The State of New Jersey issued a new cybersecurity directive to prohibit the use of high-risk software and services on state devices, including the popular social media video platform TikTok.
That was the message from Gov. Phil Murphy from Trenton, who noted the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) had collaborated with the Office of Information Technology in developing the new list.
Murphy positioned the directive as a way to protect the safety and welfare of New Jersey.
Cybersecurity Threat
“The proactive and preventative measures that we are implementing today will ensure the confidentiality, integrity, and safety of information assets managed by New Jersey State government. This decisive action will ensure the cybersecurity of the state is unified against actors who may seek to divide us,” he said.
NJCCIC will be tasked with maintaining a list of technology vendors and software products and services that present an unacceptable risk to the cybersecurity of the state, and will apply to all departments, agencies, commissions, boards, bodies, or other instrumentalities of the Executive Branch.
Aspects of the Directive
The directive had four major components, including:
- Remove any referenced software products from State-owned, provided, or managed systems and devices;
- Implement network-based restrictions to prevent the use of, or access to, prohibited software or services;
- Implement measures to prevent the installation of referenced high-risk software products on State-owned or managed technology assets; and,
- Develop and implement plans to include risks associated with referenced high-risk software products and supply chain security into cybersecurity awareness and training programs.
Exemptions Under the Directive
The state will offer exceptions for agencies that may have public health, safety, welfare, or other compelling state business and public interest reasons. In such cases, a written request must be provided to NJCCIC.
If a reason is compelling enough for utilizing such a program for communications or outreach work, they may be allowed to utilize them on devices no connected to a secure state network.
Regardless, approved exceptions and use cases will be required to adhere to risk mitigation instructions.
Full Listing of Prohibited Vendors
As of Jan. 9, the following were prohibited under the directive:
- Huawei Technologies
- Zhejiang Dahua Technology Co., Ltd., also doing business as Dahua
- Hangzhou Hikvision Digital Technology Co., Ltd., also doing business as Hikvision
- Tencent Holdings LTD, including but not limited to:
- QQ Wallet
- Alibaba products, including but not limited to:
- AliPay
- Alibaba.com Mobile Apps
- Hytera
- ZTE Corporation
- ByteDance Ltd., including but not limited to TikTok
- Kaspersky Lab
Comments 1