- A National Imperative - Cyber Resiliency
- How and When to Know You Need a Fractional CISO
- Thelma - The Real-Life Voice Scam That Made It into the Movies | McAfee Blog
- Australian Organizations are Fascinated With Copilot for Microsoft 365, But Will They Avoid The “Gotchas”?
- Gartner: 3 Actions to Achieve Cybersecurity Consolidation
The TikTok Ban Spells Trouble for Chinese IoT
What businesses should do today to prepare for likely bans across Chinese tech tomorrow
By Carsten Rhod Gregersen, Founder and CEO of Nabto
It’s happening. Following years of rumors, The United States is moving forward with legislation to ban TikTok. The proposed regulation is about much more than social media and short videos – it’s about how a technology company with foreign roots and government links handles sensitive user data.
TikTok is the tip of the Chinese technology iceberg and this is a sign of things to come. As a result, enterprises should prepare as regulators likely move to target hardware, chips, and the Internet of Things (IoT). Let’s explore.
The ban and what it means
This ban has been a long time coming. For example, India banned 60 Chinese apps in 2020, including TikTok, claiming they were transmitting user data back to China. Many, including myself, believed it was a matter of time until similar sentiments gained international traction.
Further, The US has previously banned other Chinese-linked companies for similar concerns. In 2021, Washington cracked down on surveillance equipment from two Chinese companies, Hikvision and Dahua, due to national security and cybersecurity threats. In April, a federal appeals court upheld the ban, ruling that The Federal Communications Commission (FCC) acted within its authority to counteract the national security risk posed by telecommunications equipment accessible to the Chinese government.
While data security is frequently cited as the primary justification behind the ban, the motivations may extend beyond this. They could also reflect the US government’s broader desire to diminish China’s production capabilities and reduce its economic and technological influence. Thus, the ban likely represents one tactic in Washington’s arsenal aimed at China for “flooding global markets with cheap goods.”
Now, regardless of whether the Senate moves ahead with the House ban, Washington’s protectionist intent is clear. If regulators are concerned about the privacy and security implications of Chinese apps like TikTok, then connected device components and general hardware are next in their crosshairs.
The potential hardware threat
Again, much like TikTok, some view connected devices and hardware from this part of the world as potentially dangerous. This is for three main reasons.
First, data integrity is far from certain. In 2018, China amended its National Intelligence Law, requiring any organization or citizen to support, assist, and cooperate with national intelligence work. What “national intelligence work” means is unclear and, I’d argue, intentionally vague.
Additionally, Beijing acquires “golden shares” in Chinese Big Tech so that government officials are directly involved in these businesses. Again, this raises questions about independence and what’s happening on the back end.
Second, nefarious devices can cause big problems. In theory, if granted full permissions within a local network, IoT devices can perform various actions, including monitoring network traffic, initiating distributed denial-of-service attacks, and targeting other connected devices. This is disconcerting from both a business security and national security lens.
Third, the lack of device regulation in this region results in cybersecurity holes. In Europe, there are far-reaching regulations like the General Data Protection Regulation and Cyber Resilience Act. In China, equivalents don’t exist. Devices often carry default passwords, always-on cloud settings, and unpatched backdoors. With IoT becoming part and parcel of today’s smart home and office, this is just not good enough.
Prepare your business ecosystem now
There’s no question that regulators are clamping down on Chinese technology. In fact, one can expect device origin to only grow in importance as the West adopts more protectionist microchip policies (CHIPS and Science Act) and stricter device production rules (Cyber Trust Mark).
This should sound alarm bells for businesses. Overnight bans can translate into overnight bottlenecks if the technology behind your day-to-day operations is suddenly curtailed. The best course of action right now is to evaluate your IoT ecosystem, identify the origins of your software and hardware, and get ahead of any policies that could impact your business.
And, in any case, your information is worth protecting. Chinese devices have a bad reputation for a reason. Despite higher prices, European and American devices often make up for it with data guarantees, tighter controls, and longer lifecycles.
Whatever happens next, staying informed and adaptable is crucial for navigating the changing landscape of global technology governance.
About the Author
Carsten Rhod Gregersen is an IoT expert with more than two decades in software and innovation. Carsten is the CEO and founder of Nabto, the platform providing peer-to-peer communications for connected devices. His areas of expertise span critical domains such as security, cybersecurity, technology regulation, and the impact of IoT. With a proven track record, Carsten lends his strategic insights and operational expertise to various small and medium-sized businesses, serving on multiple boards of directors. In addition, Carsten is a regular contributor to leading media outlets including TechRadar, The New Statesman, Embedded, InfoSecurity Magazine, and many others.
Carsten can be reached online at LinkedIn and his company website https://www.nabto.com/
