MI5 establishes new security agency to counter Chinese hacking, espionage
MI5 is to set up a new agency to help British businesses protect themselves against Chinese espionage and state-sponsored hacking.
UK Prime Minister Rishi Sunak will reveal the news later today, as part of Britain’s updated diplomatic and defense strategy on China, The times reports.
Sunak will unveil a new “National Protective Security Authority” which will sit within MI5. It aims to give companies and universities advice on how to deal with industrial espionage.
Officials have reportedly compared the new agency to the National Cyber Security Center (NCSC) which was established by GCHQ in 2016 as a central authority tasked with protecting the nation from cyber security threats.
It also offers routine guidance to organizations and the wider public on cyber security best practices.
The National Protective Security Authority will be able to help organizations by providing advice on how to deal with Chinese companies, how to do business in China, or how to buy equipment from companies located in the country.
The motivation for the creation of the agency is believed to be born out of long-standing concerns about China and its history of carrying out sophisticated cyber attacks against organizations in the West.
The government’s new authority will also provide guidelines on how to approach Huawei or Hikvision, although it is not yet clear what these are.
It was decided that Huawei’s equipment would be removed from the UK’s 5G network in 2020 to protect national security, a move encouraged by US sanctions against the Chinese company.
In July 2022, a group of MPs also called for Chinese surveillance equipment companies such as Hikvision to be banned from the UK, expressing concerns about the company’s ethics and security.
Finally, the new agency is expected to provide guidance on acquisitions in “sensitive” industries. In July 2021, an MP raised concerns about Chinese-owned Nexperia acquiring Newport Wafer Fab (NWF), a Welsh semiconductor company.
MP Tom Tugendhat said at the time that he was surprised the deal had taken place without being reviewed under a National Security and Investment Act.
“The semiconductor industry sector falls under the scope of the legislation, the very purpose of which is to protect the country’s technology companies from foreign takeovers when there is a significant risk to economic and national security,” he said.
“The government has yet to explain why we are turning a blind eye to the UK’s biggest semiconductor foundry falling into the hands of an entity from a country with a track record of using technology to create geopolitical influence.”
China’s Hacking History
China’s state-backed hackers have long been known for their attacks on high-value organizations and universities, often with the intent of stealing information.
Recent examples include the attack on News Corp in February 2022 – China was initially blamed as the force behind it which saw employee emails and other business documents stolen.
Mapping the digital attack surface
Why global organizations struggle to manage cyber risk
In February this year, it was revealed that the China-linked hackers went unnoticed in the organization’s network for two years.
Further back, state-backed Chinese and Russian hackers were accused of targeting vaccine data during the COVID-19 pandemic. The attack on the vaccine supplier Moderna attracted worldwide attention in 2020.
In 2021, the National Cyber Security Center (NCSC) revealed that it played an important role in vaccine delivery, helping by intervening in cyber incidents and protecting individuals in the healthcare sector. It handled 777 incidents that year, with 20% of them focused on the healthcare industry or companies involved in vaccine rollout.
Storage’s role in meeting the challenges of ensuring cyber resilience
Understanding the role of data storage in cyber resiliency
What bank CEOs need to know when considering bank-specific cloud solutions
Gives banks a way to evaluate industry-specific clouds’ value proposition
Cost of a data breach report 2022
Discover the factors to reduce breakage costs
Four steps to better business decisions
Determine where data can help your business