Governor Larry Hogan today announced that the State of Maryland has issued an emergency cybersecurity directive to prohibit the use of certain Chinese and Russian-influenced products and platforms for the executive branch of state government, including TikTok. These entities present an unacceptable level of cybersecurity risk to the state and may be involved in activities such as cyber espionage, surveillance of government entities, and inappropriate collection of sensitive personal information.
“There may be no greater threat to our personal safety and our national security than the cyber vulnerabilities that support our daily lives,” said Governor Hogan. “As the cyber capital of America, Maryland has taken bold and decisive actions to prepare for and address cybersecurity threats. To further protect our systems, we are issuing this emergency directive against foreign actors and organizations that seek to weaken and divide us.”
The directive—issued by the state’s Chief Information Security Officer (CISO)—applies to TikTok; Huawei Technologies; ZTE Corp; Tencent Holdings, including but not limited to: Tencent QQ, QQ Wallet, and WeChat; Alibaba products, including but not limited to: AliPay; and Kaspersky.
Under this directive, agencies must remove any of these products from state networks, implement measures to prevent the installation of these products, and implement network-based restrictions to prevent the use of, or access to, prohibited services.
“This action represents a critical step in protecting Maryland State systems from the cybersecurity threats caused by foreign organizations,” said State CISO Chip Stewart.
Last week, FBI Director Christopher Wray reiterated that TikTok is a threat to national security, stating: “The Chinese government has shown a willingness to steal Americans’ data on a scale that dwarfs any other.” On Monday, NBC News reported that hackers linked to the Chinese government were involved in the theft of COVID benefits in the United States, including state unemployment funds.
Ongoing Cybersecurity Initiatives. Last year, Governor Hogan held a cybersecurity summit in Annapolis bringing together federal, state, and local leaders and enacted a series of initiatives, including a new partnership with the National Security Agency (NSA) to have a senior-level data analyst advise the State of Maryland, and a Memorandum of Understanding (MOU) with the University of Maryland, Baltimore County (UMBC) to establish a new Maryland Institute for Innovative Computing.
Earlier this year, the governor announced more than $200 million in funding to modernize, strengthen, and expand the state’s cyber infrastructure; launch the Maryland Cyber Range for Elevating Workforce and Education (MD-CREWE), forming a multi-state partnership with the Virginia Cyber Range; and provide universal and equitable access to Advanced Placement (AP) Computer Science in every Maryland high school.