The UK is not paying enough attention to a radical shift in China’s cyber espionage tactics to infiltrate critical infrastructure including energy and communications networks, a former head of Britain’s cybersecurity agency has warned.
Ciaran Martin, former executive director of the National Cyber Security Center, said a warning from the United States this year that Chinese state-backed hackers were attacking key sectors was a pivotal moment in Beijing’s approach to cyber warfare.
“The UK has not paid enough attention to a warning from the US that China is planning to disrupt key critical infrastructure,” Martin said.
He said more attention should be paid to the threat in the public and private sectors and in “civil society areas.” Martin said the government should make clear in its public messages to China that the threat of disruption to key infrastructure was unacceptable.
“We must be clear where our red lines are and the disruption of civil infrastructure should be a red line,” he said.
Speaking to The Guardian at the DTX conference at Manchester Tech Week, Martin said China had no history of disruptive cyber operations, unlike Russia, but was now adopting Moscow-style tactics. “They are preparing to be like Russia,” he said.
He pointed to a warning in April from Christopher Wray, director of the FBI, the US national intelligence agency, that Chinese state-backed hackers had infiltrated key US infrastructure and were waiting for “the right moment to strike a blow.” devastating blow.”
Wray said a group known as Volt Typhoon had infiltrated U.S. companies in telecommunications, energy, water and other critical sectors, with 23 pipeline operators in its sights. The tactic is known as “prepositioning”.
Wray said China was developing the “ability to wreak physical havoc on our critical infrastructure at a time of its choosing.” He added: “Their plan is to deal low blows against civilian infrastructure to try to induce panic.” The United States first revealed that Chinese state-backed hackers were seeking to gain entry into key national IT networks in February.
Martin said an example of the disruption caused by infrastructure attacks can be seen at the British Library, which has been severely affected by a ransomware attack. These attacks are usually carried out by criminal gangs based in Russia. “What if we had 100 attacks on the British Library at the same time?” he said.
Making further comments in a keynote speech at DTX, Martin said that disrupting cyberattacks on critical infrastructure “probably wouldn’t directly kill anyone, but it would do some damage.”
In March, the U.K. confirmed that Beijing-backed hackers were responsible for a cyberattack targeting the U.K. election watchdog and a surveillance operation on British politicians. At the time, Oliver Dowden, deputy prime minister, said the government “would not hesitate to take swift and strong action wherever the Chinese government threatens UK interests”.
Martin, a professor at Oxford University’s Blavatnik School of Government, welcomed a report by the technology website The Record that the UK government was considering making reporting of ransomware attacks mandatory and requiring victims to apply for a license before making ransom payments. “I’m really glad they’re taking it so seriously,” he said.