Accessibility Screen-Reader Guide, Feedback, and Issue Reporting | New window

Protecting our Democratic Institutions: Countering Espionage and Foreign Interference

  • Knowledge Level: All Levels
  • Protection Stage: Complete Guidance
  • Time to read: 10 minutes

Protective security advice to safeguard those working in the UK’s democratic institutions who may be targeted by state actors

Share this article:
261 Shares
facebook sharing button Share
twitter sharing button Tweet
email sharing button Email

This guidance is available to download as a PDF:

Countering espionage and foreign interference guidance

Countering espionage and foreign interference guidance summary

Espionage and foreign interference pose a significant threat to the UK’s democracy, economy and fundamental rights and freedoms. As an elected politician, candidate, member of the House of Lords or a staff member1 , you are a potential target. Protect yourself and your team by understanding the threat, and applying simple countermeasures.

1Including elected members of the House of Commons, Scottish Parliament, Senedd Cymru and Northern Ireland Assembly, and candidates; members of the House of Lords; mayors; local councillors; London Assembly members; Police and Crime Commissioners; and those working for those institutions.

What is espionage and foreign interference?

Espionage is the secret gathering of information to benefit a foreign state. This can be done through human agents, cyber attacks, or other means. State actors seek to collect classified information and other information of value to them, and target those they believe have access to, or could establish access to, that.

Foreign states also try to interfere with decisions and issues in the UK in a way that is deceptive, corruptive and/or coercive. This includes political interference: aimed at influencing, manipulating or discrediting political processes or decision-making to seek advantage or to harm the UK

Information operations are an interference tool used by foreign states. They include disinformation (false or manipulated information designed to deceive audiences) and ‘hack-and-leaks’ (using cyber tools to access and selectively release stolen material into the public domain).2

2These descriptions summarise the activity that you should be aware of. They do not reflect full legal definitions, including those in the National Security Act 2023.

“When foreign states steal vital UK information or manipulate our democratic processes they don’t just damage our security in the short-term, they erode the foundations of our sovereignty and ability to protect our citizens’ interests. Everyone reading this guidance cares deeply about the role they play in UK democracy. Take action today to protect it - and yourself.”
Sir Ken McCallum, DG MI5

Why are you a target?

State actors target people working in democratic institutions because you:

  • Possess information which allows other states to build an understanding of political and policy priorities and activity. This isn’t just about classified information - other privileged information may be considered valuable by a state actor, even if it appears inconsequential;
  • Can influence decisions on issues like technology, foreign affairs or investment;
  • Are in a position to promote a positive narrative, or dampen criticism, about another state;
  • Have a public profile, which means foreign states may seek to use information about you - and/or influence your actions - in order to discredit you, the political party you represent or the government;
  • Have access to someone of interest, and therefore may be used to gather information about or reach them - for example by targeting your internet/email accounts.

Which actors are involved?

The UK is a target of long-term strategic foreign interference and espionage from elements of the Russian, Chinese and Iranian states which, in different ways, seek to further their economic and strategic interests and cause harm to our democratic institutions. Other states may also be interested in obtaining information about the UK system, in the furtherance of their own national objectives.

It is difficult to differentiate a benign approach from one made by or on behalf of a state for interference or espionage purposes. Foreign intelligence officers operate undercover, posing as diplomats, journalists, academics or lobbyists, for example. Individuals working in these and other fields may also act as “proxies”, with their links to the state concealed. Those proxies may or may not be aware of who they are working for. Some states have legislation compelling individuals and/or companies to cooperate with intelligence efforts.

What should you look out for?

Most approaches to you will of course be legitimate and of no concern. Espionage and interference efforts are different because, whilst they may try and look legitimate, they are generally deceptive and/or coercive in nature. What might begin as an apparently genuine interaction can transition into something more malign. It’s important you remain alert and trust your instincts. If something doesn’t feel right, report it to your security team promptly.

We have provided some indicators of potential espionage and interference activity. It is not an exhaustive list; it gives you an idea of how threat actors work and what this activity could look like in your role.

