FBI and Mi5's warning of Chinese spying in and against the West
Ken McCallum - Chris Wray |
07 July 2022
Speeches by Ken McCallum and Chris Wray to business leaders in London, 6 July 2022
Joint address by MI5 and FBI Heads
MI5 Director General Ken McCallum and FBI Director Chris Wray have warned of the growing threat posed by the Chinese Communist Party to UK and US interests.
The two spoke to an audience of business and academic leaders at an unprecedented joint address at Thames House today.
The MI5 Director General Ken McCallum said:
Welcome
-->
Good afternoon everyone. Thank you for coming. It’s a pleasure to welcome you all. I’m Ken McCallum, Director General of MI5; this is my friend and colleague Chris Wray, Director of the FBI.
Our two organisations, born within a year of each other more than a century ago, have long been closely partnered. The FBI office in London opened in 1942 and our teams work tirelessly together every day to keep our two nations, and our allies, safe. But today is the first time the Heads of the FBI and MI5 have shared a public platform.
We’re doing so to send the clearest signal we can on a massive shared challenge: China.
We’ll describe the challenge.
-->
We’ll talk about the whole-of-system response that we need: partnership not just between us, but with all of you, if we’re to protect our economies, our institutions, our democratic values.
And we’ll say what you can do, starting today, to protect yourselves.
I’ll lead off; then hand over to Director Wray; then after a brief pause, we’ll take questions together.
Introduction
-->
In 2022, MI5 is having to stretch itself as never before – in multiple different directions. Front and centre of our minds is of course Ukraine where the human costs are horrifying. The long-term implications of Putin’s actions are a subject for another day. But while our countries strain every sinew to support Ukraine in resisting appalling overt aggression, we’re also working to safeguard our homelands from covert threats from the Kremlin.
Meanwhile, MI5’s counter-terrorist work remains intense. Syria, Somalia and Afghanistan continue to generate threats. Our most immediate UK challenge is lone terrorists – Islamist extremist and right-wing extremist – radicalised online, acting at pace, in unpredictable ways.
Our subject for today lies right at the opposite end of the spectrum. Rather than lone actors, a coordinated campaign on a grand scale. Rather than lightning pace, a strategic contest across decades. Rather than the actions of volatile individuals, we see planned, professional activity:
The most game-changing challenge we face comes from the Chinese Communist Party. It’s covertly applying pressure across the globe. This might feel abstract. But it’s real and it’s pressing. We need to talk about it. We need to act.
-->
I want to be really clear up front on a couple of points:
First, the aim here is not to cut off from China – one fifth of humanity, with immense talent. China is central to global issues: economic growth, public health, climate change. Having, for example, almost 150,000 Chinese students in the UK’s universities is, in almost all cases, good for them and good for us. The UK wants to engage with China wherever it’s consistent with our national security and our values. There are situations where the risks are sharper – and you’d expect the head of MI5 to focus on those. But even then, our aim is to make conscious choices on issues that are rarely binary. We want a UK which is both connected and resilient.
My second point is we’re talking today about the activities of the Chinese Communist Party and certain parts of the Chinese State [I’ll mostly use the shorthand ‘CCP’]. We’re not talking about Chinese people – in whom there is so much to admire. We wholeheartedly welcome the Chinese diaspora’s hugely positive contribution to UK life. Responding confidently to specific covert activities is just us doing our job. If my remarks today elicit accusations of Sinophobia, from an authoritarian CCP, I trust you’ll see the irony.
My main messages to you today are:
I. By volume, most of what is at risk from Chinese Communist Party aggression is not, so to speak, my stuff. It’s yours. The world-leading expertise, technology, research and commercial advantage developed and held by people in this room, and others like you.
II. There is plenty you can do to protect yourself. Proportionately. Without making your organisation, your start-up or your university a fortress; while still engaging with the world, including China.
III. We’re stronger together. The CCP adopts a whole-of-state approach in which businesses and individuals are forced by law to co-operate with the Party. In our free societies, we can do better. By building trusted partnerships – across our national systems, and, as symbolised today, internationally.
Risks To Your Business, Your Research, Your Future
Acquiring Advantage
Early in his time as leader, President Xi said that in areas of core technology where it would otherwise be impossible for China to catch up with the West by 2050, they “must research asymmetrical steps to catch up and overtake”. The scale of ambition is huge. And it’s not really a secret. Any number of public strategic plans, such as Made in China 2025, show the intent plainly.
This means standing on your shoulders to get ahead of you. It means that if you are involved in cutting-edge tech, AI, advanced research or product development, the chances are your know-how is of material interest to the CCP. And if you have, or are trying for, a presence in the Chinese market, you’ll be subject to more attention than you might think. It’s been described as “the biggest wealth transfer in human history”. MI5 teams see the CCP working to extract UK advantage in multiple ways. To list a few:
- Covert Theft. Late last year Chinese intelligence officer SHU Yenjoon was convicted in a US court on charges of economic espionage and theft of trade secrets from the US aviation sector. SHU was active in Europe too: he’d been part of a prolific Ministry of State Security network targeting the aerospace sector. MI5 worked with those being targeted in the UK to mitigate the risks until the FBI action could solve the problem for both of us.
- Then there is Tech Transfer. Clandestine espionage methodology isn’t always necessary. Take the tale of Smith’s Harlow, a UK-based precision engineering firm. In 2017 Smith’s Harlow entered into a deal with a Chinese firm, Futures Aerospace. The first of three agreed technology transfers saw Futures pay £3m for quality control procedures and training courses.
You know how this ends: after further sharing of valuable IP, Futures abandoned the deal. Smith’s Harlow went into administration in 2020. As their Chairman put it: “They’ve taken what they wanted and now they’ve got it, they didn’t need the shell of Smith’s”.
- Next, Exploiting Research. Both our countries have had to take action to stem CCP acquisition of cutting-edge national security advantage. In 2020 the US stopped issuing new visas in certain fields to researchers from People’s Liberation Army universities. In the UK we’ve reformed the Academic Technology Approval Scheme to harden our defences, and we’ve seen over 50 PLA-linked students leave.
- Information Advantage. The CCP doesn’t just use intelligence officers posing as diplomats in the classic fashion. Privileged information is gathered on multiple channels, in what is sometimes referred to as the ‘thousand grains of sand’ strategy.
In Germany a retired political scientist and his wife who together ran a foreign policy think tank passed information to the Chinese intelligence services for almost ten years.
In Estonia a NATO maritime scientist was convicted for passing information to his Chinese handlers, who claimed to be working for a think tank.
We issued a UK espionage alert on an individual working in think tanks and academia who was in regular contact with Chinese intelligence officers.
- Cultivating New Contacts. The deceptive use of professional networking sites is well known. Seemingly flattering approaches turn into something more insidious – and damaging.
In one example a British aviation expert received an approach online, ostensibly went through a recruitment process, and was offered an attractive employment opportunity. He travelled twice to China where he was wined and dined. He was then asked – and paid – for detailed technical information on military aircraft. The ‘company’ was actually run by Chinese intelligence officers. That’s where we stepped in.
- And then there’s Cyber. A wide range of government and commercial targets were attacked by the three so-called 'Advanced Persistent Threat’ groups which the UK government has attributed to China’s Ministry of State Security.
Over the last year the UK has shared intelligence with 37 countries to help defend against such espionage. In May we disrupted a sophisticated threat targeting critical aerospace companies.
I’ll leave Chris to say more on cyber; his teams have led the way in taking the fight to those behind the keyboards.
These examples, from a far larger set, show some of how the CCP uses UK expertise to boost its success – at your cost. Security messages probably do seem repetitive, but we aren’t crying wolf. We are seeing, cumulatively, the damage we had feared. And much of it is preventable damage.
Interference
Running alongside all this acquisition of advantage are sophisticated interference efforts. Normalising mass theft as “the cost of doing business these days”. Seeking to bend our economy, our society, our attitudes to suit the Chinese Communist Party’s interests. To set standards and norms that would enable it to dominate the international order. This should make us sit up and notice.
The widespread Western assumption that growing prosperity within China and increasing connectivity with the West would automatically lead to greater political freedom has, I’m afraid, been shown to be plain wrong. But the Chinese Communist Party is interested in our democratic, media and legal systems. Not to emulate them, sadly, but to use them for its gain.
Obviously, much influencing activity is wholly legitimate: every country, every organisation, every business, wants to put its best face forward. The overt diplomatic activities of the Chinese Ministry of Foreign Affairs and attempts to grow China’s ‘soft power’ are not where MI5 is focused.
Where we come in is unearthing, and seeking to neutralise, what we call interference activity – influencing that is clandestine, coercive or corruptive. Where the Chinese intelligence services, or bodies within the CCP itself – such as its United Front Work Department (UFWD) – are mounting patient, well-funded, deceptive campaigns to buy and exert influence.
Some of you will recall the Interference Alert issued earlier this year by MI5 to Parliament. This highlighted the risk posed by an individual connected to the UFWD, who had developed extensive links within Parliament. Through networks of this sort, the UFWD – described by Mao as one of the CCP’s “magic weapons” – aims to amplify pro-CCP voices – and silence those that question the CCP’s legitimacy or authority. This has very real consequences in communities here in the UK. It needs to be challenged.
We and our partners see growing indicators of the threat. In Australia, Senator Sam Dastyari resigned his position following allegations that he had taken money from a Chinese benefactor connected to the UFWD in return for advocating positions favourable to the CCP. Other 5EYES partners and European colleagues share concern about such interference. This requires a concerted response.
To quote some MI5 protective security advice:
“The motive behind Chinese intelligence service cultivation of Westerners is primarily to make “friends”: once a “friendship” is formed [they] will use the relationship to obtain information which is not legally or commercially available to China and to promote China’s interest.
Cultivation of a contact of interest is likely to develop slowly: [they] are very patient. … The aim of these tactics is to create a debt of obligation on the part of the target, who will eventually find it difficult to refuse inevitable requests for favours in return”.
That advice was produced in 1990. Three decades on, the internet allows for much greater scale – but the tactics are identical. One consequence of this subtle, patient approach is that many of those considered by the CCP to be helpful agents of influence in the West, are Westerners who may have no idea that that is how they are viewed.
The UK is a free country and people are free to hold whatever opinions they choose. But if their advocacy of CCP positions is a consequence of hidden manipulation, I would prefer for them – and us – to be conscious of that. And I would urge them to hold in mind that their reputations and advocacy are used by the CCP to whitewash its more egregious activities. A CCP repressing Uyghur Muslims in Xinjiang and pro-democracy protesters in Hong Kong. A CCP which recently declared a “friendship without limits” with Putin’s Kremlin. And, as Director Wray will describe, a CCP that seeks to stifle criticism by coercing and repatriating Chinese nationals under what is known as Operation Foxhunt.
Building Our National Resilience, Together
One element is a stepped-up operational response from the security and intelligence Agencies, backed by government investment. MI5 has already more than doubled our previously-constrained effort against Chinese activity of concern. Today we’re running seven times as many investigations as we were in 2018. We plan to grow as much again, while also maintaining significant effort against Russian and Iranian covert threats.
And it’s not just about scale, it’s about reach. Working hand-in-glove with international partners, sharing data in new ways and mounting joint operations make us much more than the sum of our parts. China is top of the 5EYES Heads’ agenda, and our teams are working together closely on our shared priorities. We’re doing likewise with our close European partners. These alliances will remain at the heart of our response.
But countering State Threats, whether from the CCP, Putin’s Russia or Iran, also needs a profound whole-of-system response. Bringing together not just the national security community but counterparts in economic and social policy, in industry, in academia. Just as we learned at pace how to join up across domains to contend with mass-casualty terrorist tactics, we’re now progressively stepping up against State Threats:
- Since January the National Security & Investment Act has enhanced the government’s powers to scrutinise investments and acquisitions, drawing on US experience across many years.
