The UK Government's Department for Culture, Media and Sport (DCMS) has opened a Call for Views focusing on further understanding two aspects of supply chain cyber security:
- Part 1 seeks input on how organisations across the market manage supply chain cyber risk and what additional government intervention would enable organisations to do this more effectively.
- Part 2 then seeks input on the suitability of a proposed framework for Managed Service Provider security and how this framework could most appropriately be implemented to ensure adequate baseline security to manage the risks associated with Managed Service Providers.
The information collected and analysed will contribute to the development of policy solutions to provide further support to organisations with supplier cyber risk management guidance and assurance. It will also help to highlight what additional support or direction is required from the government to enable organisations of all sizes and sectors to become increasingly secure online.
Findings from Part 1 will contribute to the development of the government’s evidence base, including enhancing understanding of good supplier cyber risk management, enable it to continue to improve existing advice and guidance, and helping to highlight what additional support or direction is required from the government to support organisations to become increasingly secure online.
Findings from Part 2 will inform the development of policy solutions to help manage the security risks associated with Managed Service Providers, while ensuring that organisations have the information and capability to prioritise security when buying services from Managed Service Providers.
Matt Warman, Minister for Digital Infrastructure, says: "Future-proofing our digital economy is a major priority for this government. Good cyber security throughout supply chains is a crucial part of this and our mission of making the UK the safest place to live and work online. This Call for Views is an important part of this process, allowing the government’s work to be informed by an understanding of what works and I encourage all organisations who procure digital services, including Managed Services, and Managed Service Providers themselves, to take part in this consultation."
DCMS welcomes input from organisations of all sizes and sectors including membership bodies and associations, academics, and supply chain, procurement and cyber security experts, as well as those that support organisations with their risk management such as consultancies or risk management platforms. In particular it welcomes input from Managed Service Providers and buyers of Managed Services into Part 2. However, submissions are not limited to these organisations and responses are invited from all those that have an interest in supply chain cyber risk management. Respondents should answer the questions that are most relevant: there is no obligation to respond to all survey questions.
National Cyber Security Strategy
A key focus of the government’s National Cyber Security Strategy 2016–2021 has been on ensuring all organisations are effectively managing their cyber risk to help make the UK the safest place to live and work online. With the rapid increase in the digitisation of UK organisations cyber threats are increasingly reaching organisations through vulnerabilities in their suppliers, or supplied products and services. The government is preparing a new National Cyber Strategy which will set a goal of building a more resilient and prosperous digital UK, bolstering cyber security, ensuring organisations are empowered to adopt new technology, and addressing vulnerabilities in digital infrastructure.