London needs to “wake up” to the scale and severity of the threat of espionage, intellectual property theft and interference operations from China, a leading parliamentarian has said.
Former Cabinet minister Theresa Villiers, who sits on Parliament’s Intelligence and Security Committee, emphasized that China is aggressively targeting capital as it seeks economic, political or military advantage.
Parliament, Government departments in Whitehall and beyond, leading universities, the City and corporate HQs make the city a rich ecosystem for State cyber attacks.
Speaking to the Standard, Ms Villiers, Conservative MP for Chipping Barnet, said: “London needs to wake up to the scale of the risk to China, to our prosperity, to our science and technology and to our cyber security.
“China is very focused on us.”
Stressing the need to create a “difficult operating environment” for malicious activity, she said: “We need to be more resilient than we are now.. that’s all over the world in London.
“I’m afraid most of us don’t understand the scale of the risk.
“The concern is that it may take some very significant cyber attack for London to understand what the risks are and how important this issue is.”
China’s cyber attacks have become much more sophisticated in recent years.
Operations are often very carefully planned and companies and individuals in targeted countries are much more aware of cyber security.
In the Square Mile, law firms, accountants, audit firms and other professional services companies may be selected given the high level of regulation, including in terms of resilience, for banks whose computers may be more difficult to hack.
Chinese state-owned actors are understood to have shown a particular interest in stealing secrets on mergers and acquisitions that could give their state-owned enterprises a competitive advantage in China.
Some law firms may be targeted because of all the documents on their systems about business deals, and others because they represent Chinese dissidents.
If a hacker gains access to a legal computer network they can then use it to attack their primary target, as a fake email from that person’s lawyer is unlikely to arouse suspicion.
London’s openness as a financial center is one of its great strengths but could leave it vulnerable to attacks or the transfer of funds to influence operations.
A number of FTSE 100 and other London-headquartered companies are likely to be on Beijing’s radar, including AI unicorns and smaller artificial intelligence firms, as well as those specializing in microchip developments, rare minerals and key technologies another.
In the past, Chinese cyber hackers may have sent a wave of phishing emails to try to gain access to a computer system to extract intellectual property.
Now, they are more likely to try to calibrate an effective but not too obvious number, so instead of 100 because someone might sound the alarm, or just a few things that could be ignored, d a dozen or so could fulfill the operation’s number. aims.
Supply chains, IT and other technology companies could also be targeted as an easier backdoor into big business.
Some multinational companies will have supply chains with hundreds of businesses and one weakness could be enough for hackers to penetrate.
When a system is breached, state-based actors may remain hidden within it for months, or even years, showing strategic patience to play the “long game”.
The Electoral Commission was hacked in August 2021 but was not alerted to the breach until October 2022.
The Covid pandemic also saw a large number of companies rushing to put together IT systems so that their staff could work from home.
These networks, given the speed at which they were put together, may not have been the most secure networks and it may not have been seen as a priority for the leaders to go back and check again to make sure they did not have flaws that they could be taken advantage of.
Parliament and Whitehall are prime targets for China’s cyber missions.
Cyber security at the Palace of Westminster has been tightened significantly over the years.
But it is believed that Beijing will target select committees of Deputies, particularly those with an interest in China, as well as individual MPs and peers.
Chinese spies will be eyeing parliamentarians who could provide information on future Government policy, as the Foreign Office, the Ministry of Defense and other parts of Whitehall face the constant threat of cyber attacks.
Ms Villiers explained: “The most obvious area of concern in the political arena at the moment is this recruitment of prominent politicians, mostly retired, but also civil servants into positions in Chinese business.
“Because of (China’s) pan-state approach these firms are legally obligated under Chinese law to cooperate with the Government’s international policies and its espionage efforts.”
Professor Steve Tsang, director of the SOAS China Institute in London, explained how universities are “places where people exchange ideas, do research, think outside the box and do innovative and innovative things” and are not “designed and equipped to protect national security”. .
Therefore, the Government must “take the lead on that”.
“When you go into your scientific and technological research, there’s a real element of collaboration and academic collaboration, which can create synergy and push boundaries,” he said.
“China has very good scientists and engineers who can collaborate with the best institutions in Britain in that area of technology.”
But “green areas” can emerge.
“What is legitimate and acceptable is a definition of national security,” he said.
Some Chinese academics would not undertake collaborative projects with UK institutions, doing so in order to obtain secrets under the instructions of the Chinese state.
However, if they are later asked to pass on Beijing’s research data, they would have to do so under President Xi Jinping’s decree, according to experts.
A number of other researchers, from institutions believed to be affiliated with the People’s Liberation Army, are thought to have been sent to Britain specifically to gather information.
It is believed that China is looking not only for research and technological innovation, especially from STEM centers of excellence, but also from the development of ideas, in higher education institutions, think tanks and other non-governmental organizations, which can contribute to Government policies.
Many state actors also plan their operations based on their own domestic practices, traditions and laws.
So Chinese hackers may assume that some academics are working for the UK Government, even if they are not, and therefore target them, perhaps for their intellectual property.
Ms Villiers said there was a move away from past situations where some universities could take Chinese money “without asking too many questions”, and “almost a blind eye” to the potential long-term national security risks. .
“But we need to see more from the business community in London and from our scientists and academics as well,” she said, regarding cyber security.