A stark warning on China
It started with a tip from a guy I know who works on harbour boats in the Port of Gibraltar. It ended with a text from an intelligence analyst who saw my name on a classified US report and messaged me gleefully: “Congratulations! You’ve been tapped by the Chinese.”
It was over a decade ago but I remembered the episode recently while reading the transcript of an unprecedented joint conference by the heads of MI5 and the FBI on the threat of Chinese espionage. The stark warning from the security chiefs was drowned out by the noise of Boris Johnson’s resignation, but it’s a message that anyone in government or business should take careful note of, including here in Gibraltar.
Gibraltar does limited trade with China, but that may change in a post-Brexit world where this community is seeking opportunities beyond our European backyard.
The Gibraltar Government, for example, is working with the UK-based subsidiary of a Chinese construction company that has pioneered modular building techniques. The University of Gibraltar has partnered with a Chinese university to collaborate on blockchain research and educational initiatives. Some Gibraltar-based firms have made early tentative forays in search of Chinese business.
And why not? A small slice of Asian trade, a few crumbs even, would go a long way here.
Two years ago, Zak Dychtwald, the founder of the Young China Group, a thinktank focused on understanding trends among the country’s youth, said Gibraltar could position itself to help Chinese companies seeking opportunities in the western world, especially in areas such as financial services and the DLT sector.
“I think of Gibraltar as sort of a bridge between different parts of the world, different cultures, different products, different services, different sensibilities,” he told me during a visit to the Rock, where he addressed a dinner hosted by billionaire businesswoman Ruth Parasol.
“And what China needs now more than ever are bridges, because so much of the world is turning off to China. So much of the world isn't willing to be a bridge or doesn't have experience with meeting a different culture halfway. Gibraltar has that.”
The warning from MI5 and the FBI earlier this month doesn’t mean not doing business with China. But it does mean being aware of the threat posed by the Chinese Communist Party’s [CCP] covert activities around the globe.
The advice was “not to cut off from China”, said Ken McCallum, the Director General of MI5.
“We want a UK which is both connected and resilient.”
Rather, the security chiefs were highlighting the activities of certain parts of the Chinese state and “not the Chinese people” who they “wholeheartedly welcome”, Mr McCallum said.
“If my remarks today elicit accusations of Sinophobia from an authoritarian CCP, I trust you’ll see the irony.”
But the UK – and by extension, Gibraltar - needs to become a “harder target” by becoming more aware of the risks, even while seeking opportunities with Chinese partners.
Part of the challenge is that threats of this nature always come cloaked in smoke and mirrors and often sound remote, sometimes even fanciful.
Which takes me back to my anecdote.
The seed was one of those casual five-minute conversations on Main Street. “Every time a warship docks in the south mole, a Chinese ship turns up for bunkers in the anchorage just opposite,” my port friend told me. It sounded like a conspiracy theory but I filed it at the back of my mind for a quiet day and eventually found time to cross-reference commercial and military shipping lists. He was right. I found multiple examples stretching back many months. And it was always the same two or three Chinese ships operated by the same state-owned companies.
My interest piqued, I chatted about this with a British military source who smiled knowingly and gave me a wink and a nudge alongside a bland on-the-record answer. ‘We monitor all shipping around Gibraltar’, that sort of thing. Discretely though, he pointed me to the Americans.
The following day upstairs in Sacarello’s, I had a chat with a US Navy guy I knew who dealt routinely with Gibraltar. He was nonchalant but said he’d mention it to his people. I strolled back to the newsroom and 20 minutes later the phone rang. It was a chap who said he worked for a branch of US Navy intelligence in Rota: “Brian, I’m coming to see you.”
The next morning in a Casemates café, we spoke for the best part of two hours. He quizzed me on what I knew, which admittedly wasn’t much. We spoke about Chinese ships in the bay. We also spoke about Taiwan and Chinese foreign policy. We discussed too the US Aegis missile technology which Taiwan was eyeing at the time. We spoke about signals intelligence. There was nothing discussed that you couldn’t find already published online. But in effect, he was confirming, without doing so explicitly, that I might be onto something. He pointed me to some declassified US senate reports that filled in some gaps. They contained details of the same companies that operated the Chinese ships that seemed to trail warships calling in Gibraltar port, describing them as the merchant arm of the Chinese navy and claiming they were involved in intelligence gathering around the globe. Claims China denied, obviously.
