Skip to main content

Cybersecurity and UK Democracy

Volume 837: debated on Tuesday 26 March 2024

Statement

The following Statement was made in the House of Commons on Monday 25 March.

“With permission, I will make a Statement about malicious cyber activity targeting the United Kingdom by actors that we assess are affiliated to the Chinese state. I want to update the House on our assessment of this activity and to reassure it on the steps that the Government have taken to shore up our resilience and hold those actors to account.

I know that right honourable and honourable Members on both sides of the Chamber will recognise the seriousness of this issue, particularly in a year when so many democratic elections will be taking place around the world. Members will want to be reassured that the Government are taking steps to address the associated threat.

I can confirm today that Chinese state-affiliated actors were responsible for two malicious cyber campaigns targeting both our democratic institutions and parliamentarians by, first, compromising the United Kingdom’s Electoral Commission between 2021 and 2022, as was announced last summer, and secondly, by attempting reconnaissance activity against UK parliamentary accounts in a separate campaign in 2021.

Later today, a number of our international partners, including the United States, will issue similar statements to expose this activity and to hold China to account for the ongoing patterns of hostile activity targeting our collective democracies. Mr Speaker, you and parliamentary security have already been briefed on this activity. We want now to be as open as possible with the House and with the British public, because part of our defence is in calling out this behaviour.

This is the latest in a clear pattern of hostile activity originating in China, including the targeting of democratic institutions and parliamentarians in the United Kingdom and beyond. We have seen this in China’s continued disregard for universal human rights and international commitments in Xinjiang, in China’s erasure of dissenting voices and stifling of the opposition under the new national security law in Hong Kong, and in the disturbing reports of Chinese intimidation and aggressive behaviour in the South China Sea. That is why this Government have investigated and called out so-called Chinese overseas police service stations and instructed the Chinese embassy to close them.

However, China’s cumulative attempts to interfere with the UK’s democracy have not succeeded. Last summer, the Electoral Commission stated that it had been a victim of a complex cyberattack between 2021 and 2022. That was the work of Chinese state-affiliated actors who gained access to the Electoral Commission’s email and file-sharing systems, which contain copies of the electoral register. As the Electoral Commission stated in 2023, when that attack was first made public, the compromise has ‘not affected’ the security of elections. It will not impact how people register, vote or otherwise participate in democratic processes. I want to reassure people that the compromise of that information, although obviously concerning, typically does not create a risk to those affected. I want to further reassure the House that the commission has worked with security specialists to investigate the incident and remove the threat from its systems, and has since taken further steps to increase the resilience of its systems.

In addition, the National Cyber Security Centre assesses that it is almost certain that the Chinese state-affiliated cyber actor known as APT31 attempted to conduct reconnaissance activity against UK parliamentary accounts during a separate campaign in 2021. Honourable Members may recall that APT31 was one of several cyber actors attributed to the Chinese Ministry of State Security by the UK and its allies in July 2021. That email campaign by APT31 was blocked by Parliament’s cybersecurity measures; in this case, it was entirely unsuccessful. However, any targeting of Members of this House by foreign state actors is completely unacceptable.

Taken together, the UK judges that those actions demonstrate a clear and persistent pattern of behaviour that signals hostile intent from China. That is why the UK has today sanctioned two individuals and one entity associated with the Chinese state-affiliated APT31 group for involvement in malicious cyber activity targeting officials, government entities and parliamentarians around the world. We are today acting to warn of the breadth of targeting emanating from Chinese state-affiliated actors such as APT31, to sanction those actors who attempt to threaten our democratic institutions, and to deter both China and all those who seek to do the same.

Last week, at the summit for democracy in Seoul, I said that we would call out malicious attempts to undermine our democracy wherever we find them. This is an important tool in our armoury and today we are doing just that. The UK does not accept that China’s relationship with the UK is set on a predetermined course, but that depends on the choices China makes. That is why the Foreign Office will be summoning the Chinese ambassador to account for China’s conduct in these incidents. The UK’s policy towards China is anchored in our core national interests. We will engage with the Chinese Government where it is consistent with those interests, but we will not hesitate to take swift and robust actions wherever the Chinese Government threaten the UK’s interests—we have done so today and previously. This Government will continue to hold China and other state actors accountable for their actions.

