Department for Digital, Culture, Media and Sport
New plans to boost cyber resilience of UK’s critical supply chains
DCMS is calling for views on a number of measures to enhance the security of digital supply chains and third party IT services.
- IT management firms could be required to follow updated new security standards
- Managed Service Providers and firms procuring digital services asked to feedback on plans
- Only one in twenty firms address vulnerabilities in wider supply chain
New proposals to help British businesses manage cyber risks attached to supply chains are being considered.
The Department for Digital, Culture, Media and Sport (DCMS) is calling for views on a number of measures to enhance the security of digital supply chains and third party IT services, used by firms for things such as data processing and infrastructure management.
DCMS research shows only 12 per cent of organisations review the cyber security risks coming from their immediate suppliers and only one in twenty firms (5 per cent) address the vulnerabilities in their wider supply chain.
The National Cyber Security Centre (NCSC) already offers a raft of support to help organisations assess the security risks of their suppliers, including the advice on identifying business-wide cyber security risks and vulnerabilities such as the Cyber Assessment Framework and provides specific Supply Chain Security and Supplier Assurance guidance.
The government has also helped organisations improve their cyber risk management during the pandemic, including through £500,000 of funding to enable critical suppliers in healthcare subsectors to boost their preparedness and resilience through the Cyber Essentials scheme.
But, as organisations increasingly move their operations online, digital supply chains and third party IT service operators are becoming vital to companies’ every day operations and are hugely important for business continuity and resilience. The government is looking at what more it can do to support UK firms.
Digital Infrastructure Minister Matt Warman yesterday said:
There is a long history of outsourcing of critical services. We have seen attacks such as ‘CloudHopper’ where organisations were compromised through their managed service provider. It’s essential that organisations take steps to secure their mission critical supply chains – and remember they cannot outsource risk.
Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible.
We’re seeking views from firms that both procure and provide digital services, as a first step in considering whether we need updated guidance or strengthened rules.
The government wants views on the existing guidance for supply chain cyber risk management and is also testing the suitability of a proposed security framework for firms which manage organisations’ IT infrastructure, known as ‘Managed Service Providers’.
The proposals could require Managed Service Providers to meet the current Cyber Assessment Framework - a set of 14 cyber security principles designed for organisations that play a vital role in the day-to-day life of the UK.
The framework sets out measures organisations should take, such as:
- Having policies to protect devices and prevent unauthorised access
- Ensuring data is protected at rest and in transit
- Keeping secure and accessible backups of data
- Training staff and pursuing a positive cyber security culture.
Notes to Editors
- The Call for Views on Supply Chain Cyber Security Call will be open from 17 May to 11 July 2021.
- The NCSC offers a raft of support to help organisations assess the security risks of their suppliers, including the advice on identifying business-wide cyber security risks and vulnerabilities such as the Cyber Assessment Framework and provides specific Supply Chain Security and Supplier Assurance guidance.
- The government has also helped organisations improve their cyber risk management during the pandemic, including through £500,000 of funding to enable critical suppliers in healthcare subsectors to boost their preparedness and resilience through the Cyber Essentials scheme.
- The call for views comes after Digital Secretary Oliver Dowden set out his ten tech priorities earlier this year which highlighted keeping the UK safe and secure online and the government published its groundbreaking Integrated Review of defence and security. The Integrated Review sets the goal of cementing the UK’s position as a responsible and democratic cyber power and announced a commitment to publish a new National Cyber Strategy later this year. The strategy will set out how the UK intends to build a more resilient digital nation and realise the benefits that cyberspace can bring.
Latest News from
Department for Digital, Culture, Media and Sport
Welsh Slate Landscape UK's newest UNESCO World Heritage Site28/07/2021 15:20:00
The Slate Landscape of Northwest Wales has been added to the UNESCO World Heritage List
UK buyer sought for rare Roman painting26/07/2021 12:10:00
A temporary export bar has been placed on painting The Nativity by Baldassare Tommaso Peruzzi worth over £460,000
Government funds biggest ever overseas Team GB23/07/2021 13:10:00
Team GB benefits from funding package of £342 million.
Ministers seek to stamp out rip-offs with new consumer protections20/07/2021 14:29:00
Business Secretary and Consumer Minister unveil consumer protection reforms
Government unveils proposals to increase competition in UK digital economy20/07/2021 13:05:00
Digital firms with deep-rooted market power to be subject to mandatory code to drive up competition
Prime Minister announces £50 million investment in grassroots football pitches19/07/2021 12:10:00
£50 million investment to build and improve grassroots football pitches across the UK.
Government sets out action to stop online racist abuse in football16/07/2021 15:12:00
Change in the law announced to extend Football Banning Orders to those who are abusive in connection with football on social media.
£700k investment to boost cyber growth across the UK13/07/2021 14:20:00
UK Cyber Cluster Collaboration established to support tech firms across the country.