as we get into places where Chinese investments in our economy are as much of a threat as Intellectual Property stolen across a cyber domain or by a spy, that is a deeper and broader issue ***
… a lot of the damage, some of it is not deeply clandestine, some of it is sort of hiding in plain sight—but trying to form wise judgements across the whole of Government and beyond, into Academia and elsewhere, is a genuinely difficult challenge and that is where I think we will face, over the next few years, some really interesting things about how do we build that teamwork to meet a whole-of-state Chinese approach with, as it were, a whole-of-nation, UK approach.
The answers are not always straightforward, but it is the changing nature of it—well beyond, as it were, the intelligence domain—that is the trickiest part.[1][2]
- As noted in the main body of the Report, MI5, CPNI, and GCHQ (through the NCSC), provide vital advice on protective security and cyber security to Industry, with a view to increasing the UK’s resilience to threats (including from China). MI5 highlighted the importance of this engagement:
We need to have a resilient, well-protected, well-educated industrial base that protects itself in its dealings with China, and we obviously do, I think, a good and professional job in using the finite operational capacity that we have *** the worst and most damaging parts of what’s going on…[3]
- In July 2019, the Chief Executive Officer of the NCSC told the Committee: "In our role trying to defend the UK from cyber-attacks, China's ambitions to steal IP is one of the principal things that we worry about."[4] One of NCSC's key tasks is therefore to engage with Industry in order better to understand the vulnerabilities in their systems and to share information about threats they may face. While much of the information they provide is 'actor-agnostic', it is highly applicable to the cyber threat from China.
- Examples of NCSC's recent work with Industry include collaborating with small Voice over Internet Protocols providers to improve their protection against cyber attacks;
- ↑ Oral evidence—MI5, *** October 2020.
- ↑ As noted at the start of this Report, HMG announced a restructure of several government departments on 7 February 2023. As a result of this restructure, the Investment Security Unit has moved to the Cabinet Office, and other responsibilities which previously fell to BEIS now sit within several new departments: the Department for Energy Security and Net Zero; the Department for Science, Innovation and Technology; and the Department for Business and Trade.
The Committee has not been in a position to scrutinise the impact and effectiveness of this change during this Inquiry. As noted previously, the Government has assigned Parliamentary scrutiny of the ISU—now that it has returned to the Cabinet Office—to the BEIS Select Committee. However, we urge the Government to reconsider and confirm the ISC's responsibility for oversight of the ISU, as the only Parliamentary body able to perform effective oversight of investment security decisions taken on the basis of classified intelligence.
- ↑ Oral evidence—MI5, *** December 2020.
- ↑ Oral evidence—NCSC, *** July 2019.
145
