Increased Cyber Threats from China
The UK's intelligence agency, GCHQ, has reported an increase in cyber threats from Chinese state-sponsored hackers targeting UK parliament members, as revealed in a recent report by the Intelligence and Security Committee (ISC). The report, which is the culmination of an inquiry initiated in 2019, criticizes the UK government's response to the national security risks posed by Beijing as insufficient.
Improved Understanding but Greater Sophistication
The ISC report highlights that the UK's understanding of China's cyber operations has improved over the years, but the operations themselves are becoming more complex and sophisticated. The committee expressed concerns over the unknown aspects of China's hacking activities and recommended that security agencies continue to monitor China's general capabilities while also focusing on its offensive cyber operations.
Coinciding with Microsoft's Announcement
Interestingly, the report's release coincided with Microsoft's announcement of a Chinese hacking group exploiting a bug in its cloud email service to spy on numerous organizations and government agencies in the US and Europe. The method used by the Chinese hackers to exploit the bug remains unclear.
Echoing Warnings from Western Governments
The ISC report also echoes warnings from several Western governments about China's comprehensive approach to pursuing its interests and values, often at the expense of the UK. The committee highlighted China's extensive and effective cyber espionage capabilities, which include elements of the Ministry of State Security (MSS), the People's Liberation Army (PLA), and a range of non-official actors.
Potential Cyber Attacks on UK's Infrastructure
China's cyber operations have successfully infiltrated foreign government and private sector IT systems, stealing intellectual property and gaining valuable intelligence. The ISC warned that these sophisticated cyber capabilities could potentially be used to launch a cyber attack against the UK's infrastructure.
Targeting the Energy Sector
The report also noted that Chinese threat actors have targeted the computer networks of British and international companies within the energy sector. At least one unidentified FTSE 100 energy company has been compromised, with commercially sensitive information stolen.
GCHQ's Response and China's Comprehensive Approach
Despite the challenges posed by China's intelligence apparatus, the UK's GCHQ has been actively involved in cyber operations to expose and disrupt the activities of Chinese state-sponsored hackers. However, the ISC warned that China's comprehensive approach could potentially co-opt Chinese state-owned and non-state-owned companies, as well as academic and cultural establishments and ordinary Chinese citizens, into espionage and interference operations overseas.
Criticism of the UK Government's Openness to Chinese Investment
The report criticizes the UK government for being too open to Chinese investment in critical domestic sectors, particularly before the COVID-19 pandemic. It concludes that while seeking to exert influence is a legitimate course of action, China often crosses the line into interference in the pursuit of its interests and values at the expense of the UK.