Page:ISC-China.pdf/46

CHINA The UK Intelligence Community judge that their understanding of Chinese Computer Network Exploitation capability—for instance "how they use that to hack, to hack and leak, to manipulate, to manage their campaigns"—had *** since the National Cyber Security Centre (NCSC) was set up in 2016. Western governments have, on the whole, been reticent about publicly attributing cyber attacks to China. However, in December 2018, the UK and US governments publicly attributed a series of major cyber attacks to the MSS, ***

We question whether it is yet having a 'deterrent effect'. On 19 July 2021, the FCDO issued a press release that attributed another cyber attack to Chinese state-backed actors. The statement read:

"The UK is joining likeminded partners to confirm that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The Foreign Secretary condemned China, commenting: "The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not.""

We asked GCHQ whether it viewed China's offensive cyber capabilities as a similarly significant threat and were told that China has offensive cyber capabilities ***.

The ChIS also have the capability to deploy what are known as close-proximity technical operations ***. This is offensive technical activity that requires physical access or proximity to a target, whether to gain access to premises (e.g. alarm defeats) or to acquire intelligence (e.g. eavesdropping, physical surveillance, cable-tapping or digital forensics).*** ***

I. In terms of espionage, China's human intelligence collection is prolific, using a vast network of individuals embedded in local society to access individuals of interest—often identified through social media. It is also clear from the evidence we have seen that China routinely targets current and former UK civil servants ***. While there is good awareness of the danger posed, it is vital that vigilance is maintained.

J. In relation to the cyber approach, whilst understanding has clearly improved in recent years, China has a highly capable cyber—and increasingly sophisticated cyberespionage—operation: however, this is an area where the 'known unknowns' are concerning. Work on continuing coverage of its general capabilities must be maintained alongside further work on Chinese offensive cyber and close-proximity technical operations.