Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Risk Management

UK Spy Agency Releases Annual Threat Report

MI5’s Annual Threat Update Parallels U.S. Intelligence Threat Warnings

MI5’s UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers.

MI5’s Annual Threat Update Parallels U.S. Intelligence Threat Warnings

MI5’s UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers.

“Disruptive cyber-attacks such as ransomware can bring down everything from national institutions to your local hospital,” warns McCallum in his July 14, 2021 speech. “Cyber is no longer some abstract contest between hackers in it for the thrill or between states jockeying position in some specialized domain; in the 2020s, cyber consistently bites on our everyday lives.”

Mi5 Security Service logoHis warnings about state-sponsored espionage and IP theft could almost have been lifted from the 2019 U.S. Senate report, Threats to the U.S. Research Enterprise. “We see the UK’s brilliant universities and researchers having their discoveries stolen or copied; we see businesses hollowed out by the loss of advantage they’ve worked painstakingly to build,” he said. 

The Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, Senator Portman claimed that the espionage problem is as much about us as it is the adversary. “Rather than pointing the finger at China, we ought to be looking at our own government and our own institutions and doing a better job with the things we can control. Again, let’s get our own house in order.”

McCallum’s view is, “For as long as it’s cheap and easy for hostile actors to try to access UK data; or to cultivate initially-unwitting individuals here; or to spread false, divisive information – they are bound to keep doing so.” The UK house also needs to be got in order – and in both cases the call is for new and stronger legislation.

The primary difference between the U.S. and UK viewpoints is that the U.S. is currently focused on Chinese state-sponsored threats. The same basic triumvirate of adversaries is named by McCallum – but MI5 does not differentiate between them. “The activity MI5 encounters day-by-day predominantly comes, in quite varying ways, from state or state-backed organizations in Russia, China and Iran,” he said.

The spreading of false information is another parallel between U.S. and UK threats. McCallum focuses on two areas: disruptive misinformation from foreign adversaries, and what he terms ‘Extreme Right-Wing Terrorism’.

On the former, he comments, “Some foreign states invest in capabilities to influence discourse in other countries; and they wouldn’t be doing so if they didn’t believe they were getting some benefit. So, there is a focused role for organizations like mine to detect and call out any particularly damaging foreign-generated disinformation.” This statement could have been written by a U.S. intelligence agency referring to Russian attempts to sow discord within American politics.

Even McCallum’s concern over Right Wing Terrorism (more usually referenced as White Supremacism in the U.S.) mirrors that of his North American counterparts. Right Wing Terrorism already accounts for some 20% of MI5’s investigations (less than Islamist terrorism, but growing). “And always, always, the online environment – with thousands exchanging hate-filled rhetoric or claiming violent intentions to each other in extremist echo chambers – leaving us and the police to try to determine which individuals amongst those thousands might actually mobilize towards violence. This needs new expertise, new sources, new methods.”

In the U.S. Homeland Threat Report of October 2020, the DHS wrote, “Among DVEs, racially and ethnically motivated violent extremists—specifically white supremacist extremists (WSEs)—will remain the most persistent and lethal threat in the Homeland.”

These parallels between the UK and the U.S. are drawn together with the withdrawal of troops from the Middle East. “As NATO and US forces now withdraw, terrorists will seek to take advantage of opportunities – including propaganda opportunities – to rebuild. For the US and for ourselves,” said McCallum, “the counter-terrorist task will transition. As we seek to illuminate potential threats to take disruptive action, we will have neither the advantages nor the risks of having our own forces on the ground.”

And finally, McCallum discusses an identical threat with an identical solution proposed by both the UK and the U.S. – end-to-end encryption and a proposed government-enabled back door for use under warranted circumstances. McCallum prefers to call it a tech-enabled, Secretary of State warranted ‘front door’. 

End-to-end encryption, he said, is “a gift to the terrorists MI5 has to find and tackle – and a gift to the child abusers our colleagues in the National Crime Agency have to find and tackle.” He ends with a plea to the industry. “These tech companies are brilliant at what they do; it seems to me they have solved harder problems, when they really want to.”

The parallels between U.S. and UK threats being tackled by U.S. and UK intelligence agencies, and even the way they are described, are clear. McCallum’s speech is almost a call to the U.S. agencies: we are fighting the same enemies in the same way – the special relationship must not be allowed to falter. Even Biden’s bugbear of Northern Ireland gets a reassuring mention. “The 1998 Belfast Agreement and the long process which led up to it,” says McCallum, “stands as one of the finest public policy achievements of my lifetime. It has enabled a whole generation to grow up substantially free of the scarring which haunted previous generations.”

Related: US Shifts State Grant Focus to Extremism, Cyberthreats

Related: US Intelligence Director Says China is Top Threat to America

Related: UK’s Top Spy Agency Coming Out of the Shadows: GCHQ Director

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...