8. Multi-Factor Authentication (MFA), which requires users to provide two or more verification factors to gain access, should be a fundamental security control across all government systems. Beyond traditional MFA methods, the adoption of phishing-resistant authentication technologies like Fast Identity Online (FIDO) is crucial 23. FIDO authentication, which includes hardware security keys and passkeys, offers a significantly stronger defense against phishing attacks compared to methods like SMS-based one-time codes. Biometric authentication, such as fingerprint and facial recognition, can also provide a convenient and secure method for verifying user identities 16. Furthermore, the principles of a zero-trust security model, where no user or device is inherently trusted and continuous verification is required, should be adopted across all aspects of governmental communication infrastructure 11.

  • 5.2. Comprehensive Data Protection Strategies (including data sovereignty)

Comprehensive data protection strategies will be essential for safeguarding sensitive governmental information. This includes the consistent use of encryption, both when data is at rest (stored) and when it is in transit (being transmitted) 8. Data Loss Prevention (DLP) strategies should be implemented to prevent sensitive information from being inadvertently or maliciously shared with unauthorized individuals 12. The principle of data minimization, which advocates for collecting and retaining only the necessary data, should also be followed to reduce the potential impact of a data breach 14. Finally, given geopolitical considerations and the need to comply with national regulations, governments must prioritize data sovereignty, maintaining control over where their communication data is stored and processed. This may involve utilizing on-premises systems, hybrid cloud solutions, or sovereign cloud offerings 11.

  • 5.3. Effective Incident Response and Recovery Plans

The development and rigorous testing of effective incident response and recovery plans are critical for minimizing the impact of security breaches on governmental communications 40. Standardized playbooks outlining procedures, roles, and responsibilities for responding to various types of cyber incidents should be established and regularly updated. Secure out-of-band communication channels, which are separate from the primary networks, should be in place for incident response teams to use when primary systems are compromised 43. Robust data backup and recovery plans are essential to ensure business continuity in the event of a successful attack. Regular testing and simulation exercises of these plans are crucial to identify weaknesses and ensure their effectiveness in a real-world scenario.

  • 5.4. Mobile Device Security Management and Best Practices

With the increasing use of mobile devices for government work, implementing robust mobile device security management policies and solutions is paramount 44. Mobile Device Management (MDM) solutions can be used to enforce security policies, manage devices remotely, and control access to sensitive data. For agencies that allow employees to use their own devices (Bring Your Own Device – BYOD), clear policies and security controls must be established 32. Educating users on mobile security best practices is also critical 23. This includes training on using strong passwords, avoiding public Wi-Fi networks, being cautious of phishing attempts, and understanding the risks associated with downloading applications from untrusted sources. Technical controls, such as disabling unnecessary features like Bluetooth and location services when not in use, regularly updating device software, and utilizing security software, should also be enforced.

  • 5.5. The Importance of Employee Training and Awareness

Comprehensive and continuous cybersecurity awareness training for all government employees will be a cornerstone of ensuring the safety of future governmental communications 1. Training programs should focus on educating employees about how to recognize and avoid phishing and social engineering attacks, which are common vectors for compromising secure communications. Employees must also be thoroughly trained on the proper use of secure communication tools and the importance of adhering to established security protocols. Education on the proper handling and classification of sensitive data is also crucial. Given the constantly evolving threat landscape, training should not be a one-time event but rather an ongoing process with regular refreshers to keep employees informed about the latest threats and best practices 25.

6. The Role of Government Regulations, Standards, and Certifications

  • 6.1. Existing Regulatory Frameworks

Several existing regulatory frameworks play a significant role in shaping the security of governmental communication technologies. The Federal Information Security Modernization Act (FISMA) mandates that federal agencies develop, implement, and maintain comprehensive information security programs to protect their information and information systems 25. The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services that are used by the federal government 8. The Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications carriers to provide assistance to law enforcement agencies in conducting lawful electronic surveillance 37. The Federal Trade Commission (FTC) Act and the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, while broadly applicable, also have implications for data security and privacy for a wide range of organizations, including those that contract with the government 45. Finally, the Privacy Act governs the collection, use, and disclosure of personal information held by federal government agencies, emphasizing the need for data security and confidentiality 45. These frameworks collectively establish a baseline of security requirements and compliance obligations for government entities and their partners.

