UK government proposes new rules for digital supply chain security
The UK government has unveiled plans to spice up the cyber security of the nation’s digital supply chains with a collection of measures that might embrace mandating IT service suppliers to stick to the National Cyber Security Centre’s (NCSC’s) Cyber Assessment Framework (CAF).
Other proposals embrace new procurement rules to ensure that public sector organisations procure expertise from corporations with stable cyber postures and plans for improved cyber security recommendation and steering campaigns.
The proposals observe a Department for Digital, Culture, Media and Sport (DCMS) session on the difficulty of digital supply chains and third-party IT providers, launched in May 2021 after a spate of incidents during which IT corporations – most notably SolarWinds – had been utilized by malicious actors to focus on downstream prospects.
“As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure,” stated Julia Lopez, minister for media, information and digital infrastructure.
“Today we are taking the next steps in our mission to help firms strengthen their cyber security and are encouraging firms across the UK to follow the advice and guidance from the NCSC to secure their businesses’ digital footprint and protect their sensitive data.”
The government stated the responses to the session had proven cross-industry assist for creating new or up to date laws on this regard, with 82% of respondents believing that laws could possibly be both efficient or considerably efficient.
As a results of this, policymakers will now return to the drafting board to develop extra detailed proposals, alongside an ongoing assessment of cyber security measures that may inform the subsequent nationwide cyber technique, which is because of be introduced earlier than Christmas.
The government additionally right now released new research on the views of so-called “captains of industry”, which discovered that though nearly all of chairs, CEOs and administrators of UK enterprises – 94%, up 10% on 2020 – believed cyber security threats had been a excessive or very excessive threat to their enterprise, giant numbers weren’t taking motion to safe their digital supply chains.
A complete of 17% both considerably or strongly disagreed with the assertion “our organisation actively manages cyber risks in our supply chain”, and 26% both considerably or strongly disagreed that the board was being stored correctly knowledgeable of supply chain threat. A complete of 13% and 9%, respectively, neither agreed nor disagreed with these statements.
Worryingly, 2% of respondents stated they didn’t know if cyber threat within the supply chain shaped a part of the written paperwork that assist handle cyber security threat.
