On Sunday, January 19th, TikTok, the app that has captivated millions, was expected to shut down its operations in the U.S. This follows a sweeping federal ban sparked by a new law demanding that ByteDance, the Chinese company behind TikTok, divest from the app. Canada, too, is stepping up its scrutiny, forcing TikTok to close its national operations over similar security fears. However, while the app faces regulatory fire, Canadians are still free to use it, even as government employees are banned from having it on their devices.
One has to ask, why the sudden crackdown? Both nations are deeply concerned that the Chinese government could be using TikTok as a tool to steal sensitive personal data, manipulate public opinion, and spread propaganda. As cyber threats loom larger on the global stage, this is more than just a privacy issue; it’s a matter of national security. As China’s digital influence grows, so does the urgency to counter its effects. The crackdown on TikTok is just one piece of a much larger strategy, one that’s playing out through China’s increasingly sophisticated cyber operations worldwide.
On January 12, 2025, Christopher Wray spoke on 60 Minutes about China’s cyber program, describing it as a significant threat to democracy, national security, and indirectly, the security of NATO allies. Wray revealed that China has stolen more U.S. data than any other nation. What’s truly at stake here? Why would a country like China seek such extensive information about Americans and private companies’ customers? At Vanderbilt Summit on Modern Conflict and Emerging Threats, Wray stated: “The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that it plans to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist.”
China’s involvement in these activities reveals several strategic objectives. Espionage allows the country to gain insights into economic and technological strategies, potentially enabling it to outpace competitors and shape global markets. For example, in 2018, the Chinese government accessed the computers of a U.S. Navy contractor affiliated with a university, stealing research on undersea warfare capabilities. This breach included classified information on a supersonic anti-ship missile intended for submarine deployment in 2020.
Additionally, stolen data can be used to influence societal dynamics, providing opportunities for social control through the manipulation of public opinion and the dissemination of propaganda. These efforts also offer military and strategic advantages. For example, inserting malware into critical infrastructure could disrupt essential sectors such as energy, transportation, and telecommunications, undermining national stability and security. This was demonstrated in the 2021 cyberattack on Colonial Pipeline, a major fuel supplier in the U.S., which suffered a ransomware attack that affected fuel distribution across North America. The Russian-based hacking group DarkSide claimed responsibility for the attack and received approximately 63.7 Bitcoin, valued at about $2.3 million at the time, as ransom.
Closer to home, the Canadian Security Establishment (CSEC) has identified a significant presence of China’s cyber program in Canada, actively targeting political and commercial sectors. Election meddling is attributed, in part, to China’s cyber activities. This was demonstrated in a 2023 disinformation campaign by China that targeted an MP for Wellington–Halton Hills, Micheal Chong. The Rapid Response Mechanism (RRM) found evidence of a coordinated campaign spreading false narratives about Chong’s identity, politics, and family heritage on WeChat. His family in Hong Kong was also targeted after he voted to condemn China’s treatment of Uyghurs as genocide.
What’s the Solution?
Policy solutions to address digital governance need to be considered, as nations like China can compromise our national security. During the NATO Washington Summit held in July 2024, NATO openly criticized China’s cyber espionage and its implications for global security. This marked a rare move as NATO has traditionally been cautious about directly addressing China due to the complex economic ties many member nations share with it.
There have been propositions for Elon Musk to purchase TikTok, with Chinese officials reportedly considering the idea of allowing Musk to run a U.S. version of the app. Trump has delayed TikTok’s shutdown, possibly to help his partner Musk, who is now involved in his government. However, this presents other challenges, and the point remains that there is a growing issue when it comes to the governance of social media, especially in the wake of Meta joining X in the decision to remove fact-checking from its platform.
Part of the solution, particularly for Canada and the United States, is to continue encouraging education and promoting professional development within companies to lock down such threats, especially from nations like China. These efforts could include certifications such as ISO/IEC 27001 and 27002, international standards for companies establishing, maintaining, and implementing security management. The government could also further subsidize such certifications to ensure that private companies, alongside public ones, are protected from cyber threats.
Lastly, proposed legislation in Canada such as Bill C-26 aims to establish cybersecurity compliance by amending the Telecommunications Act. The introduction of the new Critical Cyber Systems Protection Act (CCSPA) will help protect critical cybersecurity infrastructure across Canada. This includes fines of up to $10 million for each day of non-compliance and up to $15 million for subsequent contraventions.
Canada and the United States should continue to explore multilateral strategies, such as the European Union’s General Data Protection Regulation (GDPR) to enhance data security or its coordinated cybersecurity frameworks like the EU Cybersecurity Act, to combat deceptive practices in cyberspace. By unifying efforts and strengthening international alliances, we can help control cyberspace and make it a safer place for the Alliance, ensuring that bad actors are kept at bay.[JD1]
Photo: Computer Codes (2016) via Pixel. Licensed under CCO.
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of
Canada.
