TikTok is potential Cybersecurity risk to U.S.

TIKTOK IS a "potential threat vector" to the United States, said John F. Plumb, assistant secretary of defense for space policy and principal cyber advisor to the secretary of defense. 

TikTok is a social media, video-hosting service owned by the Chinese company ByteDance. 

Members of the House Armed Services Committee's subcommittee on cyber, information technologies and innovation heard testimony from Plumb and Army Gen. Paul M. Nakasone, commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service. 

The problem with TikTok is that a large number of Americans use it, and China may have the ability to direct misinformation through it, as well as collect data from it, said Plumb. The scale and scope of the platform is problematic.  

Policy makers need to be aware of these threats, be able to quantify them, and be able to take action against them, he said. 

Nakasone said, "If you consider one-third of the adult population receives their news from this app, one-sixth of our children are saying they're constantly on this app, if you consider that there's 150 million people every single day that are obviously touching this app, this provides a foreign nation a platform for information operations, a platform for surveillance, and a concern we have with regards to who controls that data." 

The department has already prohibited the use of TikTok on government phones, the general noted.  

"I think the broader discussion obviously rests with the policymakers now. Certainly, this is a piece that our nation has to consider," he said.  

There are going to be other applications like this, and there needs to be a policy in place that balances the ability to share information with protection from adversaries' ability to conduct surveillance and information operations against the United States, Nakasone said. 

The general said there's a difference between TikTok and American-based social media platforms. 

China has already said they're going to "touch the data at any time they want to touch this data. This concerns me," Nakasone said. 

Plumb said that for decades, China has used its cyber capabilities to steal sensitive information, intellectual property and research from U.S. public- and private-sector institutions, including the defense industrial base.  

"Chinese cyber intrusions are the most prolific in the world. In crisis, PRC leaders believe that achieving information dominance will enable them to seize and keep the strategic initiative, disrupt our ability to mobilize, to project and sustain the joint force, and to ensure the PRC's desired end state," Plumb said, referring to China. 

Plumb also testified that Russia engages in persistent, malicious cyber activities to support its global espionage campaigns, steal intellectual property, disrupt critical infrastructure and promote disinformation.  

Russia has also demonstrated that it uses cyber as a key component of its wartime strategy, particularly against Ukraine, he said. 

Other persistent cyber threats arise from North Korea, Iran and transnational criminal organizations, Plumb said. 

"Together, our adversaries use cyberspace to conduct operations against the Department of Defense Information Network and the U.S. homeland. They do this to weaken our allies and partners and to undermine U.S. interests," Plumb said. 

Plumb described actions the department has taken in both defensive and offensive cyberspace. He said the president's fiscal year 2024 budget request included $13.5 billion for cyberspace activities, prioritizing investments in cyberspace workforce, operations, research and capabilities.  

"Operating in cyberspace today is an essential part of the department's ability to deter aggression and ensure our nation's security," he said. (David Vergun)