Page:ISC-China.pdf/155

Rh as we get into places where Chinese investments in our economy are as much of a threat as Intellectual Property stolen across a cyber domain or by a spy, that is a deeper and broader issue ***

… a lot of the damage, some of it is not deeply clandestine, some of it is sort of hiding in plain sight—but trying to form wise judgements across the whole of Government and beyond, into Academia and elsewhere, is a genuinely difficult challenge and that is where I think we will face, over the next few years, some really interesting things about how do we build that teamwork to meet a whole-of-state Chinese approach with, as it were, a whole-of-nation, UK approach.

The answers are not always straightforward, but it is the changing nature of it—well beyond, as it were, the intelligence domain—that is the trickiest part.

As noted in the main body of the Report, MI5, CPNI, and GCHQ (through the NCSC), provide vital advice on protective security and cyber security to Industry, with a view to increasing the UK’s resilience to threats (including from China). MI5 highlighted the importance of this engagement:

We need to have a resilient, well-protected, well-educated industrial base that protects itself in its dealings with China, and we obviously do, I think, a good and professional job in using the finite operational capacity that we have *** the worst and most damaging parts of what’s going on…

In July 2019, the Chief Executive Officer of the NCSC told the Committee: "In our role trying to defend the UK from cyber-attacks, China's ambitions to steal IP is one of the principal things that we worry about." One of NCSC's key tasks is therefore to engage with Industry in order better to understand the vulnerabilities in their systems and to share information about threats they may face. While much of the information they provide is 'actor-agnostic', it is highly applicable to the cyber threat from China.

Examples of NCSC's recent work with Industry include collaborating with small Voice over Internet Protocols providers to improve their protection against cyber attacks;