Matthew Gault | The Verge

Here’s what military planning usually looks like — and why it doesn’t include Signal

2025-03-28T12:53:18-04:00

The Trump administration planned a military strike in Yemen the way normal people plan a surprise birthday party: in a group chat.

As detailed by The Atlantic earlier this week, Secretary of Defense Pete Hegseth, Vice President JD Vance, and other senior officials used a Signal group to discuss an attack on Houthi targets, sharing details that included the movement of American assets in advance of their deployment. The news leaked because one member, National Security Advisor Mike Waltz, made the bizarre mistake of inviting Atlantic editor-in-chief Jeffrey Goldberg into the discussion. But even before that moment, Hegseth and the rest were doing something dangerous and far outside the bounds of normal military planning — while using an app that, for ordinary people, is still one of the best ways to have a private chat.

Signal is an end-to-end encrypted chat service used for many private communications, including conversations between sources and journalists at outlets like The Verge. But the Houthi attack group chat demonstrates the limits of any conventional electronic communications. Military security is a life-and-death matter, and attack plans are being constantly sought by some of the world’s most sophisticated intelligence-gathering operations. End-to-end encryption is a secure system in a vacuum — but in any normally functioning military, it simply wouldn’t be considered enough.

“Classified discussions at any level can only occur in secured facilities and on secured equipment,” Bradley P. Moss, a lawyer who specializes in security clearance law at the law firm Mark S Zaid, tells The Verge. While the Trump administration has repeatedly downplayed the importance of the leaks, The Atlantic’s chat logs includes information like the movements of F-18s, the time they’ll be departing, and the munitions they’ll use to strike targets. All of that information is — by default — considered classified.

A SCIF is guarded, windowless, and outside electronics-free

Viewing or discussing this information requires Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance, and the most sensitive details (like some of those discussed in the group chat) are often confined to a Sensitive Compartmented Information Facility or SCIF (pronounced “skiff”). That conversation might happen in one of these boxes face to face. It might also happen between multiple parties in different secure boxes conferencing in over secure lines. In no case does it look like a group chat.

Speaking SCIF to SCIF happens most often on secure telephone lines called Secure Terminal Equipment. These phones look like an ordinary office phone but are part of a secure government-run network. Video calls use a similar system called Secure Video Conference or, in the old days, Secure Video Teleconferencing. When Donald Trump became US president in 2016, a SCIF was installed in Mar-a-Lago and a picture from within shows what a modern high-level meeting with video looks like.

SCIF facilities can take many forms, says Joseph Cirincione, a former congressional staffer who worked for almost a decade for the US House of Representatives Committee on Armed Services. (He held a TS/SCI for 14 years and has been inside one many times.) It’s always a “guarded, windowless, secure, shielded room that is impenetrable to surveillance that might intercept signals or discussions being held in that room,” he says. Some are permanent facilities, but Moss notes that senior officials can have staff set up a “mobile SCIF” while they’re traveling.

A lot of SCIFs look like shipping containers. According to construction specifications from the Department of National Intelligence, the walls are lined with gypsum, plywood, sound dampening material, and material that prevent the transmission of electronic signals. The doors have deadbolts and are secured by both guards and an electronic lock. Air vents have to be small enough to prevent humans and devices from going through. Every inch of the “room” is accounted for and light switches, wiring, and outlets are designed in specific ways to avoid creating surfaces that would let sound escape.

In a normal, pre-Trump world, discussion about military strikes takes place in these secure rooms. Even high-level talks with cabinet members and the Vice President about sensitive topics should happen in secure locations. There’s an obvious reason for this: the environment around an official can be a major source of threats. “Our adversaries have devices that can pick up vibrations on windows, for example, that can transmit the conversations being discussed in those rooms, and the rooms might be bugged,” Cirincione says.

If someone’s looking over your shoulder, end-to-end encryption doesn’t do much

“There might be electronic surveillance devices in them,” he says. Compromising a group chat is as simple as looking over someone’s shoulder, which could be done with a hidden camera. The point of a SCIF “is that you have a secure room that’s been scrubbed that you’re certain cannot be surveilled by foreign intelligence agencies. The guiding rule is that you want as few people as possible to have access to this information to minimize the chances of leaks, intentional or unintentional.”

