The European Union fined TikTok $600 million after Irish investigators concluded that the popular app did not protect the data of its European users. TikTok is appealing the allegation that it violated E.U. data privacy laws. But the action comes as the U.S. considers banning the platform over the same data concerns if its owner, ByteDance, does not sell it to a non-Chinese company.
Congress took a critical step toward addressing one of the most pressing threats to our national security: the vulnerability of our telecommunications infrastructure. The House Energy and Commerce Committee’s hearing, Global Networks at Risk: Securing the Future of Telecommunications Infrastructure, tackled the growing risk posed by hostile foreign actors like China, who continue to exploit global networks for espionage and control.
But something was missing. While lawmakers rightly focused on threats from state-sponsored actors and the proliferation of Chinese technology in our networks, the conversation failed to fully address the core weakness: our outdated, blind, and static network architecture.
In 2017, the Economist declared “The world's most valuable resource is no longer oil, but data.” If data is the new oil, then AI is the new refinery transforming raw information into valuable insights and solutions for humanity. This makes the security of our data – our personal, corporate, and national data a paramount issue of public policy.
Imagine a high-security vault where you store your most valuable possessions—your identity, your company’s intellectual property, our government’s classified communications. Now imagine that vault has no cameras, no logs, and no ability to tell you who walked in, what they took, or where they went. That is what our current network infrastructure looks like. Data flows invisibly across borders and networks, often without sufficient control, visibility, or accountability.
It is inevitable for nations to assert sovereignty over data in transit as they grapple with the complexities of governing digital spaces. The “Great Firewall” of China is a crude attempt by a country to manage data and information, but it impedes freedom of speech and expression and a is hindrance to global commerce. Solutions for the free world need to preserve the open Internet to enable innovation, global connectivity, and free information flow. Our challenge lies in balance: how do we maintain the Internet's fundamental openness while accommodating national security concerns and protecting individual and corporate interests from the ever-increasing threat of cybercrime?
Our nation’s cyber defense strategy needs to incorporate data management and data privacy. We need to enable citizens, countries, and companies to manage their information flow via specific physical pathways that meet the laws, policies, and needs of those citizens, countries, and companies. At the same time, we need to ensure that data is confidential and private as the intended recipient accesses it. Such a system would fundamentally transform how networks manage data, enabling, for example, more precise management of cross-border data flows, while maintaining the Internet's essential character as an open, interconnected network.
The good news is that a bipartisan group of policymakers is already working to better secure our nation’s data and improve our cyber defenses. On February 27, 2025, Senators Jackie Rosen (D-NV), Jon Husted (R-OH) and Pete Ricketts (R-NE) introduced a bill that prohibits the use of the Chinese AI platform Deepseek on all government devices and networks. Bills such as this demonstrate the bipartisan political appetite to improve cyber security but also highlight the piecemeal and reactive approach that the U.S. has taken on cybersecurity thus far.
Cyber threats will only grow in complexity and number. For example, the disruption of future AI agents by malicious actors could compromise our most vulnerable systems, ranging from healthcare delivery to factory production. We need a comprehensive shift in the U.S.’s approach to cybersecurity to proactively address issues before they arise. This means moving beyond traditional firewalls by modernizing our network itself. With new security tools and methodologies built into every layer of a network’s operations, we can have our cake and eat it too – we can ensure data goes where it needs to go (e.g., not to bad actors) – and we can assure that the data is kept confidential and the Internet open.
It is time for policymakers to move past 20th century patchwork security and to embrace data sovereignty and long-term solutions to the threats posed by the global digital economy from hostile, sophisticated state actors such as China, Russia, and North Korea. We must move swiftly to protect Americans and our data as threats become more frequent and pervasive.
Khalid Raza, the CEO and Founder of Graphiant, a company involved in architecting networks for Global Tier-1 carriers and Fortune 100 companies. He is the author of Large-Scale IP Network Solutions.
