Exclusive: BlackBerry warns Australia must harden govt comms as AI threats surge
A stark warning has been issued to Australian government agencies: secure your communications or risk becoming collateral damage in the age of deepfakes and AI-powered cyberwarfare.
Speaking exclusively to TechDay, David Wiseman, Vice President of Secure Communications at BlackBerry, said the widespread use of consumer messaging apps in the public sector is a ticking time bomb - especially as generative AI and foreign surveillance tactics grow more sophisticated by the day.
"There are higher levels for security, and security is both things like the residency and sovereignty of the systems and the data," Wiseman said.
"The intersection of sovereignty, identity, and legal record-keeping requirements means that consumer applications, while sufficient and good for ordinary business, are not appropriate for government use."
He stressed that control is everything: "Who controls the system? And what are the legal obligations around records retention?"
Wiseman pointed to findings from the Office of the Australian Information Commissioner that show 73% of government agencies already permit messaging apps - yet around half of those do not meet critical security or legal compliance requirements. That includes failures to properly manage identity validation, classification, and archival of sensitive information.
The implications, Wiseman said, are not hypothetical.
He highlighted recent incidents in which foreign intelligence actors, including those linked to the Chinese government, were able to intercept phone calls and read text messages in real time. "They know who's talking to who. That's pretty scary," he said.
Beyond foreign interception, he described a growing trend of high-level impersonation attacks.
"There are examples of very senior government officials around the world where things like their WhatsApp account have been hijacked. If you get a message from a government official, and you think it's official information, and it's not, the implications can be serious."
With generative AI now capable of cloning a voice or face with minimal data, Wiseman said the need for zero trust communications strategies is urgent. "You need to continually validate the identity of the person you're communicating with… Every time you make a call, every time you send a message - is this actually that person at that point in time?"
To counter this, BlackBerry's SecuSUITE gives governments total sovereignty over their communications networks. "We're providing a system that the government has full control over. The actual back end of the system would be in Australia, and the government controls that - no data is touching other clouds, no data is coming to BlackBerry."
The model includes end-to-end data lifecycle management: governments decide who has access, retain ownership of data even when personnel change, and meet obligations like those under the Freedom of Information Act. "With a consumer app, once I send you a file, it's basically your data now. Our model is - it's the government's data."
When asked whether such a level of control invites ethical or privacy concerns, Wiseman was clear.
"When you're conducting official government business, you actually shouldn't have an expectation of privacy. You have a security expectation that only authorised people should have access to that communication… It's the government's information, and there's legal obligations to maintain records." He noted that access is highly restricted and only available to designated legal or security officers.
Wiseman drew a line between modern cyber intrusions and ancient methods of intercepting state communications, from Julius Caesar to early telegraph espionage.
But what's changed, he said, is the speed and ease with which it can now happen. "With this kind of thing in the network, you can find out at this moment who's talking to whom, what they're communicating about. In the moment means I can launch an identity attack, a deepfake attack, and it's going to be much more effective."
He said the growing availability of generative AI tools is accelerating this risk.
"If I have your voice, I can make you say anything with these tools." That's why governments must adopt zero trust principles, including minimising reliance on potentially compromised telecom networks. "This isn't theoretical anymore," Wiseman warned.
As part of the company's secure communications portfolio, BlackBerry AtHoc is also designed for resilience in the event of a crisis.
"You can have a system in Sydney, a system in Canberra, a system in Darwin… so if there's some localised disaster, you still have the communications."
The platform can operate over cellular, Wi-Fi or satellite networks, and Wiseman said new satellite constellations offer a way to circumvent crippled infrastructure - as long as encryption and sovereignty are upheld.
He cited Malaysia's deployment of SecuSUITE and AtHoc for managing high-security events, a case study in how to maintain both availability sand security.
"By having this resilient system that's got its own paths outside of other networks, they're able to secure and share communications in terms of efficacy and availability, maintaining security and safety of personnel, infrastructure and data."
Looking ahead, BlackBerry is pushing into quantum-resistant cryptography and sovereign AI tools for sensitive government use. "It's how do we continually get better at the identity validation and confirmation?" Wiseman said.
"Some new certifications are starting to address quantum protections, so we're heavily involved in that work."
The underlying message to Australian policymakers is unequivocal: if public sector platforms are to mirror the ease-of-use of consumer apps, they must not mirror their vulnerabilities.
"The consumerisation of secure communication - that's the fundamental evolution I expect."