Elicitation

Attempts to manipulate you into sharing information for example through seemingly casual conversations or requests for ‘non-public’ or ‘insider’ information (in person, online or both). A threat actor could provide you with incorrect information, in the hope that you will correct them.

Cultivation

The process of building long-term, deep relationships to gather information, recruit or manipulate - for example to influence deceptively towards a particular position. Cultivation begins with a simple introduction; shared interests and social gatherings are often leveraged. Even if you resist the manipulation, a threat actor may use any association with you to lend credibility to their approaches to others.

In Australia, Senator Sam Dastyari resigned his position following allegations that he had taken money from a benefactor connected to the Chinese United Front Work Department in return for advocating positions favourable to the Chinese Communist Party.

Blackmail

The use of blackmail and/or threats represents one of the most aggressive forms of recruitment and coercion. Blackmail material could be garnered from information stolen via, for example, a cyber compromise. A threat actor may also seek to place you in a compromising situation, which they could then exploit.

Online approaches

Threat actors act anonymously and/or dishonestly online to connect with people who have access to information, for example through online professional or social networking sites. They do this by obfuscating their real identity and intentions - for example posing as recruiters or talent agents and approaching you with enticing opportunities, when their real intent is to gather as much information as possible and/or recruit you to work for them.

In 2023, the Director General of MI5 said there had been more than 20,000 cases where actors working for other states had made disguised approaches on professional networking sites, with the aim of accessing sensitive information.

Financial donations

Threat actors seek to use financial donations to influence your decision making, public statements on policy issues or the questions you ask in debates. They may seek to use you as a proxy to conduct illicit financing on their behalf. Political parties and candidates may also receive funds seemingly from a UK national which may in fact have originated from a foreign actor. Foreign states may also donate indirectly – for example to a charity you are affiliated with or a project in your area - with a view to influencing your activity.

In 2022, MI5 issued an Interference Alert about the activities of Christine Lee, a UK-based individual who had facilitated financial donations to political parties and individuals seeking political office in the UK on behalf of foreign nationals while concealing the true source of her funding. Lee founded the British Chinese Project, and helped set up the Chinese in Britain All-Party Parliamentary Group (APPG). Media scrutiny followed in the wake of the Interference Alert.

Cyber compromises

Threat actors use spear-phishing and social engineering, in the form of highly personalised messages aimed at tricking specific individuals into revealing sensitive information or clicking malicious links, to compromise accounts and devices. The proliferation of commercial spyware has enabled a wider range of actors to compromise devices.

In 2023, Stewart McDonald MP was targeted in a spear-phishing attack by suspected Russian actors. The phishing email appeared to come from a staff member - after their account had been hacked - and led to the compromise of his personal email. Mr McDonald feared the stolen data could be used in a disinformation campaign and publicly raised awareness to pre-empt manipulation.

Stolen information can be used - including via release into the public domain - to manipulate public discourse or undermine individuals and institutions.

Russian cyber actors, assessed to be part of Star Blizzard (a cyber unit of the Russian Intelligence Services), hacked and leaked sensitive UK-US trade documents ahead of the 2019 general election. These were amplified online to influence political discourse.

In March 2024, the UK and allies identified that Chinese state-affiliated organisations and individuals were responsible for malicious cyber campaigns targeting democratic institutions and parliamentarians, as part of a large-scale espionage campaign. This included a compromise of the Electoral Commission, and reconnaissance carried out to cyber target parliamentarians, the majority of whom were publicly critical of China.

Disinformation

State actors can cultivate fake or misleading content to shape public debate and policy decisions and/or discredit individuals. Fake social media accounts and automated bots can push large quantities of disinformation. Personal data - for example from cyber targeting - can be combined with fake information to create realistic-appearing disinformation. You should be on the lookout for a call or message which purports to be from a colleague but which in fact is generated by threat actor, potentially in the form of a ‘deepfake’ or a hoax call.  You should also take care to check the sourcing of content you draw upon in your own messaging.

