China poses ‘genuine and increasing’ cyber risk to UK, GCHQ chief warns
Anne Keast-Butler said China has an ‘advanced set of cyber capabilities’, and also has commercial hacking outfits and data brokers at its disposal.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The “irresponsible actions” of Chinese state-backed hackers are making the internet less secure for the world, a British spy chief warned.
GCHQ director Anne Keast-Butler said responding to the “coercive and destabilising actions” of the People’s Republic of China (PRC) was her “top priority”.
She also highlighted the “immediate threats” posed by Russia and Iran, carrying out actions ranging from cyber attacks, espionage and surveillance.
But the scale of the challenge from Beijing meant GCHQ devotes “more resource to China than any other single mission”.
In a speech at the Cyber UK conference in Birmingham, she said: “Through their coercive and destabilising actions, the PRC poses a significant risk to international norms and values.
“In cyberspace, we believe that the PRC’s irresponsible actions weaken the security of the internet for all.
“China has built an advanced set of cyber capabilities, and is taking advantage of a growing commercial ecosystem of hacking outfits and data brokers at its disposal.
“China poses a genuine and increasing cyber risk to the UK.”
China wanted to shape global technology standards and assert its dominance in the field within the next 10 to 15 years, she said.
The UK was working with its Five Eyes intelligence allies – the US, Canada, Australia and New Zealand – on the challenges, she said.
She added: “We have repeatedly called out Chinese cyber adversaries for activities that threaten the security of the UK or target the institutions important to our society, such as the compromise of the UK Electoral Commission.”
On Russia, the GCHQ chief said there were “growing links” between Vladimir Putin’s intelligence services and proxy groups to conduct “cyber attacks, as well as suspected physical surveillance and sabotage operations”.
Previously, Russia “simply created the right environment” for these groups, but it was now “nurturing and inspiring these non-state cyber actors, in some cases seemingly co-ordinating physical attacks against the West”.
The threat from Russia was “acute and globally pervasive”, Ms Keast-Butler warned.
She said GCHQ continued to strengthen Ukraine’s cyber capabilities and shared vital intelligence to expose “Putin’s malign plans” and reliance on states including China, North Korea and Iran.
She said Iran was also “aggressive in cyberspace” and “actors associated with the state had been implicated in attacks against victims in many countries”.
Tehran was continuing to develop cyber espionage expertise alongside “disruptive and destructive” capabilities.
“Whilst they might not always use the most advanced capabilities to conduct their operations, they should not be underestimated,” she added.
The National Cyber Security Centre’s chief, Felicity Oswald, also raised concerns about China’s online activity and urged network managers to bolster their defences.
She said: “The Chinese authorities have introduced a new law requiring the discovery of security vulnerabilities to be provided to the government as a priority and at risk of severe penalty. This should worry all of us.”
She said the UK, US and allies had warned about the activity of the Volt Typhoon cyber group “which could be laying the groundwork for disruptive and destructive cyber attacks”.
“This is a clear warning about China’s intent to hold essential networks at risk,” she said.
“And it is a warning that providers of essential services in the UK cannot afford to ignore.”
Harry Coker, the White House’s national cyber director, said China’s People’s Liberation Army (PLA) “has invested tremendous resources in building up their cyber programme” and was intent on embedding capabilities in foreign states’ civilian infrastructure to “wreak havoc” at a time of crisis.
“The US government has already identified and disrupted the PLA’s efforts to pre-position on our critical infrastructure networks and we are going to keep pushing back,” he said.