Page:ISC-China.pdf/102

CHINA blocking of Western web services and applications, and the dominance of Chinese apps ***

Equipment Interference (EI) describes a range of techniques that may be used lawfully to obtain communications, equipment data or other information from equipment. In plain English, most people would call this 'hacking'; however, the Intelligence Community avoid this term because it lacks a formal legal definition and is widely used to imply illegal activity. EI is the official term used for such activity within the Investigatory Powers Act 2016 and associated Codes of Practice. This replaces the previous term 'Computer Network Exploitation'.

EI can be carried out remotely or by physically interacting with the equipment, and may include interference with computers, servers, routers, laptops, mobile phones and other devices, as well as cables, wires and storage devices.

EI can vary in complexity. Examples of EI might include:

covertly downloading data from a subject mobile device when it is left unattended; using login credentials to gain access to data held on a computer; exploiting existing vulnerabilities in software to gain control of devices or networks; or remotely extracting material and monitoring the user of the device.

Even without the challenges of Chinese surveillance, the sheer size of the Chinese state presents a significant challenge when it comes to gaining coverage. It can be extremely difficult to keep track of the vast host of Chinese ministries and party organs, the status of which within the Chinese Communist Party and government is constantly evolving. ***.

KK. It is clear that both GCHQ and SIS face a formidable challenge in relation to China. What we were unable to assess—without the specific requirements set for the Agencies or any idea of the prioritisation of the 'outcomes' within the Intelligence Outcomes Prioritisation Plan—is how effective either Agency is at tackling that challenge. As a result of pressures placed on civil servants during the Covid-19 pandemic—including fewer people in offices with access to the necessary IT systems—the Cabinet Office has not measured the Agencies' success against its requirements, and so neither the Government nor Parliament has any assurance about their effectiveness.