Improper Use of an Unauthorised Communication Channel in Critical Systems: Lessons from the 2025 Signal Leak

The use of unauthorised communication channels has become a growing security concern inenvironments handling sensitive and operational information. This study analyses the risksassociated with the improper use of non-approved communication platforms through a technical-operational case study based on the 2025 “Signal group chat leak” involving senior United Statesgovernment officials. The study examines how sensitive military-related information was exchangedthrough an unauthorised messaging application, resulting in unintended exposure to an externalparty. The analysis focuses on the operational context of the incident, the sequence of events and theprocedural, technical and human failures that contributed to the breach. Attention is given toweaknesses in communication security policies, lack of monitoring and auditing mechanisms,insufficient participant validation procedures and the influence of operational pressure on userbehaviour. The study also evaluates the risks associated with the incident, especially regardingconfidentiality, accountability and organisational oversight. Based on the identified failures, a set ofcorrective and preventive measures is proposed. The findings highlight the importance of combiningtechnical safeguards, operational discipline and effective policy enforcement to maintain securecommunication environments and reduce the likelihood of similar incidents. Although the case isbased on a governmental and military-related incident, the lessons identified are also applicable tocritical systems and critical infrastructure environments, where communication failures maycompromise operational continuity, institutional accountability and security.