In a recent announcement, the government has put out a call for expert advice on how to defend against supply chain cyberattacks and methods of strengthening the security of IT managed service providers throughout the United Kingdom.
The government request follows the executive order issued by President Biden to fortify the United States’ dedicated cybersecurity defences in answer to the Codecov and Solar Winds supply-chain attacks and the headline assault on the Colonial Pipeline.
A governmental call for cybersecurity expertise
The UK government’s Department for Digital, Culture, Media, and Sport (DCMS), is now looking for specialist advice on appropriate measures to bolster cybersecurity protection levels across the country from companies that procure and offer digital services.
The recently unveiled initiative is a key part of a countrywide “cyber resilience” plan launched by the National Cyber Security Strategy, designed to safeguard tech organisations and businesses from focused cyberattacks, and to forge stronger levels of security for digital supply chains.
A press release issued by the DCMS affirmed that only 12% of organisations currently reviewed potential cybersecurity-related risks from the immediate supplier they used, while a mere 5% of companies had resolved vulnerabilities present in the broader software supply chain.
Increasing digital defences
As an increasing number of UK businesses rely on technology and migrate to operating entirely online, safeguarding digital services and supply chains by managed IT service companies has become crucial for business resilience and continuity, according to the DCMS.
Minister for Digital Infrastructure, Matt Warman commented:
“It’s essential that organisations take steps to secure their mission-critical supply chains – and remember they cannot outsource risk. Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible.”
However, government proposals for increased security could result in new rules for UK companies to adhere to. Depending on the collected wisdom from IT firms and sector experts, the government will review whether increased strengthening of present policies for cybersecurity is required, and what areas in particular need improvement.
Government findings during the two-month advisory survey could potentially mean that IT management companies will need to follow an updated set of standards for security.
A comprehensive policy paper published by the Government has outlined the two major aims of the survey. The first is an evaluation of risk management for software supply chains, including an understanding of what the barriers are to this process, how it can be improved, and what defences and risks currently exist.
Secondly, the endeavour will examine the important role of managed service providers in UK supply chains operating in multiple sectors, from government to national infrastructure, and constructing a secure framework for them.
The UK government’s invitation for feedback on cybersecurity issues will remain open for around another six weeks, leaving experts at firms that procure and provide IT services until July 11 to respond via the specially designed survey.