In March 2022, fraudulent emails purporting to be from the Ukrainian Embassy in London were sent out to government departments seeking phone calls with Ministers. A clip of a call between an imposter posing as the Ukrainian prime minister and the then Defence Secretary was subsequently released in a manner intended to discredit him and the government. The perpetrators, ‘Vovan' and 'Lexus', were Russian pranksters working to the objectives of the Russian state.

Exploiting your overseas travel

When travelling abroad, you are easier to target - either because espionage and interference activity is more common or the environment is more conducive to it. Foreign intelligence services will try to access your data - assume everything could be of interest, but particularly that relating to your work - personal belongings, CCTV and telecommunications data. These can be exploited to collect information or provide opportunities to influence or coerce.

What can you do to protect yourself?

The purpose of this guidance is not to stop you interacting with those you need to – it is to ensure you do so with knowledge of the risks, and the actions you can take to protect yourself. 

Keep up-to-date with National Protective Security Authority (NPSA), National Cyber Security Centre (NCSC) and your security team’s guidance. Use the BEST principles to take simple actions to help protect yourself, your team, your family - and the UK.

  • Understand how the threat can manifest, and what you should look out for. Use your intuition to spot deviations from the norm.
  • Conduct due diligence. Check the identity of someone who asks to meet you for the first time, and consider taking someone with you. Take reasonable steps to understand the source of donations or gifts, and adhere to relevant regulations and policies regarding these. Speak to your security team if in any doubt about the source of potential funding or if you receive inappropriate financial approaches of any kind. If asked to speak at an event, research the organisation that is hosting and who else will be on the panel with you (or your principal). Carefully research all overseas travel invitations.
  • Keep track of odd social interactions, frequent requests to meet privately, and out-of-place introductions or engagements. If an approach is vague, involves overt flattery or pressure to respond quickly to avoid missing out or appears just too good to be true, you should be cautious.
  • Withdraw from contact if you have concerns. If you think you’ve been talking to someone who has ulterior motives or an unclear agenda, withdraw from the conversation and report this contact to your security team straight away.
  • Protect your team. Political staff, colleagues and family may be targeted to gain access to you. Make them aware of the risks, and ask them to adopt this guidance.
  • Consult your security team before travelling and act on their specific advice, including about whether you need a travel-specific device for your trip. Take only the minimum number of electronic devices with you. Remove unnecessary apps and check the security permissions of those you keep. Do not conduct any sensitive business (i.e. that which you would not want entering the public domain) using your phone. Keep devices and papers on your person rather than leaving them in your hotel room, and use privacy screens if working in public environments.

  • Be alert to the heightened risk of approaches by foreign intelligence services. Avoid any situations which you would not be happy being publicised at a later date.

  • Reduce the risk of cyber compromises. Use strong, unique passwords for key accounts, and a password manager. Enable multi-factor authentication. Keep devices and software up to date. Check if you’re eligible for NCSC’s Individual Cyber Defence Services for high-risk individuals, which include free monitoring and support. Full guidance is available at ncsc.gov.uk.
  • Protect your online profile. Be discreet. Understand what information about you exists online (your “digital footprint”). Regularly review your privacy settings. Use multi-user social media accounts rather than sharing passwords. Be alert to approaches on professional and social networking sites that may not be what they seem.
  • If something doesn’t feel right, trust your instincts and report to your security team immediately so they can investigate, help resolve and support you. Nothing is ever too small and it will not be an inconvenience – your security team are there to help you. This guidance provides an overview but threat actors will change and tactics will evolve. It is therefore vital that you trust your intuition.

This guidance references the importance of reporting concerns to and seeking advice from your security team. Those include:

  • The Parliamentary Security Department for the UK Parliament
  • Departmental Security Advisors for UK Government ministers, their offices and special advisors
  • The Scottish Government’s Security and Business Continuity Unit for Scottish Government minister
  • The appropriate channel, be that your local authority or your force elected official advisor, for mayors

To report an imminent threat, contact the police.

Did you find this page useful? Yes No
helpfulness rating
Feedback