Page:ISC-China.pdf/175

Rh is recognised that physical access would help facilitate cyber attacks, which could cause disruption. In 2016, a review by a Government 'Red Team'—made up of representatives from ***—assessed that ***. The UK Intelligence Community told the Committee that ***.

Witnesses emphasised that a cyber attack is not contingent on having direct access to infrastructure. NCSC noted that, in the cyber world, "it is no longer something about physical presence, actually there are many different ways you can access this data". The point was reiterated by MI5, who noted that "it is much, much, cheaper to sit outside [it] with a laptop than it is to buy a nuclear power station". ***.

***. The long-term nature of Civil Nuclear CNI means that HMG must be alert to the potential for threats to emerge in future if circumstances change ***. Such a threat therefore should not be discounted.

In November 2019, an article in The Telegraph alleged that there had been an attack against an unspecified UK nuclear facility. We questioned the NCSC, who noted that there was not enough information in the original article to definitively link it to an incident they had dealt with, but stated that "none [of the cyber attacks against the UK Civil Nuclear sector] were deemed to have triggered what the press reports described as a 'security crisis'".

While we recognise that the threat of disruption is less likely, the threat of leverage is very real: the fact that China will be able to exert some control over the UK's Critical National Infrastructure will complicate the Government's calculations in its broader approach to China. In other words, it may not be possible to separate the Civil Nuclear sector from wider geopolitical and diplomatic considerations.

As with telecommunications (until the reversal of policy on Huawei), the UK Government appears to be out of step with the United States (US) with regard to the threat of Chinese espionage in relation to the Civil Nuclear sector. According to the Sunday Times, the Allen Ho case prompted "a full-scale review by the US National Security Council, which led to new rules blocking CGN from acquiring American technology", and the US added CGN to the Entity List in August 2019, thereby barring US companies from selling