UK’s Department for Digital, Culture, Media and Sport (DCMS) has called for views on security measures across digital supply chains and IT services, including data processing, infrastructure management and supplier assurance.
The call comes as more organizations move their operations online and pivot to digital business models. A few obvious examples are retailers moving online and car manufacturers offering cars on subscription, which may kill showroom sales.
As organizations increasingly move their operations online, it’s a given that digital supply chains and third-party IT service operators will become more vital. The government wants to take a leadership role in helping organizations make the transition.
“We’re seeking views from firms that both procure and provide digital services, as a first step in considering whether we need updated guidance or strengthened rules,” said Digital Infrastructure Minister Matt Warman.
Call for Views
The Call for Views focuses on two parts:
Part 1 seeks input on how organizations across the market manage supply chain cyber risk and how government intervention would help.
Part 2 seeks input on the suitability of a proposed framework for Managed Service Provider security and how it can be appropriately implemented.
You can read more about the Call for Views here.
The information submitted by organizations will be used to develop new policy solutions that support organizations in cyber risk management.
However, responses are not limited to organizations and all those that have an interest in supply chain cyber risk management are being asked to provide their opinions.
Security comes first
The government wants to ensure that organizations can properly review the cyber security risks coming from suppliers and their supply chains.
The National Cyber Security Centre (NCSC) already offers a raft of support to help organizations assess the security risks of their suppliers, however the government wants to go further and is asking for views from organizations on this matter.
They have requested views on existing guidance for supply chain risk cyber management and they are testing a new security framework with some firms. This is a managed service provider framework, which requires Managed Service Providers to meet the current Cyber Assessment Framework so feedback can be collected.
On the Call for Views, Digital Infrastructure Minister Matt Warman has said: “There is a long history of outsourcing of critical services. We have seen attacks such as ‘CloudHopper’ where organizations were compromised through their managed service provider. It’s essential that organizations take steps to secure their mission critical supply chains – and remember they cannot outsource risk.
“Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible.”
Want to take part?
If you wish to take part in the Call for Views, you can complete the online survey. If you are unable to complete the survey, you can email your response to firstname.lastname@example.org or send it via post to the following address:
Call for views on supply chain cyber security
Cyber Resilience Team – 4/47
100 Parliament Street