When electronic devices are used in general for sensitive information, they’re supposed to be government-provided. The federal government is a lot like a corporation when it comes to information security: it issues laptops and phones to employees that have been vetted as secure and cleared for government business. If you work for the CIA, you can’t pull up your CIA email on a device that wasn’t issued by the agency. They’re also not allowed in SCIFs.

“You have to walk down a corridor, be signed in and cleared into the room by a guard who then takes your electronics communications device,” Cirincione says. “Cell phones, computers, nowadays smart watches, earpods will be collected. Anything that is capable of receiving or transmitting a signal is collected. You can’t bring that in.”

A 2023 memo from the Pentagon is explicit about using apps like Signal on government-issued devices. “Unmanaged ‘messaging apps,’ including any app with a chat feature, regardless of the

primary function, are NOT authorized to access, transmit, process non-public DoD

Information,” the memo said. “This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal). An Exception to Policy (E2P) request must be submitted by the appropriate Component for use of an unmanaged messaging app that is critical to fulfilling mission operations.”

Signal is a secure end-to-end encryption channel, which means that between one device sending a message and another receiving it, it’s very difficult to read the information being transmitted. But the service’s creators are upfront about its limitations. If devices or Signal accounts themselves are compromised — including by phishing operations, which the National Security Agency warned staff about a month before the Houthi group chat — the benefits of encryption are lost.

“You need a cryptographically secure link end to end, and user devices need to be secure against penetration,” Carlo Kopp, an Australian security analyst, says. “While Signal is regarded to be reasonably secure itself, the smartphones it runs on might not be, and if penetrated by foreign intelligence become the entry point for an eavesdropper.” This is true for anyone’s phone, not just a government official, of course — but a typical user isn’t facing the same set of threats.

At least one of the group chat participants was in a situation that could have made physical compromise easier. Steve Witkoff, Trump’s special envoy to the Middle East, was in the group chat and in Moscow during some of the conversation. White House press secretary Karoline Leavitt denied that Witkoff had access to a phone with Signal installed on it during his trip to Moscow. “[Witkoff] was provided a secure line of communication by the U.S. Government, and it was the only phone he had in his possession while in Moscow,” she said in a post on X.

Though Wiktoff is present in the group chat, CBS mapped out the timeline of the chat against his presence in Moscow using flight logs and videos. According to its report, Witkoff didn’t post in the chat until he had left Russia. When he did, it was three prayer hand emojis and two American flags.

But the fear persists and the stakes are high. “This was life and death,” Cirincione says. “They had specific targets in Yemen whom they bombed and killed. And if this information had been intercepted by a foreign intelligence service, say the Russians, while Steve Witkoff was in Moscow, and transmitted to the Houthis, those individuals could have been warned and could have not gone into the houses that were being targeted.”

“They killed 32 people in these bombing raids. I mean, of course it was life and death,” he says.

Saving records of military action for posterity matters

The entire incident raises the question: how many other Signal group chats are there? If this is one chat stood up for one operation, does that mean the administration makes a group for every military strike? Conducting all that business over Signal is dangerous, no matter the strength of its end-to-end encryption. A spy could get a keylogger on a personal device that picks up every keystroke or they could simply look over the shoulder of a member of the chat while they’re discussing military plans in public.

As this scandal unfolds, four U.S. Army soldiers are missing in Lithuania. Trump says he didn’t know they were missing. What would happen if the military coordinated the rescue efforts over Signal on a compromised device?

Finally, there’s the issue of record retention and a historical perspective. Information from SCIF sessions is, depending on the president and other factors, at least somewhat documented. A journalist can’t shake loose secret war plans with a Freedom of Information Act request, but posterity matters. We have learned a lot about the Cuban missile crisis in just the last few years because the people who were there went to the effort to preserve the records. Having these conversations in a digital format that automatically vanishes (though a newly issued court order has demanded its preservation) destroys that legacy.

The Trump administration has spent less time defending the security of the group chat than declaring that its contents weren’t important. In a recent interview on Newsmax, Trump insisted that the information was unclassified. In congressional testimony this week, Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe maintained that no classified information was shared.

Cirincione and Moss aren’t so sure. “Top secret information is not just sources and methods,” Cirincione says. “The top secret information is also the debate over whether to have these strikes. It is the discussion of our allies, capabilities, and intentions. It is the discussion of messaging about these attacks. All of that is classified.”

