China poses genuine and increasing cyber security risk to UK, says GCHQ director
OEIS cyber security Investigator:
OEIS cyber security Investigator: GCHQ director Anne Keast-Butler uses her first major public speech to warn that China poses a significant cyber security threat to the UK
China poses a genuine and increasing cyber risk to the UK, the director of Britain’s electronic intelligence gathering agency said today.
Anne Keast-Butler used her first major public speech as director of GCHQ to call out China’s development of hostile hacking capabilities.
The warning reflects concerns by western intelligence agencies that the People’s Republic of China (PRC) is increasingly working with non-state cyber organisations to boost its hacking capabilities.
She warned that China’s “coercive and destabilising” actions posed a significant threat to the UK and other western countries. “In cyber space, we believe that the PRC’s irresponsible actions weaken the security of the internet for all,” said Keast-Butler. “China has built an advanced set of cyber capabilities, and is taking advantage of a growing commercial ecosystem of hacking outfits and data brokers at its disposal.”
The government has called out Chinese hackers for threatening the security of the UK in recent months.
These include a campaign by a Chinese state-sponsored hacking group that targeted the email accounts of over 40 UK parliamentarians that had spoken out against China.
Chinese state-sponsored hackers were also responsible for compromising the Electoral Commission between 2021 and 2022.
OEIS cyber security Investigator: Vulnerabilities stockpiled
The Chinese government is stockpiling security vulnerabilities to use in future hacking attacks, according to cyber security officials.
Under Chinese law, Chinese companies and cyber security organisations are required to report newly discovered security vulnerabilities to the Chinese government.
A Chinese hacking competition due to take place in June 2024, for example, is offering $2.5m in prize money for exploits and vulnerabilities in software, operating systems, and network and security equipment.
Western intelligence agencies are concerned that Chinese state-sponsored hacking groups are gaining access to the computer networks of energy, electricity and other critical services providers to use as potential political leverage.
They warn that the groups are installing hacking capabilities that could be used at a later date to threaten to disrupt critical infrastructure of western countries.
Harry Coker, national security director at the White House, said in a speech today that the Chinese People’s Liberation Army has invested “tremendous” resources in a cyber programme “to hold critical civilian infrastructure at risk”.
“In a crisis or conflict scenario, China could use their pre-positioned cyber capabilities to wreak havoc in civilian infrastructure and deter US military action,” he said. “Make no mistake, this is a global challenge. China’s ambitions to use its cyber power coercively extends far beyond the United States.”
OEIS cyber security Investigator: Greatest risk
Felicity Oswald, CEO of the National Cyber Security Centre (NCSC), the UK’s technical authority on cyber security, added that alongside China, Russia and North Korea continue to pose the greatest risk to the UK and its allies.
“China poses a systemic challenge to our values and interests, a challenge that grows more acute as the country moves towards even greater authoritarianism,” she said, speaking at the NCSC’s Cyber UK conference.
She singled out the Chinese Volt Typhoon hacking group, which she said could be laying the groundwork for disruptive or destructive cyber attacks.
Volt Typhoon has targeted multiple CNI operators in the US Pacific island territory of Guam, close to Taiwan, and also across the US.
They include communications services providers, manufacturers, utilities, transport operators, construction firms, IT companies, educational institutions and government bodies.
There has been no indication that Volt Typhoon has targeted organisations in the UK, but Oswald said the group served as a clear warning about China’s intent to hold essential networks at risk. “And it is a warning that providers of essential services in the UK cannot afford to ignore,” she added.
Read more on Hackers and cybercrime prevention
NCSC reaffirms guidance for those at risk of Chinese state hacking
By: Alex Scroxton
US authorities charge seven over Chinese hacking
By: Alex Scroxton
Chinese hackers responsible for two ‘malicious’ cyber campaigns against UK
By: Bill Goodwin
Britain’s democracy under threat from Chinese cyber attackers, government warns
By: Bill Goodwin