Government seeks input on supply chain security


The government has unveiled new proposals to help UK businesses manage cyber security in their digital and third-party IT services supply chains, as a growing body of evidence suggests that the risks to business continuity are hitting unprecedented heights.

With supply chains demonstrably threatened through high-profile cyber attacks – a recent spate of incidents sparked through breaches of Accellion and Codecov products and, arguably, the SolarWinds incident – the Department for Digital, Culture, Media and Sport (DCMS) is calling for views on several measures to enhance supply chain security.


Recent research conducted by the department suggests that only 12% of UK organisations routinely review the cyber risks from their immediate suppliers, and only 5% address the vulnerabilities in their wider supply chain.

“There is a long history of outsourcing of critical services,” said digital infrastructure minister Matt Warman. “We have seen attacks such as ‘CloudHopper’ where organisations were compromised through their managed service provider. It is essential that organisations take steps to secure their mission-critical supply chains – and remember they cannot outsource risk.

“Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible. We’re seeking views from firms that both procure and provide digital services, as a first step in considering whether we need updated guidance or strengthened rules.”


To this end, the Call for Views on Supply Chain Cyber Security, which will run until 11 July 2021, is seeking views both on existing guidance for supply chain risk management – the National Cyber Security Centre (NCSC) provides advice on supply chain security and supplier assurance – as well as binding managed service providers and other tech suppliers to the 14 Cyber Assessment Framework principles.

This framework includes several measures that organisations should take, including implementing policies to protect devices and stop unauthorised access, ensuring data is protected at rest and in transit, maintaining secure and accessible backups, and training staff in a positive cyber security culture.

DCMS is also seeking feedback on examples of where supplier risk management has been done right, building on the NCSC’s advice.


The department’s announcement comes hot on the heels of last week’s US presidential executive order, signed by Joe Biden, which contains similarly far-reaching proposals around securing the IT supply chain, including tighter standards for the development of software bought by the US government, and establishes a security hygiene “star rating” for software solutions.

The US government was hit particularly hard by attacks conducted through compromised instances of SolarWinds’ Orion network management platform at the end of 2020, which also had some limited spill-over into UK organisations.

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook


We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News


Read original article here

Denial of responsibility! is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment