In a recent development, British and U.S. cyber officials have expressed concerns over the growing threat posed by Chinese-backed espionage and cyber disruption to global critical infrastructure. The officials highlighted that Beijing’s aggressive actions are aimed at gaining a competitive edge on the global stage.
During the National Cyber Security Center’s CyberUK conference in Birmingham, Anne Keast-Butler, the director of GCHQ, emphasized the significant risk that China’s actions pose to international norms and values. Keast-Butler described China’s behavior as coercive and destabilizing, undermining the security of the internet. She stated that responding to the scale and complexity of this challenge is the top priority for GCHQ, with a dedicated focus on China.
The warning from GCHQ comes on the heels of a recent disclosure by British Secretary of State for Defense Grant Shapps regarding a suspected Chinese hack on a U.K defense contractor, which exposed sensitive information of 270,000 individuals. This incident has raised concerns about the vulnerability of critical assets to cyber threats orchestrated by Chinese state actors.
In a separate development, U.S. federal prosecutors have indicted seven Chinese nationals accused of working for a front company used by APT31, a Chinese state-sponsored hacking group. This indictment underscores the evolving tactics employed by Chinese hackers, with a shift towards infiltrating critical infrastructure in the U.S. with the intent to disrupt operations in times of need.
Harry Coker, the U.S. national cyber director, highlighted China’s strategic focus on dominating global competition through cyber means. He emphasized the need for the U.S. and its allies to assert control over the digital domain and dictate terms to counter Chinese aggression effectively.
Securing critical infrastructure remains a persistent challenge, as noted by Heather Adkins, Google’s vice president of security engineering. Adkins cautioned against the industry’s continued reliance on outdated security measures like passwords and highlighted the vulnerabilities arising from memory safety flaws. She stressed the importance of transitioning away from password-based authentication, which has been in use since the 1960s, towards more robust security practices.
Overall, the warnings issued by British and U.S. officials underscore the pressing need for enhanced cybersecurity measures to safeguard critical infrastructure from evolving threats posed by state-sponsored actors like China. The ongoing efforts to counter these cyber threats require a collaborative approach involving government agencies, private sector entities, and international partners to mitigate risks and protect vital systems and services.