So there I was with what seemed like a great tale, except no one would go on the record with a subject like this. It was all whispers and nudges and carefully-crafted replies that could be interpreted multiple ways. There was nothing solid and very little to peg a story on other than the presence of these ships in the bay. We’d trawled through months of data and found numerous examples. We even had photos to prove it. But it could all be coincidence.
And then, as often happens, serendipity stepped in. In rare public comments, senior MI5 officials warned publicly that China, even back then, posed “one of the most significant espionage threats” to Britain. We had the hook we were after and ran the story.
A week later, I received a strange email from someone in China who claimed to work for a defence magazine and wanted to know if I’d be a contributor and send them information from Gibraltar. The email had a rather ominous-looking link in the text. Resisting the temptation to click it, I phoned my new acquaintance in Rota, sent him the email and deleted it. He said it was wise to be cautious and left it at that. But a couple of weeks later, my analyst friend contacted me to say he’d seen my name on a US report about possible approaches by Chinese intelligence. Congratulations indeed.
Was that email really from a Chinese spook? Was the link a dodgy attempt to hack my account? Were the Chinese ships involved in anything nefarious, or were they just buying fuel? The simple answer is I don’t know and never will. It was all quite exciting and slightly worrying at the time, even if it also felt somewhat implausible when one paused for breath. Now, years later, it sounds ridiculous as I write these words, akin to the reds-under-bed paranoia of the Cold War era before the Berlin Wall came down.
Except this stuff happens. Consider what the heads of MI5 and the FBI told us just a few days ago.
Addressing an audience of business leaders and academics in London, MI5’s Mr McCallum said the agency would double its investigations into Chinese espionage in the face of the “game-changing” threat posed by the ruling Communist Party.
MI5 is running seven times as many probes into Chinese activity as it was four years ago, he said, and plans to “grow as much again” to tackle the widespread activity which pervades “so many aspects of our national life”.
Standing alongside the director of the FBI, Christopher Wray, at MI5’s Thames House headquarters, the two men also warned that if China invaded Taiwan as feared, this could “represent one of the most horrific business disruptions the world has ever seen”.
They were speaking for the first time in public together to “send the clearest signal we can on a massive, shared challenge: China”, Mr McCallum said.
“The most game-changing challenge we face comes from the Chinese Communist Party. It’s covertly applying pressure across the globe … We need to talk about it. We need to act.”
Describing the CCP’s use of clandestine, coercive or corrupt methods to launch “deceptive” plots to buy and exert influence as well as the use of “sophisticated interference efforts”, Mr McCallum said the threat was a “co-ordinated campaign on a grand scale”. Mr Wray described it as “breath-taking”.
Describing the threat as a “complex, enduring and pervasive danger” to “innovative businesses” which was “getting worse” and was “even more serious” than many realise, Mr McCallum said: “We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by ‘our’ I mean both our nations, along with our allies in Europe and elsewhere.”
Mr Wray told the audience Beijing’s administration is “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.
Over the last year the UK has shared intelligence about Chinese cyber threats with 37 countries and in May disrupted a “sophisticated threat” against aerospace companies, Mr McCallum said.
“China has for far too long counted on being everybody’s second-highest priority,” Mr Wray said, adding: “They are not flying under the radar anymore.”
The UK, through bodies such as the Centre for the Protection of National Infrastructure and the National Cyber Security Centre, works with businesses to identify risks and mitigate them. But it’s not easy.
“No set of guidance can cater with precision for each and every situation: I’m afraid I can’t make this simple for you,” Mr McCallum said. “The answers have to lie in combining our unique knowledge of the threats, with your unique knowledge of your business.”
He urged companies to assess whether they had a strategic approach to these risks, “or is it the subject you never quite get to?”
“Do you have a thoughtful security culture at all levels in your organisation? Or does everyone leave it to a Security Department that’s off to one side, only to be contacted in an emergency?”
“Does your organisation know what its crown jewels are, which if stolen would compromise your future?”
“Have you put in place the right controls to assess the risks attached to your funding sources and partnerships, and to protect your supply chain?”
Implausible as it might sound that one might get caught up in something like this, the warning offers food for thought, and for action.