  • 6.2. Proposed and Emerging Standards and Certifications

The landscape of standards and certifications for governmental communication security is continuously evolving to address emerging threats and technological advancements. As previously discussed, the National Institute of Standards and Technology (NIST) has recently finalized the first set of post-quantum cryptography standards (FIPS 203, 204, 205), which are critical for preparing for the potential impact of quantum computing on current encryption methods 30. The National Information Assurance Partnership (NIAP) oversees the evaluation of commercial off-the-shelf (COTS) IT products for use in National Security Systems (NSS), providing a mechanism for ensuring that these products meet stringent security requirements 46. The proposed Cyber Trust Mark has the potential to drive the adoption of more secure hardware by signaling to government purchasers which devices meet established cybersecurity standards 31. Industry certifications like CompTIA Security+ can validate that cybersecurity professionals possess the foundational knowledge and skills necessary to implement and manage secure communication technologies 48. NIST Special Publication 800-124 offers specific guidelines for managing the security of mobile devices within organizations, including government agencies 22. For Department of Defense (DoD) contractors, the Cybersecurity Maturity Model Certification (CMMC) provides a unified standard for implementing cybersecurity across the defense industrial base 22. These emerging standards and certifications aim to raise the overall security posture of governmental communications by providing clear benchmarks and validation processes.

  • 6.3. The Impact of Executive Orders and Policy Directives

Executive orders and policy directives issued by the highest levels of government also exert a significant influence on the security practices surrounding governmental communications. Executive Order 14028, titled “Improving the Nation’s Cybersecurity,” mandates several key actions for federal agencies, including enhancing software supply chain integrity, moving towards a zero-trust architecture, and implementing multi-factor authentication and encryption within specific timeframes 39. A more recent executive order on strengthening and promoting innovation in the nation’s cybersecurity further emphasizes the importance of secure software development practices, promotes the use of privacy-preserving digital identity technologies, directs research and development of AI-based cybersecurity tools, and accelerates the transition to post-quantum cryptography 31. Homeland Security Presidential Directive-12 (HSPD-12) establishes mandatory standards for access control systems in all federal facilities, impacting the security of physical locations where communication technologies are housed and accessed 50. Executive Order 14117, aimed at preventing access to Americans’ bulk sensitive personal data by countries of concern, also has implications for the security requirements surrounding certain types of data transactions involving government-related information 51. These executive actions demonstrate a high-level commitment to strengthening the cybersecurity posture of the U.S. government and provide clear direction for agencies to enhance the security of their communication technologies.

  • 6.4. International Cooperation and Standards in Governmental Communication Security

Given the transnational nature of cyber threats, international cooperation and the development of shared security standards are increasingly important in the realm of governmental communication security. Cyberattacks often originate from outside national borders, necessitating collaboration between governments to share threat intelligence, coordinate responses, and develop effective countermeasures. Participation in international standards bodies is a key mechanism for fostering this cooperation and ensuring that U.S. government cybersecurity requirements are incorporated into globally recognized standards 46. Agencies like the National Security Agency (NSA) actively engage with international organizations such as the Third Generation Partnership Program (3GPP), the Internet Engineering Task Force (IETF), and the International Organization for Standardization/International Electrotechnical Committee (ISO/IEC) to contribute their expertise and ensure that security considerations are integrated into the development of new communication technologies and protocols. This international collaboration is essential for building a more secure global cyberspace and effectively addressing the complex challenges of governmental communication security in an interconnected world.

7. Global Case Studies: Lessons Learned from Implementations

  • 7.1. Successful Implementations of Secure Communication Systems

While detailed public case studies of highly classified government communication systems like SIPRNet and JWICS are understandably limited, their continued operation for decades attests to their long-standing success in securing highly sensitive information. In the realm of more commercially available platforms, there are examples of successful deployments within government agencies. For instance, platforms like BlackBerry SecuSUITE and Wickr have been adopted by various government entities seeking enhanced security features beyond those offered by standard consumer applications 6. Rocket.Chat’s flexibility and open-source nature have also led to its successful implementation in government settings, particularly where data sovereignty and control are paramount 13. The adoption of secure cloud environments for government communications, facilitated by FedRAMP compliance as seen with platforms like Granicus, represents another area of successful implementation 10. Beyond secure internal communications, government communication strategies aimed at the public have also seen successes. The UK government’s “Get Ready for Brexit” campaign effectively utilized various platforms to disseminate crucial information to citizens 52. Additionally, the Air Force Office of Legislative Affairs reported improved information sharing efficiency through the adoption of a unified working platform 53. These examples demonstrate that secure and effective governmental communication systems are achievable through a combination of appropriate technologies, robust policies, and well-defined strategies.

