The ban and what it means

            This ban has been a long time coming. For example, India banned 60 Chinese apps in 2020, including
            TikTok, claiming they were transmitting user data back to China. Many, including myself, believed it was
            a matter of time until similar sentiments gained international traction.

            Further, The US has previously banned other Chinese-linked companies for similar concerns. In 2021,
            Washington  cracked  down  on  surveillance  equipment  from  two  Chinese  companies,  Hikvision  and
            Dahua, due to national security and cybersecurity threats. In April, a federal appeals court upheld the
            ban, ruling that The Federal Communications Commission (FCC) acted within its authority to counteract
            the national security risk posed by telecommunications equipment accessible to the Chinese government.

            While data security is frequently cited as the primary justification behind the ban, the motivations may
            extend beyond this. They could also reflect the US government’s broader desire to diminish China’s
            production  capabilities  and  reduce  its  economic  and  technological  influence.  Thus,  the  ban  likely
            represents one tactic in Washington’s arsenal aimed at China for “flooding global markets with cheap
            goods.”


            Now, regardless of whether the Senate moves ahead with the House ban, Washington’s protectionist
            intent is clear. If regulators are concerned about the privacy and security implications of Chinese apps
            like TikTok, then connected device components and general hardware are next in their crosshairs.



            The potential hardware threat

            Again, much like TikTok, some view connected devices and hardware from this part of the world as
            potentially dangerous. This is for three main reasons.

            First, data integrity is far from certain. In 2018, China amended its National Intelligence Law, requiring
            any  organization  or  citizen  to  support,  assist,  and  cooperate  with  national  intelligence  work.  What
            “national intelligence work” means is unclear and, I’d argue, intentionally vague.

            Additionally,  Beijing  acquires  “golden  shares”  in  Chinese  Big  Tech  so  that  government  officials  are
            directly  involved  in  these  businesses.  Again,  this  raises  questions  about  independence  and  what’s
            happening on the back end.

            Second, nefarious devices can cause big problems. In theory, if granted full permissions within a local
            network,  IoT  devices  can  perform  various  actions,  including  monitoring  network  traffic,  initiating
            distributed denial-of-service attacks, and targeting other connected devices. This is disconcerting from
            both a business security and national security lens.

            Third, the lack of device regulation in this region results in cybersecurity holes. In Europe, there are far-
            reaching regulations like the General Data Protection Regulation and Cyber Resilience Act. In China,
            equivalents don’t exist. Devices often carry default passwords, always-on cloud settings, and unpatched
            backdoors. With IoT becoming part and parcel of today’s smart home and office, this is just not good
            enough.






            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          212
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.