Page:ISC-China.pdf/147

From Wikisource
Jump to navigation Jump to search
This page has been proofread, but needs to be validated.
Methodology: Covert
  1. the authorities and industry representatives were aware of the threat in order to limit any potential damage:

    It's difficult, I think, in that circumstance to prevent people from coming often to those defence exhibitions which are not MOD controlled; [they] are often commercial activities. *** China is an exporter of weapons, sells about 5% of the world's exports currently …

    *** banning those Chinese companies who of course have a commercial right to be able to sell their goods would be a difficult thing to achieve.[1]

Cyber
  1. Equipment Interference (EI) (described in Part One of the Report) refers to techniques used to obtain communications, equipment data or other information from a range of types of equipment. It is, relatively speaking, a low-cost means of acquiring IP and data—it can be conducted remotely, deniably and at-scale, and as such is a technique highly valued by China.[2]
  2. In 2015, the UK and China signed an agreement that prohibited cyber-enabled theft for commercial (rather than strategic) advantage. China subsequently made similar bilateral declarations with the United States, G20, Australia and Germany.[3] ***.[4]
  3. We were told that there was frequent Chinese cyber targeting of UK companies and academic organisations, much of which ***. Chinese cyber victims include those with legitimate relationships with Chinese partners on science and technology ***.[5] ***.[6] ***.[7]
  4. As well as conducting EI against UK-based organisations, the Committee was told that attacks have included targeting Academia, as well as supply chains and third-party service providers (including Managed Service Providers for instance, companies which provide outsourced IT functions).[8] EI can be used to obtain technical information or to harvest Bulk Personal Datasets ***.[9] ***.[10]
  1. Oral evidence—DI, *** December 2020.
  2. Written evidence—HMG, 18 April 2019.
  3. 'Agreements on commercial cyber espionage: an emerging norm?', Lawfare, 4 December 2015; Hacking for Ca$h', Australian Strategic Policy Institute, 25 September 2018.
  4. Written evidence—HMG, 14 September 2020.
  5. Written evidence—JSTAT, June 2019.
  6. Written evidence—HMG, 30 August 2019.
  7. Written evidence—HMG, 30 August 2019; Written evidence—JSTAT, August 2019.
  8. Written evidence—HMG, 18 April 2019.
  9. Oral evidence—HMG, *** October 2020. Bulk Personal Datasets would be, for instance, medical records, travel records or the HR data held on file by an institution or a company. An extreme example of such exfiltration is the 2014 hack of the US Office of Personnel Management which held all of the information supplied by government employees and contractors in order to undergo security vetting. This meant that the exfiltration (believed to have been perpetrated by the Chinese state) allowed access to extremely personal information (including drug use, debt levels and sexuality) about individuals who had access to classified material, potentially making them vulnerable to black mail.
  10. Written evidence—HMG, 18 April 2019.

137

Retrieved from "https://en.wikisource.org/w/index.php?title=Page:ISC-China.pdf/147&oldid=13479513"