We will also take serious action to prevent this behaviour from affecting our security. The steps we have taken in recent years have made the UK a harder operating environment for foreign state actors seeking to target our values and our institutions. Through the National Security Act 2023, we now have, for the first time, a specific offence of foreign interference. That new offence will allow law enforcement to disrupt state-linked efforts to undermine our institutions, rights or political system.

Our National Security and Investment Act 2021 has overhauled our scrutiny of investment into the United Kingdom by giving the Government powers to block, unwind or put conditions on investments that could create national security risks. We have significantly reduced China’s involvement in the UK’s civil nuclear sector, taking ownership of the CGN stake in the Sizewell C nuclear power project and ensuring that Chinese state-owned nuclear energy corporations will have no further role in the project.

We have put in place measures to prevent hostile infiltration of our universities, including protecting campuses from interference through the Higher Education (Freedom of Speech) Act 2023. The Procurement Act 2023 includes national security devolvement provisions that allow us to act where we see malicious influence in our public procurement. I have taken steps to reduce the Government’s exposure to Chinese operators, banning Hikvision and TikTok from government buildings and devices. Through the national cybersecurity strategy, we are investing £2.6 billion to increase the cyber resilience of our critical national infrastructure by 2025, making the most important parts of our digital environment a harder target for state and non-state actors.

The Government are continuing to build the tools, expertise and knowledge to respond to the systemic challenge that China poses to the United Kingdom’s security and its values. The integrated review refresh in 2023 took steps toward this, doubling funding for a government-wide programme, including investment in Mandarin language training and deepening diplomatic expertise.

We must be clear that this is not a problem for the Government to solve alone. That is why we created the National Protective Security Authority within MI5 to help businesses and institutions play their part in protecting our security and prosperity. The NPSA will help organisations in the UK’s most sensitive fields, including critical national infrastructure operators and world-leading science and tech sectors, to protect themselves against state threats. I set up the economic security public-private forum to ensure that businesses and business leaders in crucial sectors understand the threat to the UK and what they can do to defeat it.

In Parliament, the National Cyber Security Centre has launched an opt-in service for Members of both Houses. This allows the NCSC to alert high-risk individuals if they identify evidence of malicious activity on their personal devices or account, and swiftly advise them on steps to take to protect their information. Today, the NCSC has published new guidance for political organisations, including political parties and think-tanks, which will help these organisations take effective action to protect their systems and their data. The NCSC is also working with all political parties to increase the uptake of their active cyber defence services in the lead-up to a general election. A key component of increasing our resilience is supporting the NCSC and parliamentary authorities by taking up that cyber- security offer. I urge all Members of this House to do so. I will be writing to colleagues later today, setting out again the steps that they can take.

At the Summit for Democracy, I was struck by the powerful strength of our collective voices when we work together to defend our democratic freedoms. The summit provided the United Kingdom Government with a platform to build international agreements on a new global government compact on countering deceptive use of AI by foreign states in elections. It is important and welcome that our partners across the Five Eyes, as well as those in Europe and the Indo-Pacific, are standing in solidarity with our efforts to call out malicious cyber activity. I pay tribute to the dedicated public servants whose painstaking work has continued to expose the reality of the threat we face.

Our political processes and institutions have not been harmed by these attacks. The Government will continue to call out and condemn this kind of activity in the strongest terms. We will continue to work with our allies to ensure that Chinese state-affiliated actors suffer the consequences of their behaviour. We will take preventive action to ensure that these attempts do not succeed. The cyber threat posed by China-affiliated actors is real and serious, but it is more than equalled by our determination and resolve to resist it. That is how we defend ourselves and our precious democracy, and I commend this Statement to the House”.

My Lords, I begin by making clear, as my right honourable friend Pat McFadden did in the other place, that we on these Benches support the Government in their efforts to counter attempts by China or any other state to interfere with our democratic processes in any way. This includes attempts to prevent elected representatives from going about their business, voicing their opinions or casting their votes.

We pay tribute to the work of the intelligence and security services in protecting our democracy and the public more widely. However, we need to question the coherence of the Government’s approach to this issue so far. Surely it is necessary for the Government to have a consistent approach across government, as the cyber threat is not restricted to democratic processes. It extends to universities, electric vehicles, energy, aviation, the safety of Hong Kong nationals, and intellectual property. How confident is the Minister that the vigilance recommended today in relation to democracy, which many would say comes slowly rather than swiftly, is equally applied to other areas of activity? Does the Minister honestly think that the limited action outlined in the Statement is sufficient to deter China? Given what we now know, what further steps are the Government going to take, since the hacking and impersonation of parliamentarians is not the full extent of this and not at all the action of a friendly state?

