These days, NSA's Commercial Solutions for Classified program[1] addresses a lot of these sorts of secure mobility use cases.
The underlying design principle behind CSfC is that the CNSA algorithms[2], when properly implemented are good enough to protect information classified up to TOP SECRET on their own. However, there's still a risk of exposure due to broken implementations, active exploitation or operational error.
To mitigate this, CSfC's "capability packages" (reference architectures) typically use two or more cryptographic layers of different provenance to reduce the risk that a vulnerability in one layer could be used to compromise the whole solution. For a VPN for example, they will use two tunnels; an inner tunnel using a solution from one vendor, and an outer tunnel from another.
There are other considerations apart from cryptography. They also specify the use of "retransmission devices" (mifi routers, basically) in favour of native cellular capability, presumably to mitigate the risk of a cellular baseband exploit being used to compromise a classified handset.
> They also specify the use of "retransmission devices" (mifi routers, basically) in favour of native cellular capability
Yeah, this makes the most sense, there's no way they'd let a president's phone be connected to commercial networks. Tracking alone would be a huge issue, not to mention the plethora of ss7 abuses that can be done.
“[Christopher] Krebs, through CISA, falsely and baselessly denied that the 2020 election was rigged and stolen, including by inappropriately and categorically dismissing widespread election malfeasance and serious vulnerabilities with voting machines.”
I believe this has been the case for him and all of his senior staff since the beginning of his first presidency
See for example this from 2017:
> Despite universal warnings from security experts in and out of government, Donald Trump is apparently continuing to use an insecure, off-the-shelf Android phone
I remember reading news articles on the topic at the time, and finding it egregious how relatively little attention it got, compared to the massive and coordinated ”lock her up” campaign against Hillary Clinton
The underlying design principle behind CSfC is that the CNSA algorithms[2], when properly implemented are good enough to protect information classified up to TOP SECRET on their own. However, there's still a risk of exposure due to broken implementations, active exploitation or operational error.
To mitigate this, CSfC's "capability packages" (reference architectures) typically use two or more cryptographic layers of different provenance to reduce the risk that a vulnerability in one layer could be used to compromise the whole solution. For a VPN for example, they will use two tunnels; an inner tunnel using a solution from one vendor, and an outer tunnel from another.
There are other considerations apart from cryptography. They also specify the use of "retransmission devices" (mifi routers, basically) in favour of native cellular capability, presumably to mitigate the risk of a cellular baseband exploit being used to compromise a classified handset.
[1] https://www.nsa.gov/Resources/Commercial-Solutions-for-Class...
[2] https://en.wikipedia.org/wiki/Commercial_National_Security_A...