Call for views on supply chain cyber security

Call for views on supply chain cyber security

The Department for Digital, Culture, Media and Sport (DCMS) has published a Call For Views on measures to enhance the security of digital supply chains and third party IT services, used by firms for data processing and infrastructure management.

A recent survey found that only 12% of businesses review risks coming from immediate suppliers, while only 5% address risks coming from wider supply chains. As organisations increasingly move their operations online, business continuity and resilience is becoming more reliant on Managed Service Providers (MSPs). These are being used as a means to attack companies.

The Call for Views focuses on further understanding two aspects of supply chain cyber security:

  • Part 1 seeks input on how organisations across the market manage supply chain cyber risk and what additional government intervention would enable organisations to do this more effectively.
  • Part 2 seeks input on the suitability of a proposed framework for MSP security and how the framework could be implemented to ensure adequate baseline security to manage the risks associated with MSPs.

The deadline for responses is 11 July and the government aims to publish a response in late 2021.