Page:ISC-China.pdf/147

Methodology: Covert the authorities and industry representatives were aware of the threat in order to limit any potential damage:

"It's difficult, I think, in that circumstance to prevent people from coming often to those defence exhibitions which are not MOD controlled; [they] are often commercial activities. *** China is an exporter of weapons, sells about 5% of the world's exports currently …

*** banning those Chinese companies who of course have a commercial right to be able to sell their goods would be a difficult thing to achieve."

Equipment Interference (EI) (described in Part One of the Report) refers to techniques used to obtain communications, equipment data or other information from a range of types of equipment. It is, relatively speaking, a low-cost means of acquiring IP and data—it can be conducted remotely, deniably and at-scale, and as such is a technique highly valued by China.

In 2015, the UK and China signed an agreement that prohibited cyber-enabled theft for commercial (rather than strategic) advantage. China subsequently made similar bilateral declarations with the United States, G20, Australia and Germany. ***.

We were told that there was frequent Chinese cyber targeting of UK companies and academic organisations, much of which ***. Chinese cyber victims include those with legitimate relationships with Chinese partners on science and technology ***. ***. ***. As well as conducting EI against UK-based organisations, the Committee was told that attacks have included targeting Academia, as well as supply chains and third-party service providers (including Managed Service Providers for instance, companies which provide outsourced IT functions). EI can be used to obtain technical information or to harvest Bulk Personal Datasets ***. ***.