The calculation of any state which wishes us harm or considers that it may be necessary to do us harm in the future has changed markedly in the last decade. That which previously would need to be achieved through violent means can now be done through cyberattack. The defeat mechanism now is different. Our energy supplies, communications, water, transportation and finances are all targets in a completely new way. Undermining our democracy is just another form of attack. Does the Minister accept that we currently lack a consistent approach across government? I ask this as noble Lords will no doubt be aware that the Foreign Secretary has been the subject of unhelpful speculation regarding his interests in China. It seems peculiar that information about this has been less than forthcoming.

The Intelligence and Security Committee issued a report on China last year. Paragraph 98 of that report said:

“Targets are not necessarily limited to serving politicians either. They can include former political figures, if they are sufficiently high profile. For example, it is possible that David Cameron’s role as Vice President of a £1bn China-UK investment fund”

was

“in some part engineered by the Chinese state to lend credibility to Chinese investment”.

As I understand it, in January 2023, prior to his appointment as Foreign Secretary, the noble Lord, Lord Cameron, went to Sri Lanka to drum up investment for Port City Colombo, which is a belt and road project launched by President Xi that many believe will become a military base for the Chinese navy. It would help to protect the reputations of the noble Lord and the UK Government if there could be some clarity on whom he met and what sort of conversations took place. Can the Minister assist in providing the necessary transparency and reassurance so that this matter can be put to bed? Can she tell us whether these matters have been investigated?

We have heard assurances from Ministers that the closed electoral register has not been hacked, but anyone taking broader interest in this issue will be aware that the danger is not just about a single cyberattack event, but rather that data is gathered in large quantities over time and can be used to train AI or be interrogated by AI with impacts that we do not yet understand. What are the Government going to do, across all departments and institutions, to protect against this threat? The threat is evolving, from spying and influencing to the disruption of elections and critical infrastructure. As the threat has changed, surely our response needs to change in turn.

We welcome this Statement, which we hope is a significant step towards a more strategic, cross-party approach to this issue. I take the opportunity to acknowledge our friend the noble Lord, Lord Alton, who has earned the opprobrium of the Chinese Communist Party thanks to his tireless campaigning. He should accept this as a badge of honour, albeit one that comes with ominous concerns. Over the last 24 hours, the Foreign Secretary issued a statement and called Beijing’s actions “completely unacceptable”. He added that:

“Such action from China will not be tolerated”.

Given that this is what the Government believe, the response to date seems feeble. This feebleness was highlighted by many of the Minister’s colleagues in the Commons, and not just Sir Iain Duncan Smith. But perhaps the reason for this caution was voiced by an unnamed Cabinet Minister quoted in the press as saying that the Government do not want to start a trade war. However, in response, China has said that it “strongly condemns” the UK’s “egregious” move to sanction Chinese hackers, adding that it would

“take the necessary reaction, as a matter of course, to the U.K.’s moves”.

What is the Cabinet Office assessment of the risk to the UK economy? How are the UK Government preparing to resist any retaliation?

During yesterday’s Statement, Deputy Prime Minister Oliver Dowden noted that it is no surprise that China

“should seek to interfere in electoral processes”

in successful democratic countries. The Deputy Prime Minister may not have been surprised, but the integrated review—even its refresh—does not anticipate this level of attack. What we have today is inadequate, so I suggest that the Government use this to instigate a process of significant and proactive cross-party consensus that we can take forward and have a cross-sectoral plan for our relationship with China.

The hack of the Electoral Commission is very worrying; can the Minister explain why it took so long for it to be disclosed? According to the NCSC, this data is highly likely to be used by Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK. How will the UK Government protect those here in the UK-Chinese community who may be subject to long-distance repression?

