This page has been validated.
CHINA
- working with the Prudential Regulation Authority to issue guidance on Cloud-based security to companies in the finance sector; and partnering with MoD to deliver workshops on secure IT networks to companies in the defence sector.[1]
The Centre for the Protection of National Infrastructure
- CPNI—accountable to MI5—has a preventative and advisory role, providing protective security advice to Industry and the Government. It follows a "threat-focused and intelligence-led" approach to engagement, allocating resources to sectors, industries and businesses where there is evidence of Chinese desire to gain technology, IP and Information Data.[2] Around ***% of CPNI's work is directed towards countering Hostile State Activity (HSA), and it works with cross-government partners "to raise awareness of the threat, identify vulnerabilities, and to provide advice and mitigations".[3]
- *** CPNI says that it has been able to feed in information to MI5 that has been reported to it by Industry, resulting in leads and investigations being opened, the development of existing investigations, or the successful conclusion of an investigation.[4]
- Action is being taken to provide advice on the risks presented by certain types of engagement or approaches from Chinese actors. One such initiative—Project CONISTON[5]—was an awareness-raising campaign run by CPNI that highlighted the use of social media by hostile actors to target and recruit UK nationals working in HMG and Industry. During the campaign, CPNI released information about an investigation to allow Industry partners to assess their level of exposure and set up groups (***) to allow Industry partners to share the results of their internal investigations.
- There is some indication that the message is getting out to the right places. MI5 told us that:
awareness is growing, but it's not yet as fully embedded in the sort of UK bloodstream as it will need to be in the years to come. So we do these days receive more proactive tip-offs from people who have realised that they have received some kind of approach, whereas ten years ago more often we were noticing first and then alerting the individual or company involved.
… [the] balance is shifting through good work done in lots of places over the last decade or so, and I think the … public discourse around things like Huawei and 5G, Hong Kong and so forth is … raising wider awareness within the business community that they need to be quite thoughtful about the risks they may be exposed to; and then on particular things like the 'Think Before You Link' campaign that we've run, that has
- ↑ Written evidence—GCHQ, 31 January 2022
- ↑ Written evidence—HMG, 18 April 2019.
- ↑ Written evidence—HMG, 18 April 2019.
- ↑ Written evidence—HMG, 18 April 2019.
- ↑ In some instances in this Report, we have substituted an ISC-specific code word where it has been necessary to refer to the name of an operation or project, in order to protect classified information. No significance is intended by, nor should be inferred from, the matching of code words to real operation names. The ISC code words have no operational significance
146
