UK Government Requests Views on Supply Chain Cybersecurity

Morgan Lewis - Tech & Sourcing
Contact

Morgan Lewis - Tech & Sourcing

The United Kingdom’s Department for Digital, Culture, Media & Sport (DCMS) is requesting views on supply chain cybersecurity, which it will look to incorporate into its new National Cyber Security Strategy.

This follows a trend in increased focus on national cybersecurity (in particular in relation to supply chains), including President Joseph Biden’s executive order to improve the United States’ cybersecurity, which we covered in our earlier posts of June 1 and June 4.

Research by DCMS indicates that only 12% of organizations and 36% of large firms formally review cybersecurity risks coming from their immediate suppliers, and, even lower, only 5% address vulnerabilities in their wider supply chains.

UK Digital Infrastructure Minister Matt Warman claims that “[i]t’s essential organisations protect themselves and secure their mission critical supply chains” as they “cannot outsource risk.”

Due to the increasing movement of operations online, especially in light of COVID-19, cybersupply chains and third-party IT service providers are becoming even more essential to the continuation of numerous businesses. Cybercriminals may leverage vulnerabilities in suppliers’ systems to gain access to businesses throughout the supply chain, potentially affecting hundreds of businesses. The UK government has recognized this and wants to ensure that supply chain cybersecurity is a key part of its new National Cyber Security Strategy.

The National Cyber Security Centre (NCSC) already offers various support to organizations in order to help assess their suppliers’ security risks. This includes advising on how to identify cybersecurity risks and vulnerabilities that impact the whole business, such as through the Cyber Assessment Framework, as well as supply chain specific guidance. However, the UK government wants to understand what more it can do to support UK firms with their supply chain cybersecurity.

The call for views comprises 19 key questions, which are split across two parts:

  • Part 1 is focused on supply chain risk management and how the UK government can intervene to help manage risks in the future.
  • Part 2 concerns the suitability of a proposed cybersecurity framework for managed service providers.

The proposed framework could require managed service providers to meet the current Cyber Assessment Framework principles, which are 14 cybersecurity principles designed for organizations that play a key role in day-to-day matters of the United Kingdom. The framework also sets out measures that organizations ought to take, including ensuring data is protected in rest and transit as well as training staff and ensuring a positive cybersecurity culture.

The call for views is open until July 11, 2021.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morgan Lewis - Tech & Sourcing | Attorney Advertising

Written by:

Morgan Lewis - Tech & Sourcing
Contact
more
less

Morgan Lewis - Tech & Sourcing on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.