Yesterday the Opposition’s spokesperson, and their spokesperson here today, rightly highlighted China’s voracious appetite for data and its potential uses as computing power improves. Even if data cannot usefully be manipulated and weaponised, it is used as a very useful training tool for artificial intelligence models, as we just heard. I echo the question asked yesterday: what are the Government doing to protect complex and valuable public datasets from being stolen in this way? Two, for example, are health data and criminal records, but is not just our existing datasets we should worry about; the Chinese have the capability to build their own. For example, years after the decision to remove it, Huawei remains integral in our telecoms infrastructure. The Hikvision ban extends only to so-called sensitive sites, despite the fact that we have pushed hard to ensure that it extends to all public buildings.

This is just the tip of the data-gathering iceberg that exists already in this country. For example, last week, the Council on Geostrategy published a new policy paper highlighting the risks from Chinese cellular modules—so-called IoT modules. This raises an issue around the role of devices that sit inside almost every internet-enabled device, creating another whole cyber danger area. Then there are electric cars, which are little more than data hoovers, sending information back to China.

China has data and technology strategies that directly link to its strategic and security aims. They are decades ahead of our defences. We have to work together, and quickly, to develop the necessary responses. Despite the very good work that has been done by our own agencies to protect us, so much more is needed.

My Lords, I thank the noble Baroness, Lady Chapman, and the noble Lord, Lord Fox, for their comments. I also thank the noble Baroness for her support for the important work across the piece, including by the intelligence services, in the more serious situation that we now find ourselves in.

I should start by explaining that we are vigilant and we do try to take a consistent approach, across government. We have made a lot of changes in the cyber area in the last two or three years. As for the activity announced yesterday by the Deputy Prime Minister and the question of delay, raised by the noble Lord, Lord Fox, this was a complex operation. It required painstaking work from the intelligence community to enable UK Ministers to confidently attribute the hostile cyber activity to Chinese state-affiliated actors. I hope noble Lords will be reassured to know that we have been working hand in glove with our international partners to collectively identify those responsible and to hold them to account. A number of partners have made follow-up statements within the last 24 hours.

The activity we announced builds on the broader work that the Government have led to expose hostile cyber activities conducted by states targeting UK interests and the democratic systems that we all value, including our democratic processes, which were affected by Russian intelligence services in December.

This is part of a wider, proactive approach. The National Cyber Security Centre has made a lot of difference right across the board, both for government and business. We passed the National Security and Investment Act 2021, the Higher Education (Freedom of Speech) Act 2023 and the National Security Act 2023 —which updated the Official Secrets Act and made espionage offences more 20th-century by introducing a harder operating environment. These are all extremely important.

We continue with our resilience work, across the piece, to strengthen cyber skills. The noble Baroness, Lady Chapman, is right that we need to look at critical national infrastructure and other issues.

The noble Baroness mentioned that my noble friend the Foreign Secretary was criticised by the Intelligence and Security Committee. I think she was referring to the committee saying that his role as vice-president of a China-UK investment fund was in some part engineered by the Chinese state to lend credibility to its investment. I do not think China can have been that influential, because the fund did not go ahead.

The noble Baroness also mentioned Port City in Sri Lanka. Obviously, the Foreign Secretary was a private individual at that time, but I understand he spoke at two events in the UAE. They were organised by an international speakers’ bureau, which supported this major infrastructure project. The noble Lord, Lord Cameron, was not engaged in any way with China or any Chinese companies about these speaking events. His engagement followed a meeting held with Sri Lanka’s president earlier in the year. The Port City project is, of course, supported by the Sri Lankan Government.

As has already been mentioned, the Foreign Secretary has been very clear that the targeting of UK democratic institutions and political processes is completely unacceptable. He made another statement about this yesterday. He raised it personally with the Chinese Foreign Minister, Wang Yi, making it clear that malicious cyber activity by Chinese-affiliated actors is unacceptable. That is the position today. The appointment of the noble Lord as Foreign Secretary followed an established process both in relation to peerages and to ministerial appointments. I hope I have helped clear this up.

The noble Baroness was interested in the impact of the incidents that were discussed yesterday which led to the sanctioning of two individuals and an entity associated with APT31. What happened was that actors were able to access copies of the electoral register in the Electoral Commission’s file-sharing system. The electoral registration officers for each local authority hold the live versions of the electoral registers—I think we have discussed this before—and they were unaffected. The electoral register does not contain things such as national insurance numbers or nationality data, nor does it give the age of individuals except in limited circumstances.

