Secure Mobile Communications Via Overlay Mvno And Clean-Slate Mobile Core Assumptions

Issue 85 Edition 2026-03-26 8 min read

General

Sources: 1 • Confidence: Medium • Updated: 2026-04-11 18:01

Key takeaways

CAPE was described as a live commercial MVNO cellular network operating in 190 countries.
U.S. telcos were described as having to respond to lawful intercept requests under CALEA and typically outsourcing the administrative burden to a small set of specialized vendors interfacing via the X1 interface.
The Navy CTO function described emphasizes finding capability gaps by listening to sailors and Marines and then connecting them with external innovators who can deliver improvements or breakthroughs.
Salt Typhoon awareness was described as surprisingly low even among cyber practitioners at Davos.
An independent third-party penetration test on the Guam work was described as producing a 50-page report that DIU funded and made unclassified and shareable.

CAPE was described as a live commercial MVNO cellular network operating in 190 countries.
An independent third-party penetration test on the Guam work was described as producing a 50-page report that DIU funded and made unclassified and shareable.
CAPE was described as improving privacy by rotating multiple device/network identifiers.
CAPE described its resilience model as stitching together multiple carriers' physical networks so subscribers can fail over when a host carrier has an outage.
CAPE claimed telecom-industry cybersecurity practices are broadly poor and that CAPE uses commercial cloud security best practices while replacing insecure off-the-shelf components by building them in-house.
CAPE described a mitigation approach that assumes existing carrier environments are hostile and deploys a clean-slate telco layer using encrypted traversal from towers into its software mobile core.

U.S. telcos were described as having to respond to lawful intercept requests under CALEA and typically outsourcing the administrative burden to a small set of specialized vendors interfacing via the X1 interface.
The Salt Typhoon operation was described as infiltrating every major American cellular carrier and enabling access to lawful intercept systems and live phone calls, including communications of senior U.S. government officials.
Carrier compromise was described as enabling attacker access to lawful intercept plug-in points to listen to calls on demand.
The compromise was described as enabling attackers to identify which phone lines were under lawful interception, exposing confidential investigative targets.
During a pilot with a CALEA vendor, CAPE's SRE team found an unencrypted text file containing usernames and passwords for every client of that vendor in the installer package.
Salt Typhoon was described as a Chinese government advanced persistent threat targeting U.S. critical infrastructure, particularly cellular networks.

The Navy CTO function described emphasizes finding capability gaps by listening to sailors and Marines and then connecting them with external innovators who can deliver improvements or breakthroughs.
The Navy ran a boot camp for program managers and contracting officers to teach commercial-style procurement, aiming to cut some acquisition timelines from roughly 18 months to about 3 months.
The Navy was described as scaling experimentation by pushing an organization from running about 2 pilots per year toward a target of 25 pilots in a year.
Structured Challenges as part of the Innovation Adoption Kit were described as incorporated into the U.S. Defense Authorization Act, creating a formal requirement to run them.
A system was described as shut down in the past year after resisting shutdown attempts for roughly a decade.
When turning off large systems, separating indispensable modules from nonessential ones into severable tasks was described as enabling retirement without overpaying to preserve a single critical capability.

Salt Typhoon awareness was described as surprisingly low even among cyber practitioners at Davos.

Salt Typhoon awareness was described as surprisingly low even among cyber practitioners at Davos.

What authoritative, public, and technically detailed evidence exists that bounds the Salt Typhoon scope (which carriers, what systems, what duration, and what level of access to lawful intercept and call content)?
Which CALEA vendor was involved in the installer-package credential exposure, what remediation occurred, and was there evidence of exploitation or lateral compromise across clients?
Does the asserted unclassified third-party penetration test report exist, and what specific threats, assumptions, and findings does it contain (including limits and residual risks)?
What is CAPE's precise technical architecture for 'encrypted traversal from towers into its software mobile core,' and what security properties does it claim under a compromised host-carrier environment?
How does CAPE's identifier rotation work in the cellular context (which identifiers rotate, at what cadence, and against what adversary capabilities), and what measurable reduction in linkability results?

Heightened focus on telecom lawful intercept interfaces as a systemic compromise vector could drive budget and procurement attention toward secure mobile overlays and alternative core architectures that assume hostile carrier infrastructure.
If CAPE is truly operating as a commercial MVNO in 190 countries with multi-carrier failover, demand could emerge for globally deployable secure communications offerings for defense and other high assurance users.
An awareness gap around Salt Typhoon could imply delayed defensive action followed by rapid, reactive spending once scope is clarified, potentially favoring vendors positioned to deliver quick pilots and deployments.

Release or verification of the unclassified third-party penetration test report, including explicit threat model, assumptions, findings, and residual risks for the Guam work.
Authoritative public technical scoping of Salt Typhoon covering affected carriers, systems, duration, and access level to lawful intercept and call content, followed by concrete remediation programs.
Detailed public description of CAPE architecture including encrypted tower-to-core traversal, identifier rotation mechanics, and measurable reduction in linkability under compromised host-carrier conditions.

No independently verifiable evidence of the claimed unclassified penetration test report or findings, or a report that shows material weaknesses inconsistent with the stated security properties.
Authoritative disclosures that bound Salt Typhoon impact to limited systems or access, reducing urgency for new secure overlay approaches and shifting focus to conventional carrier hardening.
Technical evaluation shows identifier rotation and encrypted traversal do not materially protect against adversaries with carrier-level visibility, undermining the core premise of security in a hostile infrastructure model.