Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings.
Various discussions around the future of security technology attracted some of the biggest names in the field to the stage at Birmingham's ICC - those focused on AI and post-quantum cryptography particularly caught the eye.
It was the future threat presented by, and potential future conflict with, China that prevailed as the event's true unspoken theme, seemingly seeping into nearly every discussion over the two-day all-things-cyber bash.
For the past two years the event has felt decidedly Russia-y, despite not explicitly being themed around it.
Russia was again a watchword last year but with more of a focus on the threat Putin's country, and those who support it, poses to allied critical national infrastructure.
GCHQ director Anne Keast-Butler's opening speech hinted at the types of curiosities UK intelligence has spotted in Putinland over the past 12 months, including closer ties to the criminal underworld.
This year's CYBERUK flock of delegates would have been pushed to attend more than a single session that didn't have a China flavor.
While Beijing's ambition for tech dominance is well-documented, the People's Republic of China is very clearly occupying the headspace of national security officials more than ever.
AKB went so far as to say more resources are being spent on tackling China than any other single mission at GCHQ, if you needed any more of a sense of just how seriously it's being taken.
In the UK, APT31 is probably the best-known group of troublemakers-in-chief, having recently been outed for two major attacks on democracy, including the theft of Electoral Register data.
Volt Typhoon will be the group more familiar to those in the US, especially after it was pinned to various attacks on CNI networks.
Xi's cyberspies ten years ago may have just been stealing intellectual property from universities, for example, but the attacks on CNI from multiple groups, not just Volt Typhoon, showed evidence of China trying to set themselves up for destructive attacks in the future.
Couple this with China's 2021 data security law that requires all security vulnerabilities to be handed to Beijing before being disclosed, if at all, and the Middle Kingdom's intentions become much clearer.
Russia is seen as the threat today China is the threat of tomorrow.
Consider again that 10-15-year timeframe AKB outlined regarding China's bid for tech dominance.
Industry calls for vendors to take greater responsibility for the security of their products were being made many years ago, but as NCSC CTO Ollie Whitehouse said, the tech market is broken and he doesn't see material change happening for at least ten years.
The industry also needs to work more collaboratively to out-innovate China, which has scores of intelligence workers dedicated to learning Western cyber tradecraft, and consuming every blog post, article, and speech that offers a glimpse at how we might be countering their work, purely to devise an effective block.
Whitehouse mentioned the need to incentivize boardrooms as well as vendors to assume liability for their security.
There's a limited window of opportunity to act to ensure the threat China presents doesn't escalate beyond control.
China doesn't just want to keep pace with the West, but achieve supremacy in cyberspace and out-innovate it to the extent Western nations can't defend against it.
This Cyber News was published on www.theregister.com. Publication date: Fri, 17 May 2024 00:44:05 +0000