London needs to 'wake up' to scale of spying, IP theft and interference ops threat by China, says senior MP
London needs to “wake up” to the scale and severity of the threat of espionage, intellectual property theft and interference operations by China, a leading parliamentarian warned.
Former Cabinet minister Theresa Villiers, who sits on Parliament’s Intelligence and Security Committee, stressed that China is targeting the capital “prolifically” as it seeks to gain economic, political or military advantage.
Parliament, Government departments in Whitehall and beyond, leading universities, the City and company HQs make the city a target-rich ecosystem for State cyber attacks.
Speaking to The Standard, Ms Villiers, Conservative MP for Chipping Barnet, said: “London needs to wake up to the scale of the risk posed by China, to our prosperity, our science and technology and our cyber security.
“We are targeted prolifically by China.”
Stressing the need to create a “difficult operating environment” for malign activity, she added: “We do need to be more resilient than we are at the moment..that’s across the board in London.
“I fear that most of us don’t appreciate the scale of the risk.
“The concern is it might take some type of very significant cyber attack to really make London realise what the risks are and how important this issue is.”
Chinese cyber attacks have become far more sophisticated in recent years.
Operations are often very carefully planned as companies and individuals in targeted countries have become far more cyber security aware.
In the Square Mile, law firms, accountants, audit firms and other professional services companies may be picked out given the high-level of regulation, including on resilience, for banks whose computers may be harder to hack.
Chinese state-based actors are understood to have shown a particular interest in stealing secrets on mergers and acquisitions which could give its state-owned enterprise in China a competitive advantage.
Some law firms may be targeted given all the documents on their systems about business deals, others due to them representing Chinese dissidents.
If a hacker gets access to a legal computer network they can then use it to then attack their main target, as a fake email from the latter’s lawyer would be unlikely to arouse suspicions.
London’s openness as a financial centre is one of its great strength but could also leave it vulnerable to attacks or to transferring funds for influencing operations.
A sizeable number of FTSE 100 and other companies, with headquarters in London, are likely to be on Beijing’s radar, including AI unicorns and smaller artificial intelligence firms, as well as those specialising in microchip developments, rare minerals and other key technologies.
In the past, Chinese cyber hackers may have sent a wave of phishing emails to try to gain access to a computer system to harvest intellectual property.
Now, they are more likely to try to calibrate what would be an effective but not too obvious number, so rather than 100 as someone might sound the alarm, or just a few as these may get ignored, a dozen or so might fulfil the operation’s aims.
Supply chains, IT and other technology companies may also be targeted as an easier back door into a major business.
Some multi-nationals will have supply chains with hundreds of firms and one weakness may be enough for hackers to get in.
Once a system is breached, state-bassed actors may remain hidden inside it for months, or even years, showing strategic patience to play a “long game”.
The Electoral Commission was hacked in August 2021 but it was only alerted to the breach in October 2022.
The Covid pandemic also saw a vast number of companies rushing to cobble together IT systems so their staff could work from home.
These networks, given the speed at which they were put together, may not have been the most secure and might also not be seen as a priority by bosses to go back and recheck to ensure they do not have flaws which could be exploited.
Parliament and Whitehall are key targets for Chinese cyber missions.
Cyber security in the Palace of Westminster has been significantly tightened over the years.
But Commons select committees, particularly those with an interest in China, as well as individual MPs and peers, are believed to be targeted by Beijing.
Chinese spies will have an eye on parliamentarians who could provide information on future Government policy, with the Foreign Office, Ministry of Defence and other parts of Whitehall facing a sustained cyber attack threat.
Ms Villiers explained: “The most obvious area of current concern in relation to the political field is this recruitment of prominent, in the main retired politicians, but also civil servants into positions in Chinese business.
“Because of (China’s) whole-of-state approach those businesses are legally obliged under Chinese law to co-operate with the Government of China’s international policies and its espionage efforts.”
Professor Steve Tsang, director of the SOAS China Institute in London, explained how universities are “places where people exchange ideas, conduct research, think outside the box and do innovative and inventive things” and are not “designed and equipped to protect national security”.
So, the Government has to “take the lead on that”.
“When you get into your scientific and technological research, there is a genuine element of academic collaboration and co-operation, which can produce synergy and push boundaries,” he stressed.
“China does have very, very good scientists and engineers who are able to co-operate with the best British institutions in that kind of technological field.”
But “grey areas” can emerge.
“What is legitimate and acceptable is a matter of national security definition,” he added.
Some Chinese academics doing collaboration projects with UK institutions, would not be doing so to gain secrets on the instructions of the Chinese state.
If they are later asked, though, to pass on details of the research by Beijing, they would have to do so under president Xi Jinping’s decrees, according to experts.
Some other researchers, from institutions believed to be affiliated to the People’s Liberation Army, are suspected to have been sent to Britain to specifically to garner information.
China is believed to seek out not only research and technological breakthroughs, particularly from centres of STEM excellence, but also the development of ideas, in higher education institutions, think tanks and other non-governmental organisations, which could feed through into Government policies.
Many state actors also plan their operations based on their own domestic practices, traditions and laws.
So Chinese hackers may assume that some academics are doing work for the UK Government, even if they are not, and so target them, possibly for their intellectual property.
Ms Villiers said there had been movement away from situations where some universities may have taken Chinese money in the past “with few questions asked”, with “almost a blind eye turned” to what the long-term national security risks might be.
“But we absolutely need to see more from the business community in London and from our scientists and academics as well,” she added, on cyber security.
