Critical Infrastructure Security , Geo Focus: The United Kingdom , Geo-Specific
UK, US Officials Warn About Chinese Cyberthreat
UK GCHQ Director Calls Chinese Hacking a 'Top Priority'Chinese-backed espionage and cyber disruption pose a major threat to global critical infrastructure as Beijing races for an edge over global competition, British and U.S. cyber officials warned Tuesday.
See Also: Beyond the Hype: Finding SASE Architecture Adoption Success
Speaking at the National Cyber Security Center's CyberUK conference in Birmingham, Anne Keast-Butler, director of the intelligence agency GCHQ, warned that China poses an "epoch-defining threat to the U.K."
"With their coercive and destabilizing actions, China poses a significant risk to international norms and values. We believe that the People's Republic of China's irresponsible actions weaken the security of the internet," Keast-Butler said.
"Responding to the scale and complexity of this challenge is GCHQ's top priority and we now devote more resources to China than any other single mission," she added.
The statement from the GCHQ head comes just days after British Secretary of State for Defense Grant Shapps last week publicly disclosed a possible Chinese hack on a U.K defense contractor that exposed 270,000 individuals. Months earlier, the U.K. government attributed an attack on the Inter-Parliamentary Alliance on China - an international pressure group of lawmakers dedicated to countering Beijing - to a Chinese state threat actor tracked as APT31 (see: UK Discloses Chinese Espionage Activities).
U.S. federal prosecutors in March indicted seven Chinese nationals they accused of working as contractors for a front company used by APT31 (see: US Indicts Accused APT31 Chinese Hackers for Hire)./p>
Harry Coker, U.S. national cyber director, said China's traditional focus on espionage has shifted to infiltrating U.S. critical infrastructure with a "clear intent to disrupt our ability to mobilize in the case of need." The activities align with Chinese plans to dominate global competition, Coker added.
"We all appreciate global competition. But we need to dictate the terms as opposed to letting our adversaries dictate how we operate on that digital foundation," Coker said.
Securing critical infrastructure is an ongoing challenge, said Heather Adkins, Google vice president of security engineering and the head of Google's Office of Cybersecurity Resilience. Industry's continued reliance on passwords and vulnerabilities arising from memory safety flaws are the two main vectors for threat actors, she added.
"Trying to deprecate the use of passwords - which we've had since the 1960s - should be a focus. We know it's a bad idea, and yet we still have them," Adkins said.