The Department for Digital, Culture, Media and Sport (DCMS) has called for views on security measures across digital supply chains and IT services, including data processing, infrastructure management and supplier assurance.
The call comes as more organisations move their operations online and pivot to digital business models. A few obvious examples are retailers moving online and car manufacturers offering cars on subscription, which may kill showroom sales.
As organisations increasingly move their operations online, it’s a given that digital supply chains and third party IT service operators will become more vital. The Government wants to take a leadership role in helping organisations make the transition.
“We’re seeking views from firms that both procure and provide digital services, as a first step in considering whether we need updated guidance or strengthened rules,” said Digital Infrastructure Minister Matt Warman.
Call for Views
The Call for Views focuses on two parts:
Part 1 seeks input on how organisations across the market manage supply chain cyber risk and how government intervention would help.
Part 2 seeks input on the suitability of a proposed framework for Managed Service Provider security and how it can be appropriately implemented.
You can read more about the Call for Views here.
The information submitted by organisations will be used to develop new policy solutions that support organisations in cyber risk management.
However, responses are not limited to organisations and all those that have an interest in supply chain cyber risk management are being asked to provide their opinions.
Security comes first
The Government wants to ensure that organisations can properly review the cyber security risks coming from suppliers and their supply chains.
The National Cyber Security Centre (NCSC) already offers a raft of support to help organisations assess the security risks of their suppliers, however the Government wants to go further and is asking for views from organisations on this matter.
They have requested views on existing guidance for supply chain risk cyber management and they are testing a new security framework with some firms. This is a managed service provider framework, which requires Managed Service Providers to meet the current Cyber Assessment Framework so feedback can be collected.
On the Call for Views, Digital Infrastructure Minister Matt Warman has said: “There is a long history of outsourcing of critical services. We have seen attacks such as ‘CloudHopper’ where organisations were compromised through their managed service provider. It’s essential that organisations take steps to secure their mission critical supply chains – and remember they cannot outsource risk.
“Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible.”
Want to take part?
If you wish to take part in the Call for Views, you can complete the online survey. If you are unable to complete the survey, you can email your response to cyber-review@dcms.gov.uk or send it via post to the following address:
Call for views on supply chain cyber security
Cyber Resilience Team – 4/47
DCMS
100 Parliament Street
London
SW1A 2BQ