  • 7.2. Analysis of Unsuccessful Implementations and Security Breaches

Examining instances of unsuccessful implementations and security breaches provides valuable lessons for improving future practices. The reported incident involving top U.S. officials using the Signal messaging app to discuss sensitive military plans, which inadvertently included a journalist, highlights the risks associated with human error and the debate over the suitability of commercial applications for highly sensitive discussions 4. This case underscores that even platforms with strong encryption can be vulnerable to operational lapses. The 2015 data breach at the U.S. Office of Personnel Management (OPM), where the personal information of over 21 million individuals was compromised, serves as a stark reminder of the potential consequences of inadequate cybersecurity practices within government 2. The SolarWinds attack in 2020-2021, a sophisticated supply chain attack that affected numerous U.S. government agencies, including the Departments of Homeland Security and Treasury, demonstrated the far-reaching impact of vulnerabilities in third-party software 1. Similarly, the 2018 cyberattack on Singapore’s health system, SingHealth, which compromised the personal data of 1.5 million patients, including the Prime Minister’s medical records, illustrates the potential for significant breaches in government healthcare systems 2. Even failures in communication strategy, such as the risk communication breakdown in New Orleans before Hurricane Katrina, where critical information was not effectively conveyed to the public, can have severe consequences 54. These cases underscore the multifaceted nature of security challenges in governmental communications, encompassing technological vulnerabilities, human error, and strategic communication failures.

  • 7.3. Comparative Study of Different Governmental Approaches to Secure Communication

Governments around the world have adopted varying approaches to securing their communications. Some governments prioritize the development and maintenance of centralized, government-owned and operated secure communication systems, particularly for highly classified information. This approach offers maximum control over the security infrastructure and data. In contrast, other governments are more open to adopting secure commercial solutions, particularly for less sensitive communications, often citing factors such as cost-effectiveness and user familiarity. However, this approach necessitates careful vetting of vendors and platforms to ensure they meet the government’s security requirements and compliance obligations. There are also variations in the regulatory approaches adopted by different countries to govern the security of governmental communications. Some nations have established highly prescriptive regulations and standards, while others may favor a more risk-based approach. The level of enforcement and the resources dedicated to overseeing compliance also vary across different governmental systems. Ultimately, the optimal approach to secure governmental communication likely depends on a variety of factors, including the specific security needs of the government, the available resources, the existing technological infrastructure, and the prevailing geopolitical landscape. There is no one-size-fits-all solution, and governments must carefully weigh the trade-offs between different approaches to find the model that best suits their unique circumstances.

8. Expert Opinions and Predictions on the Future of Governmental Communication Security

  • 8.1. Insights from Cybersecurity Professionals

Cybersecurity professionals overwhelmingly emphasize the need for government agencies to adopt a zero-trust security model as a foundational principle for future communication security 13. This approach, which assumes that no user or device is inherently trustworthy, necessitates continuous verification and strict access controls. Experts also stress the importance of implementing a layered security approach, which involves deploying multiple security controls across different levels of the communication infrastructure, addressing technology, people, and processes 16. The persistent challenge of human error remains a significant concern for cybersecurity professionals, who advocate for better training programs and the development of more user-friendly secure communication tools to mitigate this risk 11. Some experts argue that for the most sensitive governmental communications, a greater emphasis should be placed on purpose-built, government-specific platforms rather than relying on commercial applications that may not be designed to meet the stringent security requirements of national security 4.

  • 8.2. Perspectives from Government Technology Leaders

Government technology leaders recognize the critical need for modernized messaging options that can be trusted for real-time communications about sensitive and even classified activities 4. They acknowledge the challenges of balancing stringent security requirements with the need for tools that are also convenient and efficient for government employees to use in their daily workflows. There is a strong emphasis on the importance of interoperability, ensuring that secure communication systems can seamlessly connect and exchange information across different government agencies and levels of government 8. Some government technology leaders suggest that partnering with existing industry platforms, rather than solely relying on in-house developed solutions, might be a more effective approach to providing modern and secure communication capabilities 4.

