New Jersey Governor Phil Murphy has issued a cybersecurity directive prohibiting the use of high-risk software and services – including TikTok – on devices provided or managed by the state.
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), in collaboration with the Office of Information Technology, will maintain a list of technology vendors and software products and services that present an unacceptable level of cybersecurity risk to the state. The governor’s directive will apply to all departments, agencies, commissions, boards, and bodies of the Executive Branch of the New Jersey State Government.
“Bolstering cybersecurity is critical to protecting the overall safety and welfare of our State,” said Gov. Murphy in a press release. “The proactive and preventative measures that we are implementing will ensure the confidentiality, integrity, and safety of information assets managed by the New Jersey State government. This decisive action will ensure the cybersecurity of the State is unified against actors who may seek to divide us.”
As of Jan. 9, the following software vendors, products, and services are mentioned in the directive:
- Huawei Technologies;
- Zhejiang Dahua Technology Co., Ltd., also doing business as Dahua;
- Hangzhou Hikvision Digital Technology Co., Ltd., also doing business as Hikvision;
- Tencent Holdings LTD, including but not limited to: WeChat,QQ, and QQ Wallet;
- Alibaba products, including but not limited to: AliPay, and Alibaba.com Mobile Apps;
- Hytera;
- ZTE Corporation;
- ByteDance Ltd., including but not limited to TikTok; and
- Kaspersky Lab
“New Jersey’s policy to remove certain software from State-owned or managed devices, inclusive of TikTok, deemed as high risk of potential data loss or privacy issues is part of our statewide cyber risk management program,” said New Jersey Chief Technology Officer Christopher Rein. “This follows in line with a number of actions taken by the government and private sector enterprises and is consistent with some of the risk reduction steps taken at the Federal and State levels.”
TikTok – the popular short-form video sharing and social networking app owned by the Chinese technology company ByteDance – has been labeled a national security concern because of user data the Chinese government might require ByteDance to provide. That data may include passwords and other sensitive information – not only in the TikTok app but also the other apps used on a device such as email, text messages, eHealth apps, etc.
These security concerns have led the Department of Defense, various Federal agencies, state governments, corporations, and governments around the world to ban TikTok from being installed on their devices.
In addition, agencies who have public health, safety, welfare, or other compelling state business and public interest reasons for using the prohibited software technologies or services will be required to submit an exception request with the NJCCIC, the directive announcement explains.
“If agencies provide a compelling justification for their communications or outreach work, they may receive approval to use these software technologies or services on a device not connected to a secure State network,” according to the directive.
Approved exceptions and use cases will include risk mitigation instructions.
The NJCCIC and OIT will continue to monitor and update its Prohibited Software and Services Vendors and Products list.