CISA tells high level government officials to secure their comms

RICHARD WEINER
Technology for Lawyers
Published: February 7, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has seemingly caught up to the rest of us by recently telling all US government officials to stop using unsecure communication channels and immediately to start using encrypted comms in their mobile devices.
While this guidance is specifically for top-level government officials, any professional who communicates private information, like lawyers, would do well to pay attention to these recommendations.
The written guidance (here: https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf), entitled “Mobile Communications Best Practice Guidance,” states that “[h]ighly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation.”
The warning and guidance come after CISA detected a high level of activity from the Chinese government enabling the “theft of customer call records and the compromise of private communications for a limited number of highly targeted individuals.”
The guidance did not specifically identify the individuals who were targeted per se, but one could assume that these individuals were told about the activity separately.
The guidance did not specifically state that all government officials should follow it’s recommendations, but there was a very strong implication that they should do so.
The guidance then goes on to suggest that everyone should start using encrypted communications app (they mention Signal but don’t specifically recommend any particular app).
The guidance goes further to recommend enabling Fast Identity Online (FIDO) phishing-resistant identification, which is the strongest form of multifactor authentication (MFA), and to, “where possible,” use physically based encryption keys. These are usually fobs with the keys programmed into them which need to be inserted into the laptop or whatever is being used.
The next recommendation is to “migrate away from” text messaging SMS, which is increasingly unsecure.
Probably you’ve experienced text spamming.
Well, that’s how easy it is to break into your texts.
The next recommendation is to use a password manager.
They should be careful here, though. Not all password managers are equal or even very good.
Next, they recommend setting a password or pin for your telecommunications.
Most providers will give you that option.
And then, finally, keep your software updated.
The guidance then has a separate section of iPhone security, which you could read if you have an iPhone.
So every lawyer should already be doing all of this, as well as encrypting your emails.
Heaven only knows why it’s taken the government this long to make these recommendations, but better late than never, I suppose.

[Back]

Portage County Legal News • 60 South Summit Street • Akron, Ohio 44308 • Phone: 330-376-0917 • Fax: 330-376-7001