  • 8.3. Predictions from Academic Researchers in the Field

Academic researchers in cybersecurity predict a continued increase in the sophistication and frequency of cyberattacks targeting government entities in the future 34. They foresee a growing role for artificial intelligence in cyber warfare, with AI being used by both attackers to launch more sophisticated attacks and by defenders to enhance threat detection and response capabilities 1. There is a strong consensus among researchers regarding the urgency of achieving quantum readiness, emphasizing the critical need for governments to proactively transition to post-quantum cryptographic standards to protect their communications from future quantum-based threats 27. Researchers also anticipate a continued focus on addressing vulnerabilities in the software and hardware supply chains, recognizing that these areas represent significant risks to the security of governmental communications 26.

9. Conclusion: Key Trends, Challenges, and Recommendations for Ensuring Safety

  • 9.1. Synthesizing the Gathered Information to Highlight Critical Trends

The analysis of the future of governmental communications reveals several critical trends. There is an undeniable and increasing reliance on digital communication across all levels of government. This trend is accompanied by a persistent tension between the need for stringent security and the desire for usability and efficiency in communication tools. The threat landscape is becoming increasingly complex, characterized by the growing sophistication of cyber threats, including attacks from state-sponsored actors and the proliferation of ransomware. The looming threat posed by quantum computing necessitates proactive measures to future-proof cryptographic systems. Addressing human factors, such as error and insider threats, remains a critical challenge. The regulatory and standards landscape governing governmental communication security is constantly evolving. Finally, artificial intelligence is emerging as a dual-edged sword, offering potential solutions for enhancing security while also posing new threats.

  • 9.2. Addressing the Major Challenges Identified in Securing Future Communications

Securing future governmental communications presents several major challenges. Overcoming the inherent limitations of commercial communication applications for handling highly sensitive data is a key concern. Mitigating the risks associated with human error and insider threats requires a multi-faceted approach involving technology, policy, and training. The transition to post-quantum cryptography is a complex and time-sensitive undertaking. Ensuring the security of the hardware and software supply chain in an increasingly interconnected world is a significant hurdle. Balancing stringent security requirements with the practical needs of users and the demands of operational efficiency is an ongoing challenge. Finally, addressing the cybersecurity skills gap within government agencies is crucial for effectively managing and defending against evolving threats.

  • 9.3. Proposing Potential Solutions and Strategic Recommendations for Governments

To ensure the safety of devices and software in future governmental communications, several strategic recommendations can be made. Governments should invest in the development and deployment of purpose-built, highly secure communication platforms with layered security features specifically designed to meet their unique needs. The implementation of robust and user-friendly multi-factor authentication methods, including phishing-resistant options like FIDO, should be prioritized across all government systems. Adopting a zero-trust security architecture is essential for minimizing the attack surface and enhancing overall security. Governments must also prioritize data sovereignty and maintain control over their communication data, considering deployment options that align with their security and regulatory requirements. The development and rigorous testing of comprehensive incident response and recovery plans are crucial for minimizing the impact of potential security breaches. Strong mobile device security management policies and solutions must be implemented to address the growing risks associated with mobile communications. Investing in comprehensive and continuous cybersecurity awareness training for all government employees is paramount for building a human firewall against cyber threats. Proactive transition to post-quantum cryptographic algorithms, as recommended by NIST, is essential to prepare for the future threat of quantum computing. Stringent security requirements, including mandatory Software Bills of Materials (SBOMs) and Bills of Materials (BOMs), should be established for all hardware and software vendors. Fostering greater collaboration between government agencies, industry partners, and academic researchers in the field of secure communication technologies will be vital for staying ahead of emerging threats. Finally, governments must continuously monitor the evolving threat landscape and adapt their security strategies accordingly to maintain a resilient and secure communication environment.

PlatformEncryption TypeEnd-to-End?AuthenticationData SovereigntyMetadata ProtectionAdministrative ControlsCompliance Certifications
SIPRNetClassified, likely proprietary encryptionYesClearance, Physical AccessGovernment-controlledYesStrict, Government-controlledHighly classified environments
JWICSClassified, likely proprietary encryptionYesClearance, Physical AccessGovernment-controlledYesStrict, Government-controlledHighly classified environments
BlackBerry SecuSUITEStrong encryptionYesZero-Trust VerificationSovereign Data ControlComprehensiveYesMeets highest government security standards
WickrEnd-to-End EncryptionYesProvisioning & Admin ControlsUser-controlledYesYesFIPS 140-2 Validated
Rocket.ChatEnd-to-End EncryptionYesMFA, SSO, LDAP/ADSelf-hosted, Air-gappedYesYesHIPAA, GDPR, ISO27001, Iron Bank
SignalEnd-to-End EncryptionYesPhone Number RegistrationCompany-controlledLimitedLimitedOpen Source Protocol
Microsoft TeamsEncryption in transit and at restYesMFA, SSOConfigurableYesYesEnterprise-grade cloud infrastructure, Compliance features
GranicusSSL/TLS (in transit), AES-256-GCM (at rest)YesAccess Controls, MAX AuthAWS/AzureYesYesFedRAMP

