Government consults on steps to bolster supply chain security

Proposals come as the business landscape still reels from high-profile hacks including the SolarWinds Orion Platform attack

The UK government has proposed a number of measures to enhance the security of digital supply chains and third-party IT services in light of a series of devastating cyber attacks.

The Department for Digital, Culture, Media and Sport (DCMS) has opened a consultation on how organisations manage their supply chain risks, with a view to reforming existing guidance and refine a proposed new security framework.

This framework for managed service provider (MSP) security would require MSPs to legally meet the 14 cyber security principles that make up the existing Cyber Assessment Framework. These currently apply only to organisations within the UK critical national infrastructure (CNI) sector, those subjected to the NIS Directive, and businesses managing cyber-related risks to public safety.

Under the proposals, organisations may also be asked to instigate policies to protect devices and prevent unauthorised access, ensure data is protected at rest and transit, keep backups secure and accessible, and train staff in cyber security.

“There is a long history of outsourcing of critical services,” said digital infrastructure minister, Matt Warman. We have seen attacks such as ‘CloudHopper’ where organisations were compromised through their managed service provider. 

“It’s essential that organisations take steps to secure their mission-critical supply chains – and remember they cannot outsource risk.

Related Resource

X-Force threat intelligence index

Understand the threat landscape with fresh intelligence

X Force threat intelligence indexDownload now

“Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible.”

The consultation on strengthening supply chain cyber security follows several high-profile attacks against thousands of businesses, described as supply-chain hacks.

One of the scariest of modern history, the SolarWinds Orion Platform hack, was detected in late 2020 and affected countless businesses and public sector organisations. Similarly, the Microsoft Exchange Server attack, more recently, hit at least 30,000 businesses within the US, and many more across the world. 

These are just two of several attacks, including one against CodeCov in which hackers accessed the source code of cyber security firm Rapid7.

The government’s consultation on supply chain cyber security aims to seek views from firms that both procure and provide digital services, asking them whether the UK needs updated guidance or strengthened rules. This call for views is now open and will close on 11 July. 

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021