Evolving and increased number of cyber threats has made the UK Department of Defence and Ministry of Defence implement cybersecurity controls that are applicable to data generated or held by suppliers.
The controls are mandated because of the increased cyber threats and the fact that the supply chain has become a target due to low levels of cyber protection incorporated by suppliers.
The DCPP (Defence Cyber Protection Partnerships) put in place measures to protect the defence supply chain against possible cyber threats.
The DCPP developed the Cyber Security Model to make sure that the Ministry of Defence Identifiable Information is protected. The Cyber Security Model comprises of.
- A risk assessment process that is used to identify possible cyber risk for a contract.
- Requirements that suppliers will need to attain for the level of assessed cyber risk determined by risk assessment.
- The SAQ (supplier assurance questionnaire), which acts as compliance for suppliers to see if they meet the cyber requirements.
Cyber Security Breaches
Cyber-attacks have become common in today’s world especially with the growing volumes of threats like hacks