Table 1: Comparison of Security Features in Government Communication Platforms

Algorithm Name (Original)Algorithm Name (Renamed)FIPS Standard NumberIntended UseKey Features/AdvantagesCurrent Status
CRYSTALS-KyberML-KEMFIPS 203General EncryptionSmall encryption keys, fast operationFinalized
CRYSTALS-DilithiumML-DSAFIPS 204Digital SignaturePrimary standard for protecting digital signaturesFinalized
Sphincs+SLH-DSAFIPS 205Digital SignatureBackup method, different math approach than ML-DSAFinalized
FALCONDigital Signature(Draft standard planned for late 2024)Draft

Table 2: Timeline of NIST Post-Quantum Cryptography Standardization

Regulation/Standard NameIssuing BodyKey Requirements/Focus AreasApplicability
FISMAU.S. CongressDevelop, implement, and maintain information security programsFederal agencies
FedRAMPU.S. General Services Administration (GSA)Standardized security assessments and authorizations for cloud servicesCloud service providers used by federal government
CALEAU.S. CongressRequires telecom carriers to assist law enforcement in surveillanceTelecommunications carriers
FTC Act §5Federal Trade Commission (FTC)Prohibits unfair or deceptive acts or practices, interpreted to include reasonable data securityMost organizations in the US (excluding banks and common carriers)
GLBA Safeguards Rule (16 CFR Part 314)Federal Trade Commission (FTC)Requires organizations to develop, implement, and maintain a comprehensive information security programFinancial institutions and related entities under FTC jurisdiction
Privacy ActU.S. CongressEstablishes rules for the collection, use, and disclosure of personal informationU.S. federal agencies