No parliamentary accounts were successfully compromised. The Parliamentary Security Department, which led on follow-up, assessed that this was reconnaissance activity and that parliamentary networks and accounts were not compromised. Clearly, we need to be vigilant, and that is the message that I am getting across the House this evening. It was not that serious, but we do not want other Governments of any kind to interfere with the democratic process, because it is so important.

On broader work, the National Cyber Strategy 2022 was supported by more than £2.6 billion of investment over three years. It is focused on delivering a step change in the UK’s cyber resilience, and that extends far and wide. I am involved in what is now called the Integrated Security Fund and used to be the CSSF. We have been putting more investment into cyber, because cyber knows no borders, so it is important to work with other countries on exactly these issues.

We banned Huawei from our 5G network, as we heard, and—I see that the noble Lord, Lord Alton, is in his seat—we took steps on Chinese security cameras, thanks to his help. We made a lot of changes in the Procurement Act, again thanks to detailed work done in this House. All these changes are important.

The noble Lord, Lord Fox, talked about the need for collaboration, and we have made it clear that we are happy for more conversations on these points. I commend the work done by the Parliamentary Security Department. Alison Giles now sits on the Defending Democracy Taskforce, which I sit on and Tom Tugendhat leads, and a lot of changes have been made. Only today, a letter went round encouraging all MPs and noble Lords to do more—the top 10 tips for mobiles, personal cyber, how to get more support and account registration so that your emails and phones can be monitored by the NCSC.

I thank noble Lords for their pressure, because this is an important area. We need to take proportionate measures and stay vigilant.

My Lords, I declare non-financial interests as a patron of Hong Kong Watch and vice-chair of the All-Party Parliamentary Group on Uyghurs. As my noble friend Lord Fox referred to the sanctions imposed on seven parliamentarians, three years ago yesterday, I should declare that I am one of them. He also said that this should be regarded as a badge of honour; indeed, because my family were sanctioned with me, my feisty daughter set up a WhatsApp group entitled “badge of honour”.

The noble Baroness, Lady Chapman, raised the belt and road initiative and the role of the Foreign Secretary. I have one point to make about that. Developing countries, mainly in the global South, now have debts to the belt and road initiative totalling $1 trillion. This has made them extraordinarily subservient and often into vassal states that do the bidding of the Chinese Communist Party, particularly in the United Nations. I think the noble Baroness was right to raise the issue of Sri Lanka particularly; it requires greater scrutiny.

The biggest issue that the Intelligence and Security Committee pointed to in its much-delayed report, when it was finally published, was the potential for gullibility on the part of the present Foreign Secretary, but the rest of us too. I put it to the Minister that with a multi-billion-pound trade deficit with China, we are insufficiently resilient and have become far too dependent. This is extraordinarily complacent in the circumstances. Is she surprised that her right honourable friend Sir Iain Duncan Smith said yesterday that the right honourable Oliver Dowden’s Statement was

“an elephant giving birth to a mouse”?—[Official Report, Commons, 25/3/24; col 1266.]

The Deputy Prime Minister said it had been “swift and robust”, yet it is three years since these cyberattacks took place. That hardly makes it swift. As for robust, while parliamentarians have been sanctioned, frankly I regard that as a very minor issue in comparison with what has happened in Xinjiang, where there are 1 million Uighurs incarcerated in camps; with the destruction of democracy in Hong Kong, where there are 1,700 people incarcerated, some of them, such as Jimmy Lai, on trial even as we meet; and with the untold brutality we have seen in Tibet and the daily intimidation of Taiwan. In those circumstances, there are no grounds for being complacent.

In being robust, why is it that no public official in Hong Kong has yet been sanctioned, yet our ally the United States has sanctioned 47? What co-operation do we have with our key allies, including examining the extent of the APT31 attacks, which have been estimated in the United States as being far more significant in their magnitude than they have been here? Will the Minister re-examine the 2023 report of the Intelligence and Security Committee on the dangers posed to the United Kingdom by the CCP regime? Will she re-examine the strategic failure to declare China a threat, which was, after all, one of the recommendations of your Lordships’ International Relations and Defence Committee, on which I served, which examined the question of China trade and security? Will we place China in the enhanced tier of the foreign registration scheme?

The Minister has mentioned Hikvision, and I pay tribute to her for the way in which she interacted when that issue was before the House as we considered the Procurement Bill; she was helpful throughout. What progress has been made in removing Hikvision surveillance cameras, of which there are about 1 million in this country, from sensitive sites? The Deputy Prime Minister said yesterday that he was open to the removal of Hikvision cameras from other sites too; what progress is being made in that regard?

