London must “wake up” to the scale and seriousness of the threat from China of espionage, intellectual property theft and interference operations, a leading MP has warned.
Former Cabinet minister Theresa Villiers, who sits on Parliament’s Intelligence and Security Committee, stressed that China was “productively” targeting the capital to gain economic, political or military advantage.
Parliament, Government departments in Whitehall and beyond, leading universities, the City and corporate headquarters make the city a target-rich ecosystem for State cyber attacks.
Speaking to The Standard, Ms Villiers, Conservative MP for Chipping Barnet, said: “London needs to wake up to the extent of the risk posed by China, to our prosperity, our science and technology and our cybersecurity.
“We are being heavily targeted by China.”
Emphasizing the need to create a “tough operating environment” for malicious activity, he added: “We need to be more resilient than we are at the moment. This is a general situation in London.”
“I’m afraid most of us don’t appreciate the extent of the risk.
“The concern is that it may take a very significant cyber attack to make London realize what the risks are and how important this issue is.”
Chinese cyber attacks have become much more sophisticated in recent years.
Operations are often planned very carefully as companies and individuals in targeted countries become much more cybersecurity conscious.
In the Square Mile, law firms, accountants, auditing firms and other professional services companies may be chosen given their high level of regulation, including flexibility for banks whose computers may be more difficult to hack.
Chinese state-based actors appear to have shown particular interest in stealing secrets related to mergers and acquisitions that could provide a competitive advantage to state-owned enterprises in China.
Some law firms may be targeted given all the documents related to business deals in their systems, while others may be targeted because they represent Chinese dissidents.
If a hacker gains access to a legitimate computer network, he can use it to attack his primary target, since a fake email from the latter’s lawyer is unlikely to raise suspicion.
London’s openness as a financial center is one of its greatest strengths, but it can also leave it vulnerable to attacks or the transfer of funds to influence operations.
A large number of FTSE 100 and other companies headquartered in London are likely to be on Beijing’s radar, including AI unicorns and smaller AI firms, as well as companies specializing in microchip developments, rare minerals and other key technologies.
In the past, Chinese cyber hackers may have sent a wave of phishing emails to try to gain access to a computer system to obtain intellectual property.
Now, it’s more likely that they’re trying to calibrate an effective but not-so-significant number; so instead of 100 or a few negligible people needed for someone to sound the alarm, a dozen or so can fulfill the purpose of the operation. Their purpose.
Supply chains, IT and other technology companies can also be targeted as an easier backdoor into a large business.
Some multinational companies will have supply chains spanning hundreds of firms, and a single weakness could be enough for hackers to get in.
Once a system is breached, state-based actors can remain hidden within the system for months or even years, exercising strategic patience to play the “long game.”
The Electoral Commission was hacked in August 2021 but was only alerted to the breach in October 2022.
The Covid pandemic has also seen many companies look to bring their IT systems together so their staff can work from home.
Given the speed at which they are put together, these networks may not be the most secure, and they may also not be seen as a priority for bosses to go back and recheck to make sure they don’t have flaws that could be exploited.
Parliament and Whitehall are the main targets of Chinese cyber missions.
Cybersecurity at the Palace of Westminster has been tightened significantly over the years.
But select committees of the House of Commons, particularly those dealing with China, as well as individual MPs and colleagues are believed to be targeted by Beijing.
Chinese spies will be on the lookout for MPs who can provide information on the Government’s future policy, with the Foreign Office, Ministry of Defense and other parts of Whitehall facing the constant threat of cyber-attacks.
Ms Villiers explained: “The most obvious area of current concern in the political sphere is the recruitment of leading retired politicians as well as civil servants into positions in the Chinese business community.
“Due to (China’s) whole-of-government approach, these businesses are legally obligated under Chinese law to cooperate with the Chinese Government’s international policies and its espionage efforts.”
Professor Steve Tsang, director of the SOAS China Institute in London, explained how universities are “places where people exchange ideas, do research, think outside the box, do innovative and creative things” and are “not designed and equipped to protect national security”. .
Therefore, the government needs to “lead this.”
“When you start your scientific and technological research, there is a real element of academic cooperation and collaboration that can produce synergies and push boundaries,” he emphasized.
“China has very, very good scientists and engineers who can collaborate with the best British institutions in such technological areas.”
However, “gray areas” may arise.
“What is legitimate and acceptable is a matter of defining national security,” he added.
Some Chinese academics undertaking collaborative projects with UK institutions are not doing so to gain secrets about Chinese state instructions.
But if they are later asked by Beijing to provide details of the research, they will have to do so according to President Xi Jinping’s decisions, experts say.
It is suspected that some researchers from institutions believed to be affiliated with the People’s Liberation Army were sent to the UK specifically to gather information.
China is believed to be seeking not only research and technological breakthroughs, especially from STEM centers of excellence, but also the development of ideas that can contribute to Government policies in higher education institutions, think tanks and other non-governmental organizations.
Many state actors also plan their operations according to their own internal practices, traditions and laws.
Chinese hackers may therefore assume that some academics work for the UK Government, even if they do not, and possibly target them for their intellectual property rights.
Ms Villiers said they had moved away from situations where some universities might have received Chinese money in the past by “asking a few questions” and “almost ignoring” what the long-term national security risks might be.
“But we definitely need to see more from the business community, our scientists and academics in London,” he added on cybersecurity.