Government mandates new cyber security standard for suppliers
From 1 October 2014, all suppliers must comply with the new Cyber Essentials controls if bidding for some government contracts.
The government is improving cyber security in its supply chain. From 1 October 2014, all suppliers must be compliant with the new Cyber Essentials controls if bidding for government contracts which involve handling of sensitive and personal information and provision of certain technical products and services.
Cyber Essentials was developed by government, in consultation with industry. It offers a sound foundation of basic cyber hygiene measures which, when properly implemented, can significantly reduce a company’s vulnerability. The scheme’s set of 5 critical controls is applicable to all types of organisations, of all sizes, giving protection from the most prevalent forms of threat coming from the internet.
Minister for Cabinet Office, Francis Maude said:
It’s vital that we take steps to reduce the levels of cyber security risk in our supply chain. Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber attack. Businesses can demonstrate that they take this issue seriously and that they have met government requirements to respond to the threat. Gaining this kind of accreditation will also demonstrate to non-government customers a business’s clear stance on cyber security.
Cyber Essentials is a single, government and industry endorsed cyber security certification. It is accessible for businesses of all sizes and sectors to adopt, and I encourage them to do so.
The scheme was launched in June and is gathering pace, with insurance firms like AIG offering incentives to businesses to become certified and larger organisations like Hewlett-Packard (HP), one of its early adopters, also beginning to demand it from their own supply chains. Stuart Bladen, Regional Vice President & General Manager, UK Public Sector, HP Enterprise Services said:
Cyber Essentials helps keep businesses safe online, which is why HP has been an active supporter of the scheme from its initial concept. Our extended supply chain of differing business types, including a large SMEcommunity, can get affordable cyber security assurance to protect their own and HP intellectual property and information, and that of customers.
For this reason HP UK Public Sector has written to its entire supply chain explaining the merits of the certification and notifying our intention to require them to adopt this scheme.
To ensure the scheme is flexible and affordable, there are 2 levels of assurance available, Cyber Essentials and Cyber Essentials Plus. Organisations assessed as successful in meeting the scheme’s requirements are awarded a certificate and are able to display the appropriate Cyber Essentials or Cyber Essentials Plus badge on their marketing material.
Helping to meet the demand for businesses wanting to get Cyber Essentials is a new accreditation body, QG, which joins CREST and the IASME Consortium in appointing firms who can certify company applications.
Mandating Cyber Essentials will provide further protections for the information the government handles and will encourage adoption of the new scheme more widely.
Notes to editors
- Early adopters of the scheme have included BAE Systems, Barclays, Hewlett-Packard, Vodafone and the Confederation of British Industry, as well as small businesses like Nexor, Tier 3 and Skyscape.
- Hewlett-Packard, one of the early adopters of Cyber Essentials, recentlyissued a press release on use within its own supply chains.
- The scheme is being backed by AIG, Marsh, Swiss Re, the British Insurance Brokers’ Association (BIBA) and the International Underwriting Association. AIG have recently announced details of their package, as reported in trade press.
- Accreditation Bodies appoint Certifying Bodies to carry out assessments, and are themselves appointed by CESG.
- The National Cyber Security Strategy (NCSS), published in November 2011, provided government with a framework and objectives in tackling cyber threats, promoting awareness and providing a growing platform of strong private sector partnership. The strategy is supported by £860 million of funding from the National Cyber Security Programme which has helped put in place new initiatives and structures as part of the government’s response to growing threats in cyberspace.
- In December 2013, government published the second annual report on progress against the strategy, achievements and spend on the National Cyber Security Programme as well as forward plans.
- The NCSS has 4 objectives:
- to make the UK one of the most secure places in the world to do business in cyberspace
- to make the UK more resilient to cyber attack and better able to protect our interests in cyberspace
- to help shape an open, vibrant and stable cyberspace that supports open societies
- to build the UK’s cyber security knowledge, skills and capability
- The NCSS sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment. It makes clear how the investment through the National Cyber Security Programme is being used and which departments are responsible for which actions, and it outlines how the government will take the opportunity to promote growth and minimise the economic impact of cyber attacks by cementing a new partnership with the private sector.
- The £860 million programme funding provides backing for work to improve the UK’s cyber security capability but government can’t do this alone. Our whole approach hinges on building effective partnerships between government, law enforcement agencies, academia and the private sector. We’re also encouraging organisations within these spheres to work in partnership with each other
Latest News from
Statement following the meeting between Lord Frost and Vice President Šefčovič: 16 April 202116/04/2021 11:17:00
Statement following the meeting between Lord Frost and Vice President Šefčovič in Brussels yesterday evening.
Review into the Development and Use of Supply Chain Finance in Government13/04/2021 11:05:00
Announcement of a Review into the Development and Use of Supply Chain Finance (and associated schemes) in Government.
Tax cut for employers of veterans brought in07/04/2021 09:20:00
A National Insurance contributions holiday for businesses who employ armed forces veterans came into force yesterday (6 April 2021).
Summit to help those most vulnerable fight climate change01/04/2021 12:20:00
COP26 President Alok Sharma yesterday gave a speech at the Climate and Development Ministerial.
International action and collaboration for a decade of delivery on climate change01/04/2021 10:38:00
COP26 President Alok Sharma's opening speech at the IEA-COP26 Net Zero Summit, which he co-chaired with Dr Fatih Birol Executive Director of the International Energy Agency (31 March 2021).
Global summit to help those most vulnerable fight climate change31/03/2021 13:25:00
Countries that are most vulnerable to the impacts of climate change will help set the international agenda.
Reckitt announced as Principal Partner for COP26 climate summit in Glasgow30/03/2021 16:05:00
One of the world’s largest health, hygiene and nutrition companies, Reckitt, has been announced as a Principal Partner for COP26.
Appointment of Permanent Secretary to the Ministry of Defence.26/03/2021 14:20:00
The Cabinet Secretary, with the approval of the Prime Minister, has announced the appointment of David Williams as the new Permanent Secretary to the Ministry of Defence (MOD).