The noble Lord, Lord Fox, mentioned electric cars. There was a very disturbing article in the Telegraph a few days ago about how these cars could be used for surveillance purposes. Will we allow slave labour to again be used in Xinjiang to manufacture parts and cars that can be sold cheaply into our markets while we do not give British workers the chance to manufacture such things here? Will we have to act retrospectively—as we did with Hikvision and Huawei, and now in the future will probably have to do with electric cars? Is this not just another case of closing the gate after the horse has bolted?

I thank the noble Lord for all he does in relation to educating us on China. I cannot agree with everything he says, but I agree with the points he made about debts building up on the belt and road, and the importance of his committee’s report, which I think I will take away with me. I am going to America; I might take it away with me to read and have a fuller look at over Easter.

We have seen China’s continued disregard for universal human rights—in Xinjiang, as well as what the noble Lord mentioned about the stifling of opposition in Hong Kong and, of course, the aggressive behaviour in the South China Sea. He is right to call these points out.

I think that the noble Lord was asking about the foreign influence registration scheme’s enhanced tier, and it is important to remember that all foreign powers, including China, will be subject to the requirements under the political influence tier of FIRS. No country is there yet but the Government are currently considering which foreign powers and entities should be added to the enhanced tier, which requires collective agreement. As you would expect, these considerations will take into account what is necessary to protect the safety and interests of the UK.

The noble Lord was keen to mention the importance of working with allies. I could not agree with him more on that, and it has been pleasing that, in parallel to the UK this week, the United States has made designations. The targeting of parliamentary entities in New Zealand has also been called out, and statements of support have been issued by the European Union, by some individual member states, and by Japan and the Republic of Korea. The Deputy Prime Minister was in Japan and Korea last week trying to do exactly the sort of international co-ordination that is so important, given the borderless nature of many of these threats that we are now facing.

Regarding Hikvision, we are due to produce a report fairly soon, thanks to the noble Lord, and I cannot anticipate that, but I am very aware that when I make promises to him in this House, I take great pleasure in delivering them whenever I can. So that is certainly on the agenda, as is the work we are doing under the Procurement Act to make sure that we make use of the new provisions on security in due course. There has, I think, been some briefings for Lords and MPs from Minister Burghart on that, as he is taking that forward.

Regarding electric cars, obviously we are determined to make sure that the UK remains one of the best locations in the world for auto manufacturing—we have such a long tradition—and that includes the transition to electric vehicles. But, as is standard practice, we must ensure that any investment in UK manufacturing facilities, for any purpose, poses no threat to our national security. We are determined to do just that.

My Lords, clearly, these events are deplorable, unacceptable and have been widely condemned. I admire all the steps the Government have taken to improve cybersecurity and much else besides, but I also ask for a sense of proportion. China is our fourth largest trading nation. Like the noble Viscount, Lord Waverley, I have been very involved with the International Chamber of Commerce, and we believe that through trade comes more civilised relationships and wealth creation. We know that in China—for all the evil in China—a vast number of people have been lifted out of poverty.

Is there anything we can learn from America, which talks a big talk but carries on trading? My concern is that the pendulum will swing again. The Deputy Prime Minister said yesterday in another place:

“The UK’s policy towards China is anchored in our core national interests”.—[Official Report, Commons, 25/3/24; col. 1262.]

Our national interests are to protect democracy, but also to ensure that trade continues to flourish. Like many people who have been a spending Minister, I know how much we want to spend on hospitals, schools and prisons, and I do not want this debate to result in a detriment to the British economy. But I do deplore the behaviour in which China has been involved.

I am glad that my noble friend deplores this behaviour, because I think that that is agreed across the House this evening. Of course our approach must be rooted in our national interest and we need to be co-ordinated with likeminded partners, and we are all working to have an open and stable international order in difficult circumstances. But China represents a systematic challenge to the world order, remains a long-term state threat to the UK’s economic security, and its behaviour is concerning. It has a choice—we have called in the Chinese ambassador today and we are making that clear. We must hope that China will move in the right direction, but we have to take on the challenge and take proportionate action to hold state actors to account for hostile cyber activity, and to protect UK interests.

