HARRISBURG – Today, the Pennsylvania Senate Communications and Technology Committee chaired by Sen. Tracy Pennycuick (R-24) passed legislation (SB 376) to prohibit state government agencies from downloading and using TikTok.
“This important measure will ensure Pennsylvania’s sensitive information will be protected”, said Sen. Pennycuick. “Our nation and Commonwealth are under attack every day from cyber criminals. We must do all we can to defend our government’s data from these dangerous entities”.
As of March 2024, 39 states have prohibited TikTok from government devices (https://worldpopulationreview.com/state-rankings/tiktok-ban-states) following warnings from the FBI which stated the Chinese government could use TikTok to control data collection on millions of U.S. users or control the recommendation algorithm, which could be used for influence operations.
“TikTok presents an unacceptable level of cybersecurity risk to the commonwealth and may be involved in activities such as cyber-espionage, surveillance of government entities, and inappropriate collection of sensitive personal information,” said Senator Phillips-Hill, the bill’s sponsor. “The people of Pennsylvania’s personal safety and our national security are threatened by cyber vulnerabilities of systems that support our daily lives.?It is imperative that Pennsylvania takes bold and decisive actions to prepare for and address cybersecurity threats.”
Under this legislation, agencies, departments, commissions and all state government entities must remove the application from state devices, implement measures to prevent installation of the application, and implement network-based restrictions to prevent the use of, or access to, prohibited services to assure Pennsylvania’s systems are protected from the cybersecurity threats caused by these rogue foreign governmental entities.?
In addition, the committee voted upon SB 377 introduced by Senator Phillips-Hill aimed at protecting our state’s information technology (IT). This legislation will require that any state government purchase of computer hardware meet National Institute of Standards and Technology (NIST) standards and best practices for computer security.
“Cybersecurity attacks cost businesses and governments trillions of dollars every year. Often, governments consider security in terms of preventing ‘a PC’ from being infected. The reality is that attacks are becoming much more destructive and at a larger scale. It’s not uncommon to see attacks take down hundreds or thousands of machines in a single incident,” said Sen. Phillips-Hill.
Pennsylvania has seen attacks and breaches across almost every agency, including the Department of Labor and Industry, Department of Human Services, Department of Education, and Department of Health.
NIST guidelines consist of standards, guidelines, and best practices to manage cybersecurity-related risk. This is a flexible and cost-effective approach that helps to promote the protection and resilience of our IT. These standards have also been adopted by the U.S. Government in all of their IT procurements.
Watch here.
CONTACT: Matt Szuchyt (717) 787-3110