Newsletters
Chinese intelligence has returned to the headlines in recent months not only for cyber activity but also for espionage cases across NATO countries, spanning human recruitment and covert monitoring.
Greece has reported the arrest of an Air Force officer on suspicion of spying for China, and Czech authorities have detained a suspect in a China-linked case. France, meanwhile, has pursued an investigation involving Chinese nationals accused of covert monitoring, and Türkiye last year detained suspects accused of spying on Uyghurs for China’s intelligence service.
Beyond human intelligence (HUMINT) cases, one of the most strategic capabilities at scale is signals intelligence (SIGINT).
In the U.K., that reality has sharpened two debates in recent weeks: the proposed Chinese mega-embassy in London, now framed as a counter-intelligence issue, and reports of alleged Chinese cyber intrusions into senior government communications, reviving questions about exposure even in protected systems.
SIGINT has become a source of tension over the past decade, used aggressively by adversaries and sometimes even between allies.
Over the past decade, public disclosures have shown how far such collection can reach, from revelations about U.S. surveillance activity linked to diplomatic facilities in Berlin and reports that EU institutions in Brussels were among the targets, to allegations that Russian embassies across Europe have functioned as SIGINT platforms, flagged by widely reported clusters of rooftop antennas and satellite dishes.
As a core member of the Five Eyes and one of the world’s most capable SIGINT powers, the U.K. sits at the centre of these debates. I spoke with Sir David Omand, former director of GCHQ and the U.K.’s first Security and Intelligence Coordinator (SIC), to get his perspective on the proposed Chinese mega-embassy and the recent cyber intrusion allegations. Since leaving office, he has remained a prominent voice in the U.K. intelligence community.
As the row over the proposed Chinese mega-embassy continues, I asked Omand whether it is an intelligence risk in its own right or a political dispute magnified by suspicion.
“All foreign embassies are potentially usable for the purposes of facilitating espionage,” he says. In the case of China, he adds, “this requires careful attention by the Security Service.”
In Omand’s view, the government’s decision reflects that attention rather than its absence.
“The U.K. government’s announcement showed that they had taken note of the careful security analysis by the U.K. intelligence and security community,” he says, adding that ministers “approved plans to mitigate the risks.”
A key argument from critics is that the sheer scale of the proposed embassy would expand China’s intelligence footprint. Omand pushes back by pointing to China’s existing presence across London.
“China currently has some seven diplomatic premises across London and has agreed to concentrate these in their new embassy,” he notes, adding that “if anything, the surveillance task is made easier.”
China’s record in cyber operations often sharpens those concerns. Omand does not deny that record, but he stresses where the capability is actually exercised.
“The recognized successes of Chinese cyber espionage in penetrating U.S. telecommunications networks,” including activity “by the so-called Salt Typhoon gang,” and the “level of past intellectual property theft from both U.S. and U.K. defense and other advanced technology industries,” he says, show “what they have been able to do remotely, not from embassy properties.”
“I doubt the new Chinese embassy will add much to their capability,” he adds, “which is already significant.”
Omand argues that the primary responsibility for countering those threats lies with national cyber defences.
“Responsibility rests on the authorities and individual organizations,” he says, “principally through the National Cyber Security Centre, an important part of GCHQ, to ensure that the nation is properly defended from cyber attacks.”
On the cable-proximity question, Omand urges caution.
“Whilst not privy to the details of the measures that will be taken,” he says, “I think we can assume that by the time, some years ahead, when the embassy has been constructed, the relevant cable traffic will not be passing so close to the embassy.”
“The risks of hostile intelligence operations can never be reduced to zero,” he adds, “but they can be managed.”
Omand told me he was aware of the details.
“I am told that the full plans of the proposed Embassy were available to the authorities,” he says, “even if there were parts blacked out on the version given to the media.”
Beyond the technical details, he argues the dispute is as much about politics and perception as it is about planning.
When China bought the Royal Mint Court in 2018, it drew little alarm. The site was sensitive, but it was still seen mainly as a planning issue, not a security test.
Since then, the backdrop has hardened and the public lens has shifted with it. The change has been reinforced by a series of China-related security episodes, including the Westminster espionage allegations that rattled Parliament.
It has also been shaped by the U.K.’s public attribution and sanctions over China-linked cyber activity, including APT31. London has said APT31 targeted U.K. parliamentarians and democratic institutions, a disclosure that has heightened concerns.
Official warnings about foreign interference and intimidation on university campuses have only reinforced that sense.
MI5’s latest threat update points in the same direction, noting that the number of individuals under investigation for state-backed activity rose by 35% over the past year.
And Omand notes that some opposition is rooted in the symbolism of place.
“Much of the opposition to the new Chinese embassy comes from an unease at having it located in such historic surroundings, close to major visitor attractions such as the Tower of London,” he adds, “particularly given that the Chinese were allowed to purchase the site at Royal Mint Court as long ago as 2018,” he said.
As the U.K. was debating the proposed Chinese mega-embassy in London, fresh reporting emerged alleging that Chinese state-backed hackers may have penetrated communications at the heart of the British government, and I put those claims to Sir David Omand.
“The U.K. invests heavily in securing defense and other government networks,” he says, pointing to the role of the National Cyber Security Centre, “an important part of GCHQ,” which provides “up-to-date security advice and helps respond to incidents when they occur.”
He stresses that modern cyber defense goes beyond simple perimeter protection.
As he puts it, “‘zero trust security’ indicates that modern cybersecurity does not rely solely on barriers and firewalls to keep out adversaries.”
Omand says government networks have been built with this reality in mind. The U.K.’s government domain, he notes, “has received extensive engineering advice from the NCSC” and now requires “two-factor authentication,” while continued “investment in secure cloud for government” is intended to strengthen overall resilience.
The emphasis, he suggests, is less on absolute prevention than on early detection.
“Modern AI-assisted network monitoring can identify anomalous activity across networks, including suspicious behaviour by individual members of staff, allowing authorities to detect at the earliest stage any signs of possible penetration,” he said.
At the same time, Omand draws a clear distinction between protected government systems and the realities of political life.
“Government ministers, senior officers and officials have access to highly secure mobile devices for passing and discussing classified material.”
Omand treats the issue as a classic counter-intelligence problem, rooted not in systems but in human behaviour under pressure.
In practice, he notes, the fast-moving nature of political life makes it inevitable that “commercially available mobile phones and devices personally owned by ministers and special advisers will at times be used for political business.”
He points to the COVID-19 inquiry as an example, noting that the use of “social media messaging apps (encrypted)” exposed how informal practices can create vulnerabilities.
Commercial devices, Omand underlines, remain a significant weak point.
“Commercially available mobile phones in particular can be hacked, and there is an international market in the malware to do so; this has been documented by the Citizen Lab at the University of Toronto, with many countries seeking the ability to surveil political opponents and dissidents overseas,” Omand says.
As a former director of GCHQ, Omand places responsibility not only on intelligence agencies or system architects.
“The responsibility has to rest on users of insecure devices,” he says, “to ensure they do not use them for purposes for which they should not.”
User behavior, he argues, is key to how senior-level compromises can occur even in otherwise well-protected systems.
Omand also points to visible countermeasures adopted at the very top of government.
“A good example of the security measures the U.K. takes,” he says, “was the publicized use of burner phones by the prime minister.”
In the end, cyber risk cannot be eliminated, only reduced and managed through discipline, detection and rapid response.
Set as preferred source
Set as preferred source
2 min read