My Lords, the Minister might wish to give some insight into how the meeting with the Chinese ambassador went this morning so that we get the fullest idea about all the sides that are party to this deplorable situation.

As is customary in your Lordships’ House, I should declare being the custodian of the totally unused domain name beltroadhub.com. I registered it 15 years ago with no particular practical reasons as to what I was going to do with it, and there it still lies. I inform the House accordingly.

Noted. I must re-emphasise that it is an unused domain.

I am at one with the thrust behind the Statement. The Government and agencies are right to adopt a firm approach. However, although repercussions should be expected for rule of law, human rights and interference abuses, conversely, do the Government believe that constant prodding of the dragon can have consequences that go counter to many British interests and on occasions might be self-defeating? Exploring and not thwarting areas of mutual co-operation, building on respect of strength through dialogue and engagement, should not be lost sight of, including on those areas of concern illustrated in the Statement.

To answer the noble Viscount’s question, my understanding is that the Chinese ambassador condemned the “groundless accusations”, accused the UK of smearing China and stated that China was a victim of cyberattacks, including from the UK. He warned that China would adopt firm countermeasures in response but gave no further detail. This matches historical responses when we have called people out for hostile cyber activity, but they have not done anything further. I should correct myself; I understand that the meeting was with the chargé d’affaires.

I do not have a lot more to say on our attitude to China. I said that our approach needs to be rooted in our national interest. China is a permanent member of the UN Security Council. It is the second-largest economy in the world and has impacts on global issues of importance, such as climate change. Proportionate action is necessary but I feel that it is right that we have taken the action that we have. We must protect our democracy and our Members of Parliaments—that is, Members in the other place and here. That is an issue that has to be properly tackled, and the Government are determined to do just that.

My Lords, given that there is time, the Minister mentioned the National Security and Investment Act. We are in a happy situation because when that then Bill was being discussed, she was a lowly Back-Bencher making a lot of very constructive suggestions to the then Minister, the noble Lord, Lord Callanan, who was running it through. The Act is now under the supervision of the Cabinet Office, so we are in a position where the poacher is now the gamekeeper.

The Minister will remember that one of her points at the time was about infrastructure and whether, and by how much, it was included in that Act, so it would be useful to get an update now that she is in a position to influence this. She will also remember that there was quite a lot of discussion, and indeed some amendments, around the potential role for the Intelligence and Security Committee in connection with that Act. Would she now acknowledge that, given the nature of the problems we face, it makes even more sense than it did then for the ISC to be directly linked into the Act’s implementation?

I note what the noble Lord says about the committee. It does a very important job and we do listen to it. I look forward to giving it evidence soon on the integrated security fund. The noble Lord probably has a better memory than me of the detail of the points I made when I was on the Back Benches, before I became the gamekeeper. What I would say about the National Security and Investment Act is that it has allowed us to take a broader approach than many other countries, and in 2022-23 we received 866 notifications and issued 15 final orders blocking, unwinding or attaching conditions to deals, of which eight had an acquirer link to China. I think it shows that some of the legislation that we put through this House and work on together in detail can be very valuable.

My Lords, will the noble Baroness say something more about the hacking of the database of 40 million British people in a year when there will be a general election? Although the Government seem to be confident that it will not compromise the electoral process, does the noble Baroness think that this could be used to spread disinformation and propaganda? Has she not seen the kind of mischief-making done at a very minimal level, almost on a daily basis—often by social media but sometimes in a systematic way—to try to determine the outcome? It has only to happen in a few marginal seats to have a very significant effect in a general election. What estimate has been made of that and what more can we do about it?

We now have a senior FCDO civil servant as CEO of the Electoral Commission. Indeed, he has joined the Defending Democracy Taskforce which I very much value, being security vetted and so on. The noble Lord is right that some of these behaviours seem to be part of a larger-scale espionage campaign and it is disturbing that China is targeting bulk data. It seems to be part of the strategic objectives. We have been clear that it is unacceptable. I do not know exactly what conclusion to draw from that at this time, but we are obviously keeping these matters under review.

My Lords, I rather suspect we might be walking into tricky ground in all this. I remember, for instance, Cambridge Analytics and all those sorts of issues, and many other circumstances around data mining. This was all out there before and is really of concern to everyone. I only put that out there because, from what I can understand, beyond the deplorable approach on officials and all the rest, this could be a lot to do with data mining.