'Categorically untrue' that China hacked UK intelligence systems, say officials

The British government has refuted claims by a former senior adviser that China compromised “vast amounts” of sensitive information in 2020 from the U.K.’s most sensitive systems for transmitting classified material.

Dominic Cummings, the chief adviser to Prime Minister Boris Johnson between July 2019 and November 2020, told The Times newspaper that there had been a breach of highly classified material, “said to have been connected to a Chinese-owned company involved in Britain’s critical national infrastructure,” that was concealed by senior officials.

A spokesperson for the Cabinet Office said: “It is untrue to claim that the systems we use to transfer the most sensitive government information have been compromised.”

Ciaran Martin, the former chief executive of the National Cyber Security Centre (NCSC) who was in office at the time of the alleged breach, stated it was “categorically untrue that in 2020 briefings were given to the effect that the Chinese state had compromised the bespoke systems used for circulating Strap and other highly classified state secrets.”

Cummings — who left Downing Street amid a scandal about alleged breaching of COVID-19 lockdown rules for which he was called an “utter liar” by Johnson — told The Times: “What I’m saying is that some Strap stuff was compromised and vast amounts of data classified as extremely secret and extremely dangerous for any foreign entity to control was compromised.”

Strap is a British codename for the system of compartmentalizing the government’s most sensitive information. 

Cummings claimed: “The Strap system was compromised. All sorts of systems were compromised. Fundamental infrastructure for transferring the most sensitive data around the British state was compromised for a long time. For years.”

The former senior adviser’s account was supported by Tom Tugendhat, the former security minister, who told The Times that “the gist” of Cummings’ claims were “correct.”

However, another senior Whitehall source quoted by the newspaper ruled out that Strap material was compromised. They said some sensitive information had been transferred to China, and that although it was encrypted, “there were concerns that this could still have been accessed by the Chinese.”

Martin also disputed the claim that the most sensitive information was compromised, and stressed it would have been the NCSC’s responsibility to support the government in response to the kind of breach that Cummings described.

“There was no such NCSC operation in 2020 or the preceding years. Top secret networks are built, operated, secured, and monitored on an entirely different basis to the normal Internet based systems used by most of the rest of Government (and by the private sector and the rest of the economy).

“So it does not follow that evidence of harmful Chinese cyber operations against the UK, which is routinely briefed to Ministers, advisers and senior officials, extended to this entirely separate set of systems,” said Martin. “There is no basis for the claim that large volumes of British intelligence and other extremely sensitive information were compromised by the Chinese state in this period.”