Order directs technology division to prohibit use of certain technologies that could pose potential cybersecurity risks, threats to state

MADISON, WI — Governor Tony Evers on Jan 12th, signed Executive Order #184 banning TikTok from state-issued devices, as well as directing the division charged with managing enterprise technology to prohibit the use of certain other technologies, software, and vendors that could pose potential cybersecurity threats. 

At the end of last year, the governor indicated members of his administration and the Department of Administration’s Division of Enterprise Technology (DOA-DET) continued to be in regular conversations with the U.S. Department of Homeland Security, the Federal Bureau of Investigation (FBI), Wisconsin Emergency Management, and counterintelligence specialists, among others, in making decisions about cybersecurity for state government devices, including potentially banning TikTok. Last week, Gov. Evers, in an interview with WISN 12 News, announced that, as a result of continued conversations with state and federal partners, he had made the decision to ban TikTok from state devices. 

“In the digital age, defending our state’s technology and cybersecurity infrastructure and protecting digital privacy have to be a top priority for us as a state,” said Gov. Evers. “I trust the professionals who work in this field, and it was important for me to consult with and get advice from experts in law enforcement, cybersecurity, and counterintelligence, including the information technology experts working within DOA-DET, to make the best decision to protect state technologies, and ultimately, the people of Wisconsin.

“New and evolving technologies will continue to present risks to privacy, safety, and security, and this order ensures we will continue to be vigilant in monitoring these technologies while trusting the advice of these experts on evolving cybersecurity issues facing our state.”

DOA-DET is responsible for managing the state’s information technology assets and the use of technology to improve government efficiency and service delivery, and helps develop strategies, policies, processes, procedures, guidance, and standards for enterprise and multi-jurisdictional use of information technology resources. In the course of providing information technology and cybersecurity support, DOA-DET also regularly consults with the U.S. Department of Homeland Security, the FBI, and counterintelligence specialists in making decisions about cybersecurity for state government devices and services. DOA-DET also utilizes federal guidelines, industry trends, collaboration with other states, and other intelligence sources and experts on potential cybersecurity threats in providing support to executive branch agencies. DOA-DET services a variety of entities under Ch. 16 of Wisconsin State Statutes, including and primarily executive branch agencies. 

The governor’s order, among other things: 

• directs DOA-DET to bar certain foreign technologies, including TikTok, as well as other certain vendors and software, from being utilized, connected to, or installed on state-issued devices, which includes but is not limited to desktop computers, laptops, tablets, cellular phones, and other mobile devices; 
• reiterates that DOA-DET should continually reevaluate and identify applications and vendors that could present a potential risk to state information or state information systems, as they currently do, as well as monitor and update the directives of the order based on new and emerging information;  
• directs DOA-DET to use its authority under Ch. 16 to identify foreign vendors that might pose security risks to the state and to implement safeguards to protect state interests; and 
• directs DOA-DET, where statutorily authorized, to monitor adherence to issued guidance, policies, standards, procedures, and processes, to assist impacted executive branch agencies to ensure they are able to abide by all technical standards and directives of DOA-DET and the State Chief Information Officer and the State Chief Information Security Officer. 
   

DOA-DET has legal authority to impose and mandate cybersecurity standards on executive branch agencies, as prescribed under Ch. 16 of Wisconsin State Statutes, including Gov. Evers and the Office of the Governor, although Gov. Evers has never used or maintained an official TikTok account, nor has a TikTok account on Gov. Evers’ behalf ever been managed or maintained on any state-issued device. Under Ch. 16, DOA-DET does not have the legal authority to mandate that the University of Wisconsin System (UWS) abide by these requirements. Additionally, the Departments of Justice (DOJ) and Public Instruction (DPI) are headed by duly elected constitutional officers, and management and control of information technology systems have been delegated to those agencies. DOA-DET will continue to work closely with agencies across the state enterprise, including agencies such as DOJ and DPI, as well as UWS, to ensure that all relevant cybersecurity standards, associated risks, and requirements are shared, discussed, and met where appropriate. This order does not apply to the judicial or legislative branches of government.

Narrow exceptions to this order will only be granted for limited use, subject and pursuant to DOA-DET implemented policies and standards, for example, to entities with responsibilities paramount to ensuring public safety and the well-being of kids and families, such as situations in which the Department of Corrections must review content of an individual on supervision or when the Department of Children and Families needs to gather evidence from TikTok in a child abuse and welfare proceeding. DOA-DET will continue to work closely with agencies across the state enterprise to ensure that all relevant cybersecurity standards, associated risks, and requirements are shared, discussed, and met, where appropriate.

A copy of the governor’s order is available here. 

An online version of this release is available here.