“Think of it this way,” Moss says. “If this information had been leaked to a foreign power in advance of the strikes, could it have put American military assets in danger? The answer is yes, and that is why it is classified.”

How close is Elon Musk to controlling a nuclear weapon?

2025-02-09T11:52:37-05:00

What was once ridiculous is now possible. Elon Musk, the richest person in the history of the world, has become President Donald Trump’s attack dog. Musk and his Department of Government Efficiency (DOGE) have unprecedented access to the government’s data and computer system. Earlier this week, that came to include systems in the Department of Energy (DOE), which oversees America’s nuclear weapons. The news raised enough concern that Secretary of Energy Chris Wright went on the air to deny Musk and DOGE have access to atomic secrets.

It’s alarming to be at a point where someone has to make this kind of statement, especially because the Trump administration has reportedly lied about DOGE’s access levels before. DOGE’s placement at the DOE even raises a truly bizarre-sounding possibility: that a pseudo-department named after a shiba inu could get actual access to nuclear weapons. Fortunately, despite Musk’s ever-expanding power over government systems, it would take far more than barging into the right office to do this. But at a moment where all kinds of governmental norms are in flux, it’s worth looking at what exactly separates someone like Musk from perhaps the greatest destructive force on the planet — and what other kinds of risks his access could pose.

The US has one of the most powerful nuclear arsenals on the planet. It’s enough firepower to end all life on Earth several times over. The President has the sole authority to launch those weapons, but DOGE is inching ever closer to their systems. During a press conference on Friday, Trump said he had directed Musk and DOGE to tackle spending at the Pentagon; getting access to the National Nuclear Security Administration (NNSA) might not be out of the question either.

There’s good news, however: accessing any piece of nuclear command and control from a random laptop hooked into a DOE network is virtually impossible. A State Department employee with knowledge of the issue, who spoke to The Verge on the condition we protect their anonymity, threw cold water on the idea.

“I can’t see what [Musk] would possibly do,” the employee said. “I would say it’s zero. I can’t fathom how that would happen. Famous last words. I also firmly believe that if you make something idiot proof, the world will build a better idiot.” Launching a nuke requires physical access to the weapon itself. Missileers have to turn keys. A submarine crew must prep and fire a missile. A bomber crew must pull levers and hone in on targets. Short of Musk or his employees entering a silo, climbing onto a stealth bomber, or getting into a submarine, it’s not going to happen.

“I can’t fathom how that would happen. Famous last words.”

The command and control systems that run America’s nuclear weapons aren’t connected to the internet and are run on a closed network that exists only for nuclear forces. They’re also ancient. Some of the equipment in use has been around since the 1960s and ‘70s. The Pentagon is modernizing the systems, but it’s slow going. The Air Force only stopped using 1970s-era eight-inch floppy discs for some of its nuclear computers in 2019. “A lot of these computer systems are pretty much legacy systems,” the employee said. “I’m much more worried about these systems being decrepit and not functioning in a crisis.”

There’s a misconception rooted in popular culture that America’s nuclear weapons will fire if the U.S. is ever fired upon. If China, Russia, or North Korea were to fire a nuke at the U.S., America’s nukes would not automatically fire. The President would need to decide to retaliate and multiple military officials would have to decide to follow the order. “Those systems are not really automated in the way that people worry about,” the State Department employee said.

Alex Wellerstein, an associate professor at the Stevens Institute of Technology and an expert in nukes and nuclear secrecy, agreed. “I don’t think the current command and control systems are ‘hackable,’” he told The Verge. “They are frankly not modern enough for that.”

Wallerstein points out, however, that Musk has another — arguably more feasible — path to nuclear weapons: Trump. “If Musk was trying to do a true ‘hostile takeover’ of that sort it would be best accomplished by just fooling Trump into believing nuclear war was imminent, which would probably be a trivial endeavor for someone of Musk’s wealth and Trump’s gullibility,” he said.

For this to happen, Trump would need to open up his Football: a leather-coated Zero Halliburton aluminum attache case that follows the president everywhere. Inside is communications equipment that puts him in touch with the National Military Command Center at the Pentagon. To make the call, Trump would need a laminated sheet of paper called the Biscuit, containing a long string of alpha-numeric code. He’s supposed to have this with him at all times too. Reading out a line in this code, which the National Security Agency updates every day, confirms the President’s identity when he calls in a nuclear strike. “The President doesn’t have launch codes. The President has a code that authenticates his voice,” the State Department Employee said.

