U.S. concerns about TikTok are "absolutely valid," expert says
The Biden administration on Monday directed all government agencies to delete TikTok from federal devices and systems within 30 days. Congress banned the popular app from federal government devices in December — amid growing national security concerns that TikTok's Chinese parent company ByteDance could give the Chinese Communist Party access to user data.
Shawn Henry, chief security officer for the cybersecurity company CrowdStrike, told "CBS Mornings" on Tuesday that U.S. concerns about TikTok are "absolutely valid."
"China wants to be the No. 1 superpower in the world and they have been targeting U.S. technology, U.S. personal information. They've been doing electronic espionage for several decades now," Henry said. "TikTok is just another activity, another opportunity for them to gain access to people's information, to see what people are thinking about, to potentially influence the way people think by putting misinformation into their app."
Henry noted that information isn't being collected about adults alone. China could use data collected about kids and teenagers now in the future, when they're attending universities and working in major corporations worldwide.
"Chinese government has been in place for many, many years. There's a lot of consistency. They have a really clear strategy. They are going to execute on that strategy to achieve their objectives," Henry said.
Henry said it's important for people to understand how social media is being used, and noted that when people "push information onto the network," it stays there forever.
"When you're looking at: how is it collected, who has access, what might they be doing with that data long-term? That changes the calculus, and I think that has to factor in to the type of applications that you use and the type of information that you put into those applications," he said.
CrowdStrike, which specializes in endpoint protection and threat intelligence, released on Tuesday its annual CrowdStrike Global Threat Report, which looks at the "evolving behaviors, trends and tactics of today's most feared nation-state, eCrime and hacktivist threat actors around the world," according to a news release about the report.
The company has tracked the activities of more than 200 adversaries – including 33 new adversaries identified in the past year alone — and found "a surge in identity-based threats, cloud exploitations, China-nexus espionage and attacks that re-weaponized previously patched vulnerabilities."
Henry on Tuesday also discussed the war in Ukraine. As the conflict heads into its second spring, the virtual and digital component of Russia's offensive could escalate, disrupting areas like critical infrastructure, transportation, communications, logistics and the supply chain, he said.
The Russians have become skilled at "using this tool," Henry said, which was seen in advance of Russia's Ukraine invasion one year ago.
"Russia, in advance of rolling tanks across the border, targeted Ukrainian critical infrastructure, things like communication, the electric power grid, they pushed misinformation out to try and cause confusion and create havoc within the Ukrainian citizenry," Henry said.
"This is now part of the playbook long-term," he said. "It's something that everybody needs to consider. It's not just tactical. It's not physical, but there's this whole virtual and digital component that everybody needs to be concerned about."
"I think as more tactical maneuvers, more military operations continue in the springtime, we're going to see it used more often," he added.
