Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
China poses a “genuine and increasing cyber risk to the UK”, the head of Britain’s signals intelligence agency has said.
The remarks by Anne Keast-Butler, director of GCHQ, follow a slew of alleged China-related espionage activity in the UK, including a suspected cyber attack that targeted the records of thousands of British military personnel.
Keast-Butler told a security conference in Birmingham on Tuesday that while the cyber threats from Russia and Iran were “globally pervasive” and “aggressive” respectively, China was her agency’s top priority.
“China poses a genuine and increasing cyber risk to the UK,” she said, calling the country “the epoch-defining challenge” in a direct echo of the British government last year.
“In cyber space, we believe that the PRC’s [People’s Republic of China’s] irresponsible actions weaken the security of the internet for all,” said Keast-Butler.
“China has built an advanced set of cyber capabilities and is taking advantage of a growing commercial ecosystem of hacking outfits and data brokers at its disposal,” she added.
Her warnings came a week after a reported cyber attack on private IT contractor SSCL, which has multiple government contracts, accessed the records of up to 272,000 people on the UK Ministry of Defence’s payroll.
Defence secretary Grant Shapps told parliament last week that the attack had been carried out by a “malign actor”. He did not confirm who was behind it, but a person with direct knowledge of the incident said Beijing was thought to be the culprit.
SSCL, which is owned by Paris-based Sopra Steria, a digital services company, holds the payroll details of most of the British armed forces and 550,000 public servants in total through its other state contracts, including with the Home Office, Ministry of Justice and Metropolitan Police.
The hack is one of a series of recent incidents that has sparked growing concern across Europe and in the US about Chinese cyber and espionage activity.
On Monday, UK Prime Minister Rishi Sunak said Britain faced threats from “an axis of authoritarian states like Russia, Iran, North Korea, and China” as three men appeared in a London court on charges of assisting intelligence services in Hong Kong.
On Tuesday, the UK government summoned China’s ambassador to Britain, Zheng Zeguang, over the case.
John Lee, Hong Kong’s chief executive, on Tuesday said his administration had demanded the British government provide an explanation about the prosecution of one of the three men, Bill Yuen, who was the office manager of the Hong Kong Economic and Trade Office in London.
Beijing officials have also repeatedly denied the British accusations, calling them “groundless and slanderous” in what has become a tit-for-tat series of allegations and denials.
Meanwhile, Felicity Oswald, who heads the National Cyber Security Centre, a branch of GCHQ, warned CyberUK conference attendees about the Chinese Communist party’s cyber capability, which she described as “vast in scale and sophistication”.
She said western security agencies had repeatedly raised the alarm about Volt Typhoon, a Chinese hacking network, which FBI director Christopher Wrap said this year had targeted the US electricity grid and water supply.
Oswald added that a Chinese law, introduced in recent years, that required Chinese citizens to report any cyber security vulnerabilities they identified to the government “should worry all of us”.