MPs on the Intelligence and Security Committee published a report earlier this summer raising a range of concerns, including what it described as a ‘revolving door’ between government and Huawei
Ministers have acknowledged the scale of the threat posed to UK security by Chinese intelligence-gathering but have claimed that a new government cyber-resilience programme and app to help vet potentially online connections.
Government has published its 15,000-word response to a report on the risks posed by China and published this summer by MPs on parliament’s Intelligence and Security Committee. The response revealed that security service MI5 is now running seven times as many investigations into Chinese activity compared with 2018 “and plans to grow further”.
It added that China poses a “systemic challenge” to the UK’s security, prosperity, and values and described Beijing’s human-intelligence collection as “prolific”.
“The intelligence community is acutely aware and vigilant regarding China’s targeting of current and former civil servants and a range of mitigations are in place in order to minimise the risk,” the report to the ISC said. “A robust personnel vetting regime is in place to ensure the identification and management of risks arising from staff with access to sensitive government assets and intelligence. Those with security clearance are re-vetted throughout their careers. This re-vetting aims to ensure that those who may be susceptible to pressure or improper influence – or who may even actively seek to act on behalf of a foreign intelligence service – are identified.”
- How GovAssure is bringing ‘rigour and objectivity’ to departments’ cyber credentials
- Analysis: Public sector cyber contracts have doubled since Covid
- Government’s cyber plan delivers ‘a complete revolution in how we provide assurance’
The official response cited the Cabinet Office’s GovAssure cyber-assurance regime, Advisory Committee on Business Appointments rules for former officials and ministers, and an app created to help users of networking sites identify fake profiles as other safeguards.
First unveiled last year, GovAssure will, for the first time, require all Whitehall departments undergo independent audits of their cybersecurity measures. PublicTechnology revealed earlier this year that the Home Office and the then Department for Business, Energy and Industrial Strategy were the first departments to undergo the audits, after which each was scheduled to receive “receive a ‘get well’ report listing current vulnerabilities which will then allow it to spend its cyber budget more effectively and to mitigate specific risks quickly”, commercial documents revealed.
The “Think Before You Link” app, meanwhile, was launched last year and makes it easier for users of sites such as LinkedIn and Facebook to spot fake profiles used by so-called “malicious actors”, including those from the Chinese intelligence services.
The ISC report said government and the security community had been slow to act in countering the multi-faceted threats posed by China and that focus was still “dominated” by short-term or acute threats.
Committee members said there appeared to have been a “revolving door” between the government and telecoms giant Huawei. They also voiced “serious concerns” about the opportunity for espionage posed by Chinese involvement in the UK’s civil nuclear sector.
Members said the UK was now “playing catch-up” and the whole of government had its work cut out to understand and counter the threat from China.
“The government must adopt a longer-term planning cycle in regards to the future security of the UK if it is to face Chinese ambitions, which are not reset every political cycle,” committee members said. “Responsibility for addressing the more overt aspects of the threat seems to rest with Whitehall policy departments: however, there is no evidence that those departments have the necessary resources, expertise or knowledge of the threat to counter China’s approach.”