So Musk would have to get the Biscuit, access the Football, and call in a code in Trump’s voice. Or convince Trump to do it. “Short of something like that, I don’t think there’s a chance,” the State Department employee said.

But there’s one final, worrying wrinkle: the Football and the Biscuit only exist because people in the past decided it’s the best way for the President to order a nuclear launch. Trump could change this process at any time for any reason.

“There are also many quite detailed regulations pertaining to who can have access to the systems involving the use of nuclear weapons, with specific requirements for clearances and reliability and so on,” Wellerstein said. “These are all essentially executive regulations, and the President is capable of delegating nuclear use powers, and past Presidents have certainly done that, essentially ‘pre-authorizing’ the use of nuclear weapons by the military under specific circumstances.”

President Eisenhower empowered commanders in the Pacific to order the launch of nuclear weapons under very specific circumstances, for instance, and Kennedy and Johnson kept up the tradition.

Wellerstein pointed out that DOGE employees without clearances appear to have access to classified systems that “would normally be considered quite sensitive.” Other things that were once forbidden might also be on the table.

The clearest nuclear threat might be Musk seeing routine environmental cleanup as ‘woke’

“If President Trump decides that Elon Musk should have access to nukes, and tells the military to override their normal requirements, and the military takes that as a legal and actionable order, then why not?” Wellerstein said. “It’s an absurd and patently idiotic and self-destructive idea, but that does not differentiate it strongly from other things presently going on. It is suicidal in nature, but so are other actions currently being undertaken under Trump’s authority.”

The Football and Biscuit are not sacrosanct.

But in even this worst-case of worst-case scenarios, there’s no big red button Trump or Musk can push to open up a silo and unleash nuclear Armageddon. “What the president has is authority,” the State Department employee said. “That authority is legal in nature. The president can’t launch nuclear weapons. Doesn’t have the ability.” The ability is distributed across dozens of people, including the submarine crew and Missileers mentioned above — any of whom could break the chain.

“All of these scenarios rely on the military obeying orders,” Wellerstein said. “I would prefer to believe that they would refuse to do so. But that would also be a difficult and extraordinary thing in and of itself. It is not a situation I would want them to be in.”

Trump and Musk are courting far more likely nuclear disasters than launching an intercontinental-ballistic missile. Musk’s DOGE crew isn’t filled with the kind of people you want inside the Pentagon or DoE; employee Edward Coristine has connections to cybercriminals and operated websites in Russia. He and others would likely have never gotten security clearances if Washington were functioning normally.

Yet they’re barreling along anyway. And every DOGE employee is a point of failure in a delicate system involving information related to the most powerful weapons on the planet. “There’s probably a ton of personnel data that would be of interest to a foreign adversary,” the State Department employee said. China and Russia would love to get information about people with security clearances. Background checks turn up information about debts, family relations, and other information that would be useful in blackmailing a government official.

Nuclear weapons also produce nuclear waste. The U.S. still hasn’t cleaned up waste left behind by the Manhattan Project. People are sick and dying, right now, in America because of nuclear material left behind from America’s various nuclear weapons projects. Under Biden, the Department of Energy planned to spend $8.2 billion cleaning up that Cold War-era nuclear waste. But the employee worried that DOGE and Musk would see routine environmental maintenance around nuclear weapons projects as “woke.”

A large portion of the NNSA’s budget is dedicated to environmental cleanup. “I could see them thinking of this as misguided environmentalism,” the employee said. “I can see them just deciding to shut all that stuff down.”

Nuclear modernization began during the Obama administration and will play out over the next 25 years.The U.S. is currently set to spend almost $2 trillion on the project. It’s going to dig new missile silos across the country, deploy updated nuclear weapons, revamp computer systems, and construct new nuclear submarines. It’s a large undertaking with an enormous potential for waste, fraud, and abuse. Under any administration it needs to be scrutinized and audited. Right now, the people doing those audits are Musk and DOGE.

Musk and DOGE have proven they don’t care about systems put in place to keep Americans safe and protect sensitive data. Theirs is a “move fast and break things” philosophy. There are laws and regulations in place to keep people like them out of the halls of power and away from sensitive nuclear secrets.

But.

“Regulations only work if people take them seriously. Laws only work if they are enforced,” Wellerstein said. “We are in no-man’s land right now.”