We’re already seeing a steady flow of cases where critical national interests are engaged – whether that’s technologies with military applications; advanced materials; or data and AI.
These require nuanced judgements that rely on expertise held in different places. It’s not about choosing either prosperity or security, but instead focusing collectively on how they combine.
- The National Security Bill currently before Parliament will if passed be a long-needed and essential shift in powers to combat State threats. Threats not just to national secrets but to your intellectual property, your commercial edge, your unique research. It’s right that Parliament draws new lines for the 21st century.
As well as updating the core espionage offences, the Bill seeks to tackle covert influencing in our democracy, and other forms of hidden interference. We and our policing colleagues badly need a full set of tools to protect the UK effectively against these very real threats. The Bill provides those tools.
But the right model can’t be to scale the operational agencies to somehow take on all of this activity. As well as being unaffordable, that would be wildly disproportionate in a country where – unlike the CCP – we’re here to protect democratic values and freedoms. In our view the most crucial improvement is to make the UK a harder target. We need to play the long game too.
What You Can Do To Protect Yourself
Since its earliest days, alongside MI5’s secret responsibilities has sat a parallel responsibility for helping the UK reduce its vulnerability to attack – whether from sabotage in naval dockyards during World War I, or from hostile Foreign Direct Investment today. That protective responsibility sits with the Centre for the Protection of National Infrastructure, CPNI, accountable to me as Director General. Working in close partnership with the National Cyber Security Centre.
Over the last two decades, CPNI has played a central role as the UK has learned to protect itself from new forms of terrorism – responding resolutely, but not over-responding in ways which would do the terrorists’ work for them.
Those same principles apply to the still-broader teamwork we now need to build resilience to State Threats. As today’s session hopefully makes clear, critical national infrastructure is only one part of the picture: the contest now is much broader.
And so is our protective security response. Examples of CPNI campaigns, such as Trusted Research, Secure Innovation, and Protected Procurement are available here today and online. In May we released the Think Before You Link app – to help protect against the widespread deceptive exploitation of professional networking platforms. User reports from the app have already generated more than 100 new intelligence leads; a good example of the feedback loops we need.
Please take advantage of the advice that’s available. No set of guidance can cater with precision for each and every situation: I’m afraid I can’t make this simple for you. The answers have to lie in combining our unique knowledge of the threats, with your unique knowledge of your business.
So reach out to our advisers – through established channels if you have them, or through LinkedIn or the CPNI website. The teams are there to give you expert insights into the risks you face, and to work with you to make your organisation a hard nut to crack.
If you are worried about something that’s happened, report it. Anything you tell us will be handled with discretion. Even better, of course, is to engage before you have a problem – mend the roof when the sun is shining, not when it’s raining hard.
There’s much more to do. CPNI’s ambition is to reach ten times more organisations. As it grows its reach, it’ll probably need a new name. More on that another day. But I want you to think about MI5 in 2022 as an organisation focussed as much on countering State Threats as on our still-vital role in countering terrorism. And an MI5 that’s not just about running intelligence operations, but is working with you to help strengthen UK resilience in an increasingly contested world.
We see many examples of good practice. But as I wrap up, I’ll leave you with some questions that I think deserve careful thought in every company; research institution; or venture:
- Do you have a strategic approach to managing the risks I’ve described, and discuss those risks round your Board table? Or is it the subject you never quite get to?
- Do you have a thoughtful security culture at all levels in your organisation? Or does everyone leave it to a Security Department that’s off to one side, only to be contacted in an emergency?
- Does your organisation know what its crown jewels are, which if stolen would compromise your future?
- Have you put in place the right controls to assess the risks attached to your funding sources and partnerships, and to protect your supply chain?
We know how hard you work to generate financial and intellectual capital. We want to help you to protect it, and to seize – safely – the many opportunities that are opening up. To be both connected and resilient.
