The UK government has proposed a number of measures to enhance the security of digital supply chains and third-party IT services in light of a series of devastating cyber attacks.
The Department for Digital, Culture, Media and Sport (DCMS) has opened a consultation on how organisations manage their supply chain risks, with a view to reforming existing guidance and refine a proposed new security framework.
This framework for managed service provider (MSP) security would require MSPs to legally meet the 14 cyber security principles that make up the existing Cyber Assessment Framework. These currently apply only to organisations within the UK critical national infrastructure (CNI) sector, those subjected to the NIS Directive, and businesses managing cyber-related risks to public safety.
Under the proposals, organisations may also be asked to instigate policies to protect devices and prevent unauthorised access, ensure data is protected at rest and transit, keep backups secure and accessible, and train staff in cyber security.
“There is a long history of outsourcing of critical services,” said digital infrastructure minister, Matt Warman. We have seen attacks such as ‘CloudHopper’ where organisations were compromised through their managed service provider.
“It’s essential that organisations take steps to secure their mission-critical supply chains – and remember they cannot outsource risk.
“Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible.”
The consultation on strengthening supply chain cyber security follows several high-profile attacks against thousands of businesses, described as supply-chain hacks.
One of the scariest of modern history, the SolarWinds Orion Platform hack, was detected in late 2020 and affected countless businesses and public sector organisations. Similarly, the Microsoft Exchange Server attack, more recently, hit at least 30,000 businesses within the US, and many more across the world.
These are just two of several attacks, including one against CodeCov in which hackers accessed the source code of cyber security firm Rapid7.
The government’s consultation on supply chain cyber security aims to seek views from firms that both procure and provide digital services, asking them whether the UK needs updated guidance or strengthened rules. This call for views is now open and will close on 11 July.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Using APIs to rewire supply chains in 2023In-depth Supply chains are on the mend after breaking down recently, and APIs are helping stakeholders get a better handle on data
-
Uber says compromised third-party to blame for data breachNews Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three months
-
SolarWinds hackers strike again with a new “MagicWeb” authentication exploitNews Microsoft warns MagicWeb can abuse admin credentials to hijack AD FS enterprise identity system
-
Former Apple worker alleged to have defrauded company out of $10 millionNews The man faces five federal charges after he is said to have exploited his position in Apple's Global Service Supply Chain
-
KP Snacks supply chain shut down by Conti ransomware attackNews Crippled IT systems are unable to process new orders "safely" and could be down until late-March
-
Spar stores forced to close following supply chain attackNews The UK supermarket chain is working with the NCSC to investigate the incident
-
Majority of UK's top business leaders are failing to manage supply chain security risksNews New findings from a DCMS review have sparked concern in government which could see new laws introduced to protect Britain's digital supply chains
-
Supply chain breaches impacted 97% of firms in the past yearNews New BlueVoyand research finds that supply chain security breaches are increasing
