MI5 is set to establish a new agency to help UK businesses protect themselves against Chinese espionage and state-sponsored hacking.
UK prime minister Rishi Sunak will unveil the news later today, as part of the UK’s updated diplomatic and defence strategy when it comes to China, The Times reports.
Sunak will reveal a new “National Protective Security Authority” which will sit in MI5. It aims to provide businesses and universities with advice on how to deal with industrial espionage.
Officials have reportedly compared the new agency to the National Cyber Security Centre (NCSC) which was established by GCHQ in 2016 as a central authority tasked with protecting the nation against cyber security threats.
It also routinely offers guidance to organisations and the wider public on cyber security best practice.
The National Protective Security Authority will be able to help organisations by providing advice on how to deal with Chinese companies, how to do business in China, or how to buy equipment from companies located in the country.
The motivation for the agency's creation is thought to be born out of longstanding concerns around China and its history of conducting sophisticated cyber attacks against organisations in the West.
The government’s new authority will also provide guidelines on how to approach Huawei or Hikvision, although it isn’t clear yet what these are.
It was decided that Huawei’s equipment would be removed from the UK's 5G network in 2020 to protect national security, a move encouraged by US sanctions placed on the Chinese company.
In July 2022, a group of MPs also demanded that Chinese surveillance equipment companies like Hikvision should be banned from the UK, expressing concerns about the ethics and security of the company.
Lastly, the new agency is expected to provide guidance on takeovers in "sensitive” industries. In July 2021, an MP raised concerns about Chinese-owned Nexperia acquiring Newport Wafer Fab (NWF), a Welsh semiconductor company.
MP Tom Tugendhat said at the time he was surprised the deal had taken place without being put through a review under a National Security and Investment Act.
“The semiconductor industry sector falls under the scope of the legislation, the very purpose of which is to protect the nation’s technology companies from foreign takeovers when there is a material risk to economic and national security,” he said.
“The government is yet to explain why we are turning a blind eye to Britain's largest semiconductor foundry falling into the hands of an entity from a country that has a track record of using technology to create geopolitical leverage.”
China's hacking history
China's state-sponsored hackers are long-known for their attacks on high-value organisations and universities, often with the intention of information stealing.
Recent examples include the February 2022 attack on News Corp - China was originally accused as the force behind it which saw staff emails and other business documents stolen.
Mapping the digital attack surface
Why global organisations are struggling to manage cyber risk
In February this year, it was revealed that the China-linked hackers went unnoticed in the organisation's network for two years.
Further back, state-sponsored Chinese and Russian hackers were accused of targeting vaccine data during the COVID-19 pandemic. The attack on vaccine supplier Moderna drew worldwide attention in 2020.
In 2021, the National Cyber Security Centre (NCSC) revealed it played an important part in vaccine delivery, helping by intervening in cyber incidents and protecting individuals in the health sector. It handled 777 incidents that year, with 20% of them focused on the health industry or companies involved in the vaccine rollout.