I said that today was about sending the clearest signal yet about the risks posed by Chinese State action. Hostile activity is happening on UK soil right now. We don't need to build walls to shut ourselves off from the rest of the world. We do need to build our awareness - and make conscious choices to grow our resilience.
You - the UK's innovators and technologists, our researchers and scientists, our businesspeople - are one of the UK's greatest strengths. That's why you're being targeted. Let's not let your success be China's competitive advantage. Let's take on this challenge together. Thank you.
06 July 2022
***
Christopher Wray, Director, Federal Bureau of Investigation, London said:
Director's Remarks to Business Leaders in London
Remarks prepared for delivery.
Thank you, Ken. It’s an honor to be here this week, talking about common threats our nations face, and the superb cooperation between our two agencies
The FBI has no closer partner than MI5. We work together on almost every mission our agencies confront—from countering terrorism to cybertheft and transnational repression to espionage.
Now, you’ll notice that there’s a common thread running through all the challenges we tackle together, which is that they’re all hard.
Our world is certainly filled with enduring, difficult challenges. Not least, Russia’s invasion of Ukraine and their ruthless killing of civilians and destruction of homes and infrastructure.
As laser-focused as both our agencies are on the Russia threat, though, I want to talk today about another complex, enduring, and pervasive danger to the kinds of innovative businesses we have here in the audience.
We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by “our,” I mean both of our nations, along with our allies in Europe and elsewhere.
And I want to be clear that it’s the Chinese government and the Chinese Communist Party that pose the threat we’re focused on countering. Not the Chinese people, and certainly not Chinese immigrants in our countries—who are themselves frequently victims of the Chinese government’s lawless aggression.
Now, we understand the appeal of doing business in and with China. Before returning to public service, I spent 12 years in the private sector, advising and representing some of the world’s leading companies. And at the FBI, we’re engaged with businesses of all sizes and stripes every day, so we understand the perspective of firms looking to the China market, as they try to find and keep a competitive edge.
But the point I want to leave you with today is that the Chinese government poses an even more serious threat to Western businesses than even many sophisticated businesspeople realize. So, I want to encourage you to take the long view as you gauge that threat and as you plan to meet it.
I’ll start with what this danger looks like. The Chinese government is set on stealing your technology—whatever it is that makes your industry tick—and using it to undercut your business and dominate your market. And they’re set on using every tool at their disposal to do it.
For one, they use intelligence officers to target valuable private sector information—multiplying their efforts by working extensively through scores of “co-optees,” people who aren’t technically Chinese government officials but assist in intelligence operations, spotting and assessing sources to recruit, providing cover and communications, and helping steal secrets in other ways.
We’ve seen the regional bureaus of China’s MSS—their Ministry of State Security—key in specifically on the innovation of certain Western companies it wants to ransack. And I’m talking about companies everywhere from big cities to small towns—from Fortune 100s to start-ups, folks that focus on everything from aviation, to AI, to pharma. We’ve even caught people affiliated with Chinese companies out in the U.S. heartland, sneaking into fields to dig up proprietary, genetically modified seeds, which would have cost them nearly a decade and billions in research to develop themselves.
And those efforts pale in comparison to their lavishly resourced hacking program that’s bigger than that of every other major country combined.
The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale.
Last spring, for instance, Microsoft disclosed some previously unknown vulnerabilities targeting Microsoft Exchange Server software. Chinese hackers had leveraged these vulnerabilities to install more than 10,000 webshells, or backdoors, on U.S. networks, giving them persistent access to data on those systems. That’s just one example of the Chinese government finding and exploiting vulnerabilities, albeit a big one.
But over the last few years, we’ve seen Chinese state-sponsored hackers relentlessly looking for ways to compromise unpatched network devices and infrastructure. And Chinese hackers are consistently evolving and adapting their tactics to bypass defenses. They even monitor network defender accounts and then modify their campaign as needed to remain undetected. They merge their customized hacking toolset with publicly available tools native to the network environment—to obscure their activity by blending into the “noise” and normal activity of a network
The point being, they’re not just big. They’re also effective.