Table 3: Key Government Regulations and Standards for Communication Security

Works cited

  1. File and Data Encryption in Government Operations – RealTyme, accessed March 30, 2025, https://www.realtyme.com/blog/understanding-the-basics-of-file-and-data-encryption-in-government-operations
  2. Secure Internal Communication for Government: Why It Matters – RealTyme, accessed March 30, 2025, https://www.realtyme.com/blog/the-importance-of-secure-internal-communication-in-government-agencies
  3. What are govt agents supposed to use for secure communication? : r …, accessed March 30, 2025, https://www.reddit.com/r/ask/comments/1jkreyw/what_are_govt_agents_supposed_to_use_for_secure/
  4. Signal leak sparks new calls for modernized messaging options from defense officials, accessed March 30, 2025, https://defensescoop.com/2025/03/26/dod-signal-chat-group-hegseth-yemen-houthis/
  5. How secure are government communications? : r/PoliticalDiscussion – Reddit, accessed March 30, 2025, https://www.reddit.com/r/PoliticalDiscussion/comments/1jl8hi7/how_secure_are_government_communications/
  6. Secure Communication for the Government | AWS Wickr, accessed March 30, 2025, https://wickr.com/secure-communication-for-the-government/
  7. Here’s what to know about Signal, the messaging app used by national security officials, accessed March 30, 2025, https://www.pbs.org/newshour/nation/heres-what-to-know-about-signal-the-messaging-app-used-by-national-security-officials
  8. 8 most secure government communication platforms – Rocket.Chat, accessed March 30, 2025, https://www.rocket.chat/blog/government-communication
  9. Top 10 Government Software Solutions in 2024 – 123FormBuilder Blog, accessed March 30, 2025, https://www.123formbuilder.com/blog/government-software
  10. Public Sector Success Stories: Case Studies, Videos, Podcasts, Innovator stories | AWS, accessed March 30, 2025, https://aws.amazon.com/solutions/case-studies/government-education/public-sector-success-stories/
  11. The New Secure Communications Realities for Governments, accessed March 30, 2025, https://blogs.blackberry.com/en/2025/03/secure-communications-realities-governments
  12. The ultimate list of 18 most secure messaging apps – Rocket.Chat, accessed March 30, 2025, https://www.rocket.chat/blog/most-secure-messaging-apps
  13. Secure collaboration for Federal government agencies – Rocket.Chat, accessed March 30, 2025, https://www.rocket.chat/industries-government-federal
  14. Granicus Security, accessed March 30, 2025, https://granicus.com/trust-center/security/
  15. What is Signal, the chat app used by US officials to share attack plans? | AP News, accessed March 30, 2025, https://apnews.com/article/signal-app-atlantic-war-plans-32699da142c5209b845e57f690df4925
  16. When Privacy Backfires: Signal, Government Communications, and the Case for Controlled Systems, accessed March 30, 2025, https://www.elabcommunications.com/blog/when-privacy-backfires-signal-government-communications-and-the-case-for-controlled-systems
  17. The security vulnerabilities of using Signal to discuss military operations – YouTube, accessed March 30, 2025, https://www.youtube.com/watch?v=X75Trubi3PU
  18. NSA warned of vulnerabilities in Signal app a month before Houthi …, accessed March 30, 2025, https://www.cbsnews.com/news/nsa-signal-app-vulnerabilities-before-houthi-strike-chat/
  19. Encrypted messaging apps promise privacy. Government transparency is often the price | The Associated Press, accessed March 30, 2025, https://www.ap.org/news-highlights/spotlights/2025/encrypted-messaging-apps-promise-privacy-government-transparency-is-often-the-price/
  20. 3 Criteria When Using Consumer Messaging Apps as a Government Employee – Genasys, accessed March 30, 2025, https://genasys.com/blog/3-criteria-when-using-consumer-messaging-apps-as-a-government-employee/
  21. A case study of vulnerabilities in US government systems – IFCR – Institut For Cyber Risk, accessed March 30, 2025, https://research.ifcr.dk/a-case-study-of-vulnerabilities-in-us-government-systems-a82e9afbf6c2
  22. Mobile Security Solutions for Government & Federal Agencies – Zimperium, accessed March 30, 2025, https://www.zimperium.com/industry/government/
  23. http://www.cisa.gov, accessed March 30, 2025, https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf
  24. National Security Agency | Mobile Device Best Practices – Department of Defense, accessed March 30, 2025, https://media.defense.gov/2021/Sep/16/2002855921/-1/-1/0/MOBILE_DEVICE_BEST_PRACTICES_FINAL_V3%20-%20COPY.PDF
  25. Addressing the Unique Cybersecurity Challenges Faced by Government Agencies – OffSec, accessed March 30, 2025, https://www.offsec.com/blog/the-cybersecurity-challenges-faced-by-government-agencies/
  26. Addressing Cybersecurity Challenges for Local Government – GovOS, accessed March 30, 2025, https://govos.com/blog/addressing-cybersecurity-challenges-for-local-government/
  27. Addressing the Quantum Threat in the US Federal Government | Ping Identity, accessed March 30, 2025, https://www.pingidentity.com/en/resources/blog/post/quantum-threat-us-fed-gov.html
  28. What Is Quantum Computing’s Threat to Cybersecurity? – Palo Alto Networks, accessed March 30, 2025, https://www.paloaltonetworks.com/cyberpedia/what-is-quantum-computings-threat-to-cybersecurity
  29. The Next Big Cyber Threat Could Come from Quantum Computers… Is the Government Ready?, accessed March 30, 2025, https://www.gao.gov/blog/next-big-cyber-threat-could-come-quantum-computers-government-ready
