In congressional testimony, former National Security Adviser Michael Waltz defended his decision to use the encrypted messaging app Signal to coordinate sensitive military operations, attributing the move to guidance from the Cybersecurity and Infrastructure Security Agency (CISA).
Citing CISA Guidance
Waltz stated that his use of Signal was “driven by and recommended by the Cybersecurity Infrastructure Security Agency,” referencing a 2024 advisory that promotes the use of end-to-end encrypted messaging platforms for senior officials at heightened risk of cyber threats. During his testimony before the Senate Foreign Relations Committee, Waltz presented a printed copy of the CISA guidance, emphasizing that the agency encouraged “highly targeted individuals” to use secure messaging apps like Signal to prevent interception of communications.
“This was not a rogue decision,” Waltz said. “It followed the best-practice recommendations issued by our government’s top cybersecurity agency.”
Controversy Over Sensitive Communications
Despite Waltz’s defense, many lawmakers expressed concern over the use of a commercial app for critical military coordination. Signal, while providing end-to-end encryption, is not authorized by the Department of Defense (DoD) for handling classified or operationally sensitive information. Senators noted that Waltz’s Signal group chat reportedly included a journalist and that details about planned military actions, including a U.S. airstrike on Houthi rebels in Yemen, were shared via the app.
Critics argue that regardless of CISA’s mobile security recommendations, classified information must be transmitted exclusively through secure, government-certified systems. “No matter how secure a commercial platform claims to be, it cannot substitute for the systems mandated by DoD and the Intelligence Community,” said one member of the committee.
Ongoing Investigations and Reviews
Following concerns raised about the incident, the White House conducted a review and concluded that Waltz’s use of Signal did not violate administrative policy, citing CISA guidance as justification for using encrypted messaging for both personal and professional communication—as long as no classified material was transmitted. However, a separate Department of Defense investigation remains ongoing, and congressional leaders have not ruled out further oversight.
In correspondence to the committee, cybersecurity experts and former national security officials criticized the reliance on public-sector encryption tools for sensitive military coordination, warning that such practices could open doors to foreign exploitation.