But in addition to traditional and cyber-enabled thievery, there are even more insidious tactics they’ll use to essentially walk through your front door—and then rob you. The Chinese government likes to do this by making investments and creating partnerships that position their proxies to steal valuable technology.
To start with, a whole lot of Chinese companies are owned by the Chinese government—effectively the Chinese Communist Party. And often that ownership is indirect and not advertised. And those that aren’t owned outright are effectively beholden to the government all the same, as Chinese companies of any size are required to host a Communist Party cell to keep them in line.
So, when you deal with a Chinese company, know you’re also dealing with the Chinese government—that is, the MSS and the PLA—too, almost like silent partners.
But the problem is bigger than that China often disguises its hand in order to obtain influence and access where companies don’t suspect it.
Outside of China, their government uses elaborate shell games to disguise its efforts from foreign companies and from government investment-screening programs like CFIUS, America’s Committee on Foreign Investment in the U.S.
For example, they’re taking advantage of unusual corporate forms like SPACs, or Special Purpose Acquisition Companies, and buying corporate shares with overweight voting rights that let their owners exert control over a company out of proportion with the actual size of their stake in it.
The Chinese government has also shut off much of the data that used to enable effective due diligence, making it much harder for a non- Chinese company to discern if the company it’s dealing with is, say, a subsidiary of a Chinese state-owned enterprise.
We’re working with MI5 and other partners to identify these types of hidden investments. In the U.S., we’ve identified and pulled into our CFIUS screening hundreds of concerning transactions that participants failed to notify us about. Within China, you’ve got all those same problems—and then some.
You probably all know that the Chinese government requires U.S. and U.K. companies to partner with Chinese businesses, partners that often turn into competitors. But they’re also legislating and regulating their way into your IP and your data.
Since 2015, they have passed a series of laws that eat away at the rights and security of companies operating in China. For example, a 2017 law requires that if the Chinese government designates a company as “critical infrastructure,” that company must store its data in China—where, of course, their government has easier access to it.
Another 2017 law would allow them to force Chinese employees in China to assist in Chinese intelligence operations. And a series of laws passed in 2021 centralizes control of data collected in China and gives their government access to and control of that data.
Other new laws give the Chinese government the ability to punish companies operating in China that assist in implementing international sanctions, putting those businesses between a rock and hard place. And one requires companies with China-based equities to report cyber vulnerabilities in their systems, giving Chinese authorities the opportunity to exploit those vulnerabilities before they’re publicly known.
If their government could be trusted with that kind of information, that’d be one thing, but we’ve seen the Chinese government take advantage of its laws and regulations to steal intellectual property and data
In 2020, for example, we learned that a number of U.S. companies operating in China were being targeted through Chinese government- mandated tax software. To comply with Chinese law, these businesses had to use certain government-sanctioned software. The U.S. companies then discovered that malware was delivered into their networks through this same software. So, by complying with Chinese laws for conducting business in China, they ended up unwittingly installing backdoors into their systems that enabled hackers’ access into what should have been private networks.
This is all just a small sampling, and I could go on.
What makes the Chinese government’s strategy so insidious is the way it exploits multiple avenues at once: They identify key technologies needed to dominate markets, like the ones they highlight in their “Made in China 2025” plan. Then, they throw every tool in their arsenal at stealing those technologies—causing deep, job-destroying damage across a wide range of industries, like when they tried to steal cutting edge jet engine technology, recruiting an insider at GE’s joint venture partner to enable access by hackers back in China.
Or in another example, combining human spying with hacking in a joint effort to try to steal COVID research from one of our universities.
So it’s long been clear that the danger China poses to businesses is complex and challenging.
Where we see some companies stumble is in thinking that by attending to one, or a couple, of these dangers, they’ve got the whole Chinese government danger covered—when really, China just pivots to the remaining door left unattended.
But the danger China poses to companies isn’t just complex. It’s also getting worse.
