The UK is not paying enough attention to a “gamechanging” shift in China’s cyber-espionage tactics towards infiltrating critical infrastructure including energy and communications networks, a former head of Britain’s cybersecurity agency has warned.
Ciaran Martin, the ex-chief executive of the National Cyber Security Centre, said a warning from the US this year that Chinese state-backed hackers were targeting key sectors was a pivotal moment in Beijing’s approach to cyberwarfare.
“The UK has not paid enough attention to a gamechanging warning from the US that China is planning disruption to key critical infrastructure,” Martin said.
He said there should be more focus on the threat across the public and private sectors and “swaths of civil society”. Martin said the government should make clear in its public messaging to China that the threat of disruption to key infrastructure was unacceptable.
“We should be clear where our red lines are and disruption of civilian infrastructure should be a red line,” he said.
Speaking to the Guardian at the DTX conference at Manchester Tech Week, Martin said China had no history of disruptive cyber-operations, unlike Russia, but was now moving to Moscow-style tactics. “They’re preparing to be like Russia,” he said.
He pointed to a warning in April from Christopher Wray, the director of the FBI, the US domestic intelligence agency, that Chinese state-backed hackers had infiltrated key US infrastructure and were waiting for “just the right moment to deal a devastating blow”.
Wray said a group known as Volt Typhoon had burrowed into American companies in the telecommunications, energy, water and other critical sectors, with 23 pipeline operators targeted. The tactic is known as “pre-positioning”.
Wray said China was developing the “ability to physically wreak havoc on our critical infrastructure at a time of its choosing”. He added: “Its plan is to land low blows against civilian infrastructure to try to induce panic.” The US first revealed that Chinese state-backed hackers were seeking to lodge themselves in key domestic IT networks in February.
Martin said an example of the disruption caused by infrastructure attacks could be seen at the British Library, which has been severely affected by a ransomware attack. Such attacks are typically carried out by Russia-based criminal gangs. “What if we had 100 British Library attacks all at once,” he said.
Making further comments at a keynote speech at DTX, Martin said the disruption from cyber-attacks on critical infrastructure “probably wouldn’t directly kill anybody but it would hurt”.
In March the UK confirmed that Beijing-backed hackers were responsible for a cyber-attack targeting the UK elections watchdog and a surveillance operation on British politicians. At the time, Oliver Dowden, the deputy prime minister, said the government would “not hesitate to take swift and robust actions wherever the Chinese government threatens the United Kingdom’s interests”.
Martin, a professor at the Blavatnik School of Government at the University of Oxford, welcomed a report by the tech website The Record that the UK government was considering making reporting of ransomware attacks mandatory and requiring victims to seek a licence before making ransom payments. “I am really glad they are taking it so seriously,” he said.