The British and Chinese authorities have reached out to one another to explore setting up a cyber security forum between the two countries, according to reports.
The so-called ‘Cyber Dialogue’ will supposedly help manage cyber threats to both country’s national security, revealed Bloomberg, which was first to reported the move citing anonymous sources with knowledge of the forum,
It claimed that the forum will improve communication, enable private discussions, and deescalate tensions. It also establishes a direct line between London and Beijing to enable senior officials to discuss ongoing cyber incidents.
The officials concerned allegedly told Bloomberg that while they did not expect the forum to put an end to Chinese cyber attacks on UK targets, it may at least help mitigate the potential dangers.
Chinese relations
Computer Weekly understands the UK government has declined to comment on the existence of any such initiative, but the reports come at an important time for the UK’s relations with China – hot on the heels of Westminster’s approval of China’s new ‘mega-embassy’ in London, and ahead of a planned visit by the Prime Minister to Beijing.
On the global stage, the news also lands against the backdrop of a geopolitical reset that threatens to upend the international rules-based systems which have prevented a conflict akin to the Second World War for the past 80 years.
However, it would be naïve in the extreme to think it means that the UK and China are seeking to wage peace in cyberspace.
The UK’s National Cyber Security Centre (NCSC), which is embedded within Britain’s national security apparatus as a branch of GCHQ, continues to regard China as a “highly sophisticated and capable threat actor”.
Although perhaps not as noisy a threat as the financially-motivated cyber attacks against the likes of Marks & Spencer or Jaguar Land Rover, threat actors linked to the Chinese state are known to frequently target individuals of interest to Beijing’s intelligence-gathering goals, and organisations in sectors such as defence, government and telecoms.
Just last month, the UK government exposed and sanctioned two Chinese companies, named as Integrity Technology Group Incorporated and Sichuan Anxun Information Technology Co. Ltd, for their role in a series of “reckless and indiscriminate cyber attacks” against over 80 Western targets, including UK public sector IT systems.
At the time, the NCSC said it was “almost certain” that such companies, which often operate as private sector cyber security companies and data brokers, are little more than a front for Chinese state cyber ops.
“Pragmatic”
Michael Bell, founder and CEO of Suzu Labs, a security services provider, described the dialogue as a pragmatic move on the part of both countries.
“Cyber operations exist in a grey zone. They’re not acts of war, but they’re not peacetime activity either. Without communication channels, an incident response could be misread as aggression. Escalation becomes more likely when neither side understands the other’s red lines,” said Bell
He noted that the administration of president Obama established its own short-lived cyber hotline between Washington DC and Beijing back in 2015.
“[The UK is] not pretending the threat doesn’t exist. They publicly attributed attacks, imposed sanctions, and issued warnings about Volt Typhoon pre-positioning in critical infrastructure. Now they’re opening a channel to discuss deterrence and prevent miscalculation,” he said.
“Whether it works depends on whether both sides actually use it. The 2015 US-China agreement produced results until it didn’t.
“But having the channel is better than not having it…. The alternative, pure confrontation without communication, creates its own risks. In cyber space, those risks are harder to see until they materialise,” said Bell.
