Dwelling Affairs evaluate of TikTok was merely for workers use on its community
The Home Office has confirmed that a review of the controversial video sharing platform TikTok was just a standard network rating.
Addressing the selection committee for foreign interference through social media On Friday, First Assistant Secretary of the Interior Hamish Hansford announced that an internal risk assessment for TikTok for departmental systems was being conducted by the department’s cybersecurity risk area in January 2020.
“We routinely investigate vulnerabilities in our departmental network as well as in our systems and on our mobile devices. This is a routine function performed by our cybersecurity risk section in our information and communication technology section in the department,” he said.
“This is in line with some guidelines from the Australian Directorate of Signals regarding application whitelisting, application control, and system locking from macros – things like that – done in the context of departmental systems.”
Hansford said the internal affairs review was presented differently. He said the internal review is completely different from the role his department plays in advising the government on cybersecurity policy.
See also: JCPAA requires Commonwealth Corporations to undergo an annual cyber assessment by ANAO
As a result of this review, no advice on TikTok was given to the government.
Prime Minister Scott Morrison said in August that he had “taken a close look at TikTok” and that there was no evidence of any person’s data being misused.
“We have looked at this closely and there is no evidence that, after doing this, we committed any misuse of any person’s data that occurred, at least from an Australian point of view, in relation to these uses,” he told the Aspen Security Forum.
“You know, there are a lot of things on TikTok that are embarrassing enough in public. So this is kind of a social media device.”
Morrison said the same problems occur with other social media companies like Facebook.
“There is a tremendous amount of information going back into systems. Now it is true that with applications like TikTok, that data, that data, that information can be accessed at a sovereign state level. This is not the case with respect to The Applications who are from the US. But I think people should understand and there is some kind of buyer caution process in place, “added the Prime Minister.
“At this point there is nothing to suggest that any security interest or Australian citizens have been compromised as a result of what happened with these applications.”
The committee hoped to find out how Morrison came to this conclusion.
While noting where Morrison got such advice, Hansford said he assumed it came from the Australian Signals Directorate (ASD).
During the Senate’s estimates in October, ASD director general Rachel Noble said her team was involved in advising Morrison, but without explaining exactly what that advice was.
Noble said, however, that the ASD’s job is to provide technical advice when department employees use TikTok on phones exposed by work.
“Ultimately, it is up to each department to make their own risk assessment of whether or not they want to deploy this application as a whole on their work-supplied iPhone, for example. This will be their own judgment, weighed against the potential benefits of.” the application to the proper operation of their own organization, “she said.
“We’ve given pretty extensive public advice about social media apps. The nature of that advice in general is that it’s important to remember that the business model of all social media apps is to share your personal information, which Make it available to them, monetize them, but also resell the nature of your activity and involvement … this is a great business model for fundraising.
“Our advice really encourages people to take this into account and to proceed with great caution. Think about what personal information you are willing to provide.”
A question of whether TikTok receives the same test from the Australian government as Huawei has been outsourced to the Australian Cyber Security Center.