  30. NIST Releases First 3 Finalized Post-Quantum Encryption Standards, accessed March 30, 2025, https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
  31. FACT SHEET: New Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity | The White House – Joe Biden for President, accessed March 30, 2025, https://bidenwhitehouse.archives.gov/briefing-room/statements-releases/2025/01/15/fact-sheet-new-executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/
  32. Strengthening security protocols for mobile government employees., accessed March 30, 2025, https://multimedia.3m.com/mws/media/993457O/strengthening-security-protocols-mobile-federal-gov-employees.pdf
  33. Expanding national security risks from foreign-manufactured hardware, accessed March 30, 2025, https://www.orfonline.org/expert-speak/expanding-national-security-risks-from-foreign-manufactured-hardware
  34. PERSPECTIVE: Key Cybersecurity Predictions Shaping Federal Cyber in 2025 – HS Today, accessed March 30, 2025, https://www.hstoday.us/featured/perspective-key-cybersecurity-predictions-shaping-federal-cyber-in-2025/
  35. 2025 — Key Predictions Shaping the Public Sector – Palo Alto Networks, accessed March 30, 2025, https://www.paloaltonetworks.com/blog/2025/02/2025-key-predictions-shaping-the-public-sector/
  36. The Top 25 Security Predictions for 2025 (Part 1) – Government Technology, accessed March 30, 2025, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-25-security-predictions-for-2025-part-1
  37. FCC requires telecoms to secure networks, suggests steps to secure US communications from cyberattacks – Industrial Cyber, accessed March 30, 2025, https://industrialcyber.co/critical-infrastructure/fcc-requires-telecoms-to-secure-networks-suggests-steps-to-secure-us-communications-from-cyberattacks/
  38. Navigating the increasing government cybersecurity challenges in 2025 and beyond, accessed March 30, 2025, https://www.route-fifty.com/cybersecurity/2025/02/navigating-increasing-government-cybersecurity-challenges-2025-and-beyond/402911/
  39. Improving the Nation’s Cybersecurity – GSA, accessed March 30, 2025, https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/it-security/executive-order-14028
  40. Improving the Nation’s Cybersecurity – GSA, accessed March 30, 2025, https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028
  41. Future of Security Technology: Industry Trends of 2025 – Pelco, accessed March 30, 2025, https://www.pelco.com/blog/security-technology-trends
  42. The Role of Encryption in Securing Government Communications – RealTyme, accessed March 30, 2025, https://www.realtyme.com/blog/the-role-of-encryption-in-government-communications
  43. Secure Communications Use Cases for Government – BlackBerry Blog, accessed March 30, 2025, https://blogs.blackberry.com/en/2023/05/secure-communications-use-cases-for-government
  44. Why mobile device management security is a must for the public sector, accessed March 30, 2025, https://www.openaccessgovernment.org/why-mobile-device-management-security-is-a-must-for-the-public-sector/171592/
  45. Federal Cybersecurity and Data Privacy Laws Directory – IT Governance USA, accessed March 30, 2025, https://www.itgovernanceusa.com/federal-cybersecurity-and-privacy-laws
  46. Center for Cybersecurity Standards – National Security Agency, accessed March 30, 2025, https://www.nsa.gov/Cybersecurity/Partnership/Standards/
  47. Standards & Certifications – National Security Agency, accessed March 30, 2025, https://www.nsa.gov/About/Cybersecurity-Collaboration-Center/Standards-and-Certifications/
  48. Security+ (Plus) Certification – CompTIA, accessed March 30, 2025, https://www.comptia.org/certifications/security
  49. Today’s US Executive Order is a Serious Win for Cybersecurity – Internet Society, accessed March 30, 2025, https://www.internetsociety.org/blog/2025/01/todays-us-executive-order-is-a-serious-win-for-cybersecurity/
  50. Challenges To Maintaining A Secure Government Building – The Flying Locksmiths, accessed March 30, 2025, https://flyinglocksmiths.com/blog/challenges-to-maintaining-a-secure-government-building/
  51. Security Requirements for Restricted Transactions – CISA, accessed March 30, 2025, https://www.cisa.gov/resources-tools/resources/EO-14117-security-requirements
  52. 6 government communications strategy examples and best practices to follow – Rocket.Chat, accessed March 30, 2025, https://www.rocket.chat/blog/government-communications-strategy-examples
  53. Driving Government Affairs Success: Five Case Studies – Papers, accessed March 30, 2025, https://papers.govtech.com/Driving-Government-Affairs-Success%3A-Five-Case-Studies-142845.html
  54. Full article: Risk Communication Failure: A Case Study of New Orleans and Hurricane Katrina – Taylor & Francis Online, accessed March 30, 2025, https://www.tandfonline.com/doi/full/10.1080/10417940802219702

Secure Communications in 2025: More Critical Than Ever Before – BlackBerry Blog, accessed March 30, 2025, https://blogs.blackberry.com/en/2025/01/secure-communications-more-important-than-ever

Discover more from Center for Cyber Diplomacy and International Security

Subscribe to get the latest posts sent to your email.

Comments

Leave a comment

Discover more from Center for Cyber Diplomacy and International Security

Subscribe now to keep reading and get access to the full archive.

Continue reading