At a glance.
- Banning TikTok, European and American style.
- US cybersecurity official speaks about upcoming cybersecurity strategy.
Banning TikTok, European and American style.
The European Commission announced yesterday that its Corporate Management Board will be suspending the use of TikTok on corporate devices or personal devices used by the Commission's mobile device service. As the announcement reads, “This measure aims to protect the Commission against cybersecurity threats and actions which may be exploited for cyber-attacks against the corporate environment of the Commission.” The decision follows a series of similar TikTok bans enacted by US government agencies and even universities amid concerns that the popular Chinese-owned video streaming app could be a threat to national security.
But as Wired notes, some experts wonder if the bans have been put in place for the right reasons. Some officials have noted that Americans find TikTok inherently untrustworthy because of its connections to China, while American tech companies and even government security agencies are hoovering up US user data at an alarming rate, often without explicit consent. The underlying assumption is that US data is safe in American hands. “But it may not always be factually true,” said Senate Intelligence Committee chair Mark Warner, a Virginia Democrat, “since we've seen some of these large [US] companies sell that data to third parties.” Florida Democratic senator Marco Rubio disagrees. “Privacy, and the privacy of our data, in and of itself, is an issue that should be confronted, but the fact that a foreign government could gain immediate access on-demand to a massive trove of American data rises to a completely different level,” Rubio says. “Just a completely different level. And not just a foreign government but our chief adversary and competitor in the world.”
Chris Vaughan, AVP - Technical Account Management, EMEA, at Tanium, sees the EU's restrictions as an expression of concern over the extent of Chinese influence on public affairs. “These national bans are part of a wider issue about how much Chinese influence is deemed acceptable when it comes to national infrastructure and everyday life, Vaughan says. "We have seen concerns increase in the West in recent months, with the use of Chinese surveillance technology being restricted and Chinese computer chips being rejected. There have been numerous reports of Chinese efforts to sway politicians by way of lobbying and donations, and the public via social media and the spread of disinformation.”
In some respects the concerns are following a shift in Chinese strategy, Vaughan thinks. “Historically, Russia has been the most prominent user of information operations as we saw from its activities related to the 2016 US election and the Brexit referendum. China has been more focused on stealing intellectual property which it can then use to its own advantage. However, there are indications that the CCP will start to focus more on information and influence operations to achieve its strategic goals. Any instances of this need to be met head on by western political leaders who should take a strong stance against it at the government level, rather than leaving the responsibility to individual institutions like colleges.”
Matt Marsden, VP, Technical Account Management, also at Tanium, thinks that both the EU and the US should consider a more comprehensive approach to influence operations:
“We’ve recently seen steps taken by the government in the US, at both the state and federal level, to ban TikTok from state-owned devices, so it’s no surprise to see the EU do so as well. This is a good start, but a more comprehensive approach needs to be taken to protect our citizens from social media campaigns designed to further foreign political objectives.
“Chinese intelligence tactics are focused on longer-term objectives and are fueled by the sustained collection of data. The immense collection of user data, to now include commerce and purchasing information, combined with biometrics and activity tracking, feeds detailed intelligence to be used in operations. This data can be leveraged to deliver targeted, timely, and often personalized psychological operations against individuals or groups of citizens. This has been observed during election cycles and politically charged events in recent years."
US cybersecurity official speaks about upcoming cybersecurity strategy.
The White House is preparing a cybersecurity strategy document focused on requiring larger tech companies to take greater responsibility when it comes to the security of their products, and FedScoop reports that Camille Stewart Gloster, the deputy national cyber director for technology and ecosystem security, spoke about the document at a Thursday CyberScoop event. Gloster stated that broader security gains can be achieved by “shifting the burden back from the smaller players” and toward larger companies “that can build in security by design.” Unlike previous US policy that relied on a mostly voluntary approach, the new strategy includes a swath of mandatory security regulations for critical infrastructure companies. It also gives law enforcement and intelligence agencies the authority to take a more offensive approach to defending US systems by hacking into foreign networks to prevent attacks or respond after they've occurred. The Biden administration has been working on the new strategy for over a year, with recently retired National Cyber Director Chris Inglis as the main author of the document.