That’s in part because, as you all know, there’s been a lot of discussion about the potential that China may try to forcibly takeover Taiwan. Were that to happen, it would represent one of the most horrific business disruptions the world has ever seen. More on that in a minute.
But it’s also because the Chinese government is using intimidation and repression to shape the world to be more accommodating to China’s campaign of theft.
Examples of the intimidation the Chinese government wields to bend people, companies, and governments to its will could keep us here all day.
But to take just one example, this spring, the Chinese government went so far as directly interfering in a Congressional election in New York, because they did not want the candidate—a Tiananmen Square protester and critic of the Chinese government—to be elected.
A former Chinese intelligence officer hired a private investigator to dig up derogatory information and derail the candidate’s campaign. When they couldn’t find anything, they decided to manufacture a controversy using a sex worker. And when that didn’t work out, they even suggested using violence, such as arranging for the candidate to be struck by a vehicle and making it look like an accident.
The Chinese government’s crackdown on dissidents crosses borders all over the world, including here in the U.K. In the U.S., they’ve gone after Chinese-national college students for participating in pro-democracy rallies at U.S. universities or even just for expressing themselves in class.
The FBI battles the Chinese government’s transnational repression because it’s an evil in its own right and an assault on the freedoms of an open society.
The FBI and MI5 are united in this fight—from our leadership teams down to our case agents and officers. But this audience should bear in mind that China’s repression is also a means to an end—and we counter it for that reason, too.
Repression is part of how the Chinese government tries to shape the world in its favor, making the world more pliable and susceptible to its nefarious campaign to steal our data and innovation. That connection—between the Chinese government’s ugly repression and its strategic economic goals—is too little recognized. So, I want to take a few minutes to focus on it.
The Chinese government is trying to shape the world by interfering in our politics (and those of our allies, I should add), like the Congressional example I just mentioned. In other instances, using GPS trackers and other technical surveillance against activists inside the U.S. speaking out against the Chinese government. Even covertly and deceptively running a purported pro-democracy organization to collect information on Americans opposed to them.
But they try to shape the world by going after companies, too—sometimes just for being associated with people Beijing wants to silence.
Like when, after one U.S.-based employee of a major hotel chain “liked” a social media post by a Tibetan separatist group, the Chinese government made that U.S. hotel chain shut down all of its Chinese websites and applications for a solid week.
Or when an executive with one NBA basketball team appeared to tweet in support of Hong Kong democracy protests, the Chinese government banned all NBA broadcasts in China for an entire year.
Part of that effort is strong-arming companies to do Beijing’s bidding and actually help it undermine our political and judicial processes.
Like last November, when the Chinese Embassy warned U.S. companies that, if they want to keep doing business in China, they need to fight bills in our Congress that China doesn’t like. That’s not something listed in the brochure when you sign up to work with China. And you won’t find those types of requirements—or a warning that you’re about to lose your I.P.—in any contract you might sign.
But if you’re considering partnering with a Chinese-owned company, you should ask their Ministry of Commerce: Can they assure you that your employees won’t be dragooned into working for their Ministry of State Security and against you? That you won’t have to load their tax software or any other state-sanctioned software onto your systems? That your company won’t be punished because of one of your employees’ tweets?
Their ministry’s not going to give you a satisfactory answer—at least not one that’s not belied by the text of the laws on their books or by the way they’ve actually been treating foreign companies operating there.
All of that is to say—China poses a far more complex and pervasive threat to businesses than even most sophisticated company leaders realize
But as I said earlier, I’m not here to tell you to avoid doing business in or with China altogether. Of course, sophisticated Western businesses have long found ways to succeed in tough environments. It’s risk versus reward, with a premium on accurately assessing that risk.
But I do have just a few suggestions for those who do plow ahead, because we’re not in the business of just articulating problems. We’re doing something about them, together—with MI5, with the private sector itself, with other government partners.
First, I would encourage everyone to work with the two agencies up here. We can arm you with intelligence that bears on just what it is you’re facing.
For example, when it comes to the cyber threat, everything from details about how Chinese government hackers are operating to what they’re targeting.. And when incidents do occur, we can work together—our agencies and you—to degrade the threat.
Our folks will race out to give you technical details that will help you lessen the effects of an attack. Together, we can also run joint, sequenced operations that disrupt Chinese government cyber attacks, like we did in that Microsoft Exchange example I noted earlier, working with the private sector, including Microsoft itself, and our government partners to slam shut those backdoors the Chinese government had installed on corporate networks across the U.S.
And we can also help you to ascertain whether the cyber problem you’ve encountered is actually part of a larger intelligence operation, whether the hackers you do see may be working with insiders, or in concert with other corporate threats, that you don’t see.
Finally, I’d ask you to take the long view.
I’m thinking of the view that high-performing boards of directors bring to a company. Looking past the nearest earnings report, to maximizing the value of the company over the course of years, long after today’s management team may have moved on. Consider that it may be a lot cheaper to preserve your intellectual property now than to lose your competitive advantage and have to build a new one down the road.
I’d encourage you to keep in mind the complexity of that threat to your innovation I just talked about—how hard it is to recognize and close every avenue. Maintaining a technological edge may do more to increase a company’s value than would partnering with a Chinese company to sell into that huge Chinese market, only to find the Chinese government, and your “partner,” stealing and copying your innovation, setting up a Chinese competitor, backed by its government, that is soon undercutting you—not just in China, but everywhere.
Now, when it comes to the threat against Taiwan I mentioned a minute ago, I’m confident in saying that China is drawing all sorts of lessons from what’s happening with Russia and its invasion of Ukraine—and you should, too.
We’ve seen China looking for ways to insulate their economy against potential sanctions, trying to cushion themselves from harm if they do anything to draw the ire of the international community. In our world, we call that kind of behavior a clue
But it’s not just Russia that’s hurt by what’s happened to their economy today as a result of sanctions and disruptions. There were a lot of Western companies that had their fingers still in that door when it slammed shut.
Even a few weeks ago, a Yale study reported in the Wall Street Journal assessed that Western businesses had already lost $59 billion in Russia because of the conflict. The losses grow every day.
And if China does invade Taiwan, we could see the same thing again, at a much larger scale.
Just as in Russia, Western investments built over years could become hostages, capital stranded, supply chains and relationships disrupted. Companies are caught between sanctions and Chinese law forbidding compliance with them.
That’s not just geopolitics. It’s business forecasting
As I’ve heard one business leader put it recently, companies need to be wrestling with the strategic risks China poses to their growth in the long-term—and thinking about what actions they can and should be taking now, to prevent catastrophe later.
I know this all sounds alarming. But while the threat is immense, that doesn’t mean harm is inevitable.
Because while the private sector can’t stand alone against the danger—you’re not alone. The FBI and MI5 share a relentless focus on a common mission: protect our countries and keep our people safe.
I spend a lot of my time talking with other leaders focused on national security, both at home in the U.S. and abroad. I know Ken does too. And I’ll say the frequency with which this threat dominates the discussion is striking. Because our counterparts say they’re fighting to protect their students from intimidation, too. That Chinese officials are targeting their policies and candidates with malign influence, too.
That hackers in China are carrying their companies’ innovation off. That Chinese companies or proxies are using quasi-legal investments to undermine their economies, too.
But the lesson the Chinese government has been unable to learn is that by targeting countries around the world that value the rule of law, they band us even closer together.
Beijing may think our adherence to the rule of law is a weakness. But they’re wrong.
As rule-of-law agencies in rule-of-law nations with rule-of-law partners, we see how our democratic and legal processes arm us.
We’re confronting this threat and winning important battles, not just while adhering to our values—but by adhering to our values and by continuing to foster close partnerships with all of you.
In the process, we’re showing why the Chinese government needs to change course—for all our sakes.
All of us in America, in the U.K., and across the free world, are in this together—and together, we’re an awfully formidable team.