MSPs could be made to follow new cybersecurity measures under government plans
UK government wants feedback as it considers enhanced cybersecurity standards
Managed service providers (MSPs) and firms procuring digital services are being asked to provide the UK government with feedback on proposed new cybersecurity measures aimed at protecting critical supply chains.
The Department for Digital, Culture, Media and Sport (DCMS) wants to hear views on the existing advice for supply chain risk management and is considering asking MSPs to meet new cybersecurity measures to make the UK more resilient.
"There is a long history of outsourcing of critical services. We have seen attacks such as CloudHopper where organisations were compromised through their managed service provider," digital infrastructure minister Matt Warman said.
"It's essential that organisations take steps to secure their mission critical supply chains - and remember they cannot outsource risk.
"Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible.
"We're seeking views from firms that both procure and provide digital services, as a first step in considering whether we need updated guidance or strengthened rules."
While the National Cyber Security Centre (NCSC) already offers a raft of support to help organisations assess the security risks of their suppliers, DCMS research shows only 12 per cent of organisations review the cybersecurity risks coming from their immediate suppliers.
Research also shows that only one in 20 firms address the vulnerabilities in their wider supply chain as organisations increasingly move their operations online.
New measures would include requiring MSPs to meet the current Cyber Assessment Framework which sets out 14 security principles for organisations which play a "vital role in the day-to-day life of the UK".
The call for views ends on July 11, with the DCMS seeking examples of good supplier risk management.