Clear Five-Eyed Focus Needed on Communist Espionage and Subterfuge

Just a week after Hamas launched a surprise terror attack against Israel, intelligence leaders from the Five Eyes governments (the UK, the US, Australia, New Zealand and Canada) met in Palo Alto, California. Convened by the FBI, the subject wasn’t one of the big headline-stealing crises or a hot war facing our allies. What brought these intelligence chiefs to the heart of Silicon Valley for their first-ever joint public appearance? The answer: China’s espionage.

Although overshadowed by the urgency of a hot war between Russia and Ukraine and the new threat of a warming conflict with Iranian proxies, China's espionage is a major strategic concern for all UK and Five Eyes corporations and technology firm leaders. Increasingly, we also see campaigns targeting other security soft spots, from financial services and law firms to lobbyists and even legislatures. Recent efforts by the Chinese Communist Party (CCP) to access the UK Parliament were not isolated events but constitute a new, short chapter in a lengthy narrative of subversive, state-funded activities aimed at destabilising the free world through all means short of war.

According to FBI Director Christopher Wray:

‘China has long targeted businesses with a web of techniques all at once: cyber intrusions, human intelligence operations, seemingly innocuous corporate investments and transactions… Every strand of that web has become more brazen, and more dangerous.’

In the UK, the arrests of two British nationals under suspicion of spying for China, first reported in September by The Sunday Times, promise further headlines – especially in light of MI5 Director McCallum's unprecedented assertion that more than 20,000 people in the UK have now been approached covertly online by Chinese spies. Along with other recently disclosed incidents, these events cast a stark light on the often-overlooked battlefield between the public institutions and values of the free world and the pervasive threat of authoritarian state-backed espionage.

In an era where a convergence of technology and geopolitics defines everyone in the Anglosphere's future, we need to develop a unified, collaborative approach to securing our institutions, corporations and ultimately, our very democracies against the insidious threats that seek to undermine them. Publicly available lessons derived from the forensics and legal discovery in the UK Parliament cases may well be instrumental in shaping allied whole-of-society defensive strategies against future hostile espionage operations.

Working collaboratively across the Five Eyes on these challenges means increasing insider threat programmes, public awareness campaigns, supply chain illumination, enhanced due diligence in corporate mergers and acquisitions, and integrating counterintelligence into legislative functions as well as the executive needs of the state.

In many discussions with former and current intelligence, counterintelligence, defence ministry and corporate security leaders throughout the Five Eyes, a recurring theme emerges: the need for a fortified, collaborative approach to protecting allied national security both online and offline amid known foreign espionage and covert interference campaigns.

My own 25-year career in intelligence, cyber security, open-source intelligence and international public-private partnerships for advanced technology has also provided a front-row seat for observing the evolution of these threats. This experience leads me to believe that we can learn from these events in order to accomplish two seemingly disparate efforts. We can raise our collective shields against CCP espionage and malign influence even as we simultaneously pursue continued peace and economic prosperity.

Efforts by China to aggregate massive datasets through unrestricted espionage, legitimate commercial acquisition, web scraping and illicit purchases on the dark web all combine with an essentially limitless storage capability and unrestricted aggregation policy to make information competition fundamentally distinct from other forms of modern great power competition.

China’s Communists likely see the value in building massive volumes of ‘dumb data’ which they can determine how to exploit later. They may also run unregulated efforts on our data, such as training AI and machine learning datasets with correlations that are prohibited by policy in the West; mapping human networks for espionage and covert influence; or even blindly aggregating data that they believe might benefit them later in economic, soft power or even military competition.

From a defensive perspective, we can all agree on the need to elevate public awareness about the critical role of unified, cross-sector defences in safeguarding our allied institutions – from energy and space to financial services, and across the spectrum from higher education and research into businesses with vital intellectual property, military or dual-use applications.

Our financial services, legal, healthcare and big tech sectors, with their vast repositories of sensitive data, are prime targets for CCP espionage activities. Major UK, EU and US companies all share an imperative for a secure, collaborative approach to intelligence and cyber security. The safeguarding of our financial, legal and commercial ecosystems against potential threats and vulnerabilities is not merely a corporate concern but a matter of national security and public awareness.

Navigating the intricate security challenges presented by the complex landscape of cyber security and advanced technology requires a deft blend of expertise and collaboration from the C-Suite and boardroom. Organisations that specialise in mitigating risks and safeguarding assets through international partnerships play a crucial role, but modern security is not exclusively a government function. The synergy between public and private sector intelligence and common allied security initiatives is a lynchpin in constructing robust defences against the multifaceted threat of foreign espionage and insider threats, while ensuring a secure operational environment for all stakeholders involved in online commerce.

Historically, Communist and adversarial espionage has sought to exploit the vulnerabilities within our free systems. More than 50 years ago, it was the infamous ‘Cambridge Five’ spy ring – each of whom assumed leading positions within the British state, infiltrating MI5, MI6, the Special Operations Executive and the Foreign Office to both spy and covertly influence policy on behalf of the Soviets. There have also been more recent allied incidents that have led to catastrophic losses, such as the 2018 arrest and public US indictment of a former CIA officer suspected of compromising US spies in China. All of this underscores the longevity and adaptability of foreign Communist threats to free world peace and prosperity.

The current allegations about the CCP operationalising UK insiders for espionage and covert influence, if substantiated in court, will signify not only a continuation of these covert efforts but also an escalation in their audacity, given the potential impact upon the very seat of an exemplary representative democracy.

As in previous historical cases of foreign espionage, what the public learns in the unfolding public legal proceedings around these UK Parliament cases could be an important catalyst for collective, global action against authoritarian misuse of espionage and the abuse of open access to our human, financial and intellectual capital.

The unseen battlefield of espionage requires a clear-eyed, vigilant and collective gaze if we want to fortify our defences against the shadowy threats that seek to undermine our way of life. But Western agencies currently can’t even make a ‘red team’ map of China’s stolen data, and this is a big hairy problem that we may need to open up. We should take a thoughtful look at how to balance our imperative for civil liberties and individual privacy with the needs of allied national security and collective defence.

Western intelligence services, legislatures, courts, universities and private sector organisations are neither configured nor culturally aligned to address this extensive threat head-on yet. Unlike our authoritarian and totalitarian adversaries, we embrace a culture of individual privacy. Not only this, but our constitutions, statutory frameworks and multinational frameworks demand protections for individual privacy (and prevent certain dataset aggregations) that the Chinese and other competitors do not adhere to.

Diagnosing these pains in foreign policy with China (and other authoritarian and Communist regimes) means exposing totalitarian state adversaries and proxy actors that have no reservations about violating our individual privacy and abusing our collective big data, and that do not face any domestic legal restrictions on doing so. Moving forward wisely in the face of this imbalance will mean empowering more effective counterintelligence collaboration among Five Eye governments, combined with the smart defences provided by a greater whole-of-society resistance to espionage.

The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.

Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.