London must ‘wake up’ to the scale and severity of the threat of espionage, intellectual property theft and interference operations by China, a leading parliamentarian has warned.
Former minister Theresa Villiers, who sits on Parliament’s Intelligence and Security Committee, stressed that China is “extensively” targeting the capital because it wants to gain economic, political or military advantage.
Parliament, government departments in Whitehall and beyond, leading universities, the city and corporate headquarters make the city a target-rich ecosystem for state cyber attacks.
Ms Villiers, Conservative MP for Chipping Barnet, told The Standard: “London must wake up to the scale of the risk China poses to our prosperity, our science and technology and our cyber security.
“We are frequently targeted by China.”
She stressed the need to create a “difficult operating environment” for malicious activity, adding: “We need to be more resilient than we are at the moment. This applies across the board in London.
‘I’m afraid most of us don’t understand the magnitude of the risk.
“The concern is that it may take a very significant cyber attack to really make London realize what the risks are and how important this issue is.”
Chinese cyber attacks have become much more sophisticated in recent years.
Operations are often very carefully planned as companies and individuals in target countries have become much more aware of cybersecurity.
In the Square Mile, law firms, accountants, accounting firms and other professional services firms can be singled out for the high level of regulation, including on resilience, for banks whose computers may be more difficult to hack.
It is believed that Chinese state actors have shown a particular interest in stealing secrets about mergers and acquisitions that could give the state-owned company in China a competitive advantage.
Some law firms may be targeted because of all the documents on their systems about business deals, others because they represent Chinese dissidents.
If a hacker gains access to a legitimate computer network, he can then use it to attack his main target, as a fake email from his lawyer is unlikely to raise suspicions.
London’s openness as a financial center is one of its great strengths, but it can also make it vulnerable to attack or to money transfers to influence operations.
A significant number of FTSE 100 and other London-headquartered companies are likely to be on Beijing’s radar, including AI unicorns and smaller artificial intelligence companies, as well as companies specializing in microchip developments, rare minerals and other key technologies.
In the past, Chinese cyber hackers may have sent a wave of phishing emails to try to gain access to a computer system to obtain intellectual property.
Now they’re more likely to try to calibrate what would be an effective but not too obvious number, so instead of 100, because someone might raise the alarm, or just a few, because these might be ignored, a dozen or so could meet the demands of the operation. goals.
Supply chain, IT and other technology companies can also be targeted as an easier backdoor to a major company.
Some multinationals will have supply chains with hundreds of companies and one weak point may be enough for hackers to penetrate.
Once a system is breached, state actors can remain hidden within it for months or even years, displaying strategic patience to play a “long game.”
The Electoral Commission was hacked in August 2021, but was not informed of the breach until October 2022.
The Covid pandemic also saw a large number of companies rush to put together IT systems so their staff could work from home.
These networks, given the speed at which they were put together, might not have been the most secure and might not have been seen as a priority by bosses to go back and recheck to make sure they didn’t contain any flaws that could are exploited.
Parliament and Whitehall are key targets for Chinese cyber missions.
Cyber security at the Palace of Westminster has been significantly tightened over the years.
But House of Commons committees, especially those with an interest in China, as well as individual MPs and peers, are believed to be targeted by Beijing.
Chinese spies will be monitoring parliamentarians who could provide information on future government policy, with the Foreign Office, Ministry of Defense and other parts of Whitehall facing an ongoing cyber attack threat.
Ms Villiers explained: “The most obvious area of current concern regarding the political field is the recruitment of prominent, mainly retired politicians, but also civil servants for positions in the Chinese business community.
“Because of the (Chinese) state approach, these companies are legally required under Chinese law to cooperate with the Chinese government’s international policies and espionage efforts.”
Professor Steve Tsang, director of the SOAS China Institute in London, explained that universities are “places where people exchange ideas, do research, think outside the box and do innovative and inventive things” and are not “designed and equipped to meet national to protect safety”.
The government must therefore ‘take the lead in this’.
“When you embark on your scientific and technological research, there is a real element of academic collaboration and collaboration, which can create synergy and push boundaries,” he stressed.
“China has very, very good scientists and engineers who are able to work with the best British institutions in that kind of technology area.”
But ‘gray areas’ can arise.
“What is legitimate and acceptable is a matter of national security definition,” he added.
Some Chinese academics who carry out collaborative projects with British institutions would not do so to obtain secrets on behalf of the Chinese state.
However, if they are later asked to pass on details of Beijing’s investigation, they would have to do so according to President Xi Jinping’s decrees, experts said.
Some other investigators, from institutions believed to be linked to the People’s Liberation Army, are suspected of being sent to Britain specifically to gather information.
It is believed that China is looking not only for breakthroughs in research and technology, especially in centers of STEM excellence, but also for the development of ideas in higher education institutions, think tanks and other non-governmental organizations, that could have an impact on government policy.
Many state actors also plan their operations based on their own domestic practices, traditions and laws.
Chinese hackers may therefore assume that some academics are doing work for the UK government, even if they are not, and therefore target them, possibly because of their intellectual property.
Ms Villiers said there has been a move away from situations where some universities have taken Chinese money in the past “with few questions asked”, with “almost turning a blind eye” to what the long-term national security risks might be.
“But we absolutely need to see more from London’s business community and also from our scientists and academics,” she added on cyber security.