Most secure communications systems were designed for stability.

Stable organisations. Stable devices. Stable networks. Stable trust relationships.

That model still exists. But it is no longer the dominant one.

Across defence, critical infrastructure, and even commercial environments, teams are increasingly formed dynamically. They come together quickly, often across organisational boundaries, using whatever devices and networks are available at the time. Mobile phones, laptops, radios, mesh networks, and cellular links all sit side by side. Connectivity shifts. Roles change. Membership is not fixed.

The requirement is simple to describe but difficult to deliver: establish secure communications across a group that did not exist yesterday, without relying on infrastructure that may not be available tomorrow.

Most existing approaches struggle with this.

At one end of the spectrum are commercial tools. They are flexible, easy to deploy, and work well under normal conditions. But they rely heavily on persistent identities, external services, and stable connectivity. Trust is anchored outside the team. If that external dependency is degraded, unavailable, or compromised, the system becomes unreliable at best and unsafe at worst.

At the other end are high-assurance systems. These are designed for controlled environments, with tightly managed devices, predefined user groups, and established key hierarchies. They deliver strong security, but at the cost of flexibility. Enrolling new users or devices can be slow. Adapting to changing team structures is difficult. Operating across mixed or degraded networks is often not a primary design consideration.

Neither model maps cleanly to dynamic teams operating in uncertain conditions.

The flexibility-assurance gap #

The gap between flexibility and assurance is not new. What is changing is how often it is encountered, and how operationally significant it has become.

One of the underlying challenges is how trust is established.

Traditional systems assume that trust can be defined in advance. Identities are provisioned, credentials are issued, and relationships are configured before operations begin. This works when the environment is predictable. It breaks down when teams are assembled on short notice, when participants come from different trust domains, or when devices cannot be fully controlled.

In these cases, trust cannot be assumed. It has to be established in real time, and continuously re-evaluated as conditions change.

This shifts the problem from identity to verification.

Rather than asking "who is this?" as a one-time question, systems need to answer "can this participant be trusted right now, in this context, for this interaction?" That is a more complex question, and it cannot be answered solely by reference to a static identity or credential.

Key management under pressure #

Key management is another pressure point.

Much of the complexity in secure communications does not sit in encryption itself, but in how keys are distributed, rotated, and revoked. Static or long-lived keys introduce risk, particularly in environments where compromise may go undetected for some time. At the same time, dynamic keying approaches can be difficult to implement and manage, especially when connectivity is intermittent.

For dynamic teams, key lifecycle becomes central. Systems need to support rapid establishment of shared secrets, frequent rotation, and strong isolation between sessions, without placing an operational burden on users.

The management plane #

The management plane also deserves more attention than it typically receives.

In many systems, management functions are exposed, loosely protected, or dependent on external services. This creates an attractive target. If an adversary can influence or control the management path, they can often bypass other security controls.

An alternative approach is to treat the management plane as the most sensitive part of the system. Access is tightly constrained. Control paths are cryptographically protected and isolated. In some designs, the management channel becomes the only way the system can be configured or updated, reducing the attack surface rather than expanding it.

A different model #

Taken together, these shifts point towards a different model for secure communications. One that assumes:

• Teams are dynamic rather than fixed
• Devices are heterogeneous rather than controlled
• Networks are unreliable rather than stable
• Trust is conditional rather than pre-established

Designing for this model requires trade-offs. Simplicity becomes more valuable than feature richness. Reducing external dependencies becomes a priority. Systems need to fail in predictable ways, and recover quickly when conditions improve.

This is not about replacing existing high-assurance or commercial systems. Both have their place.

It is about recognising that a growing set of use cases sits between them, and that these use cases are becoming operationally critical.

Secure communications for dynamic teams is no longer an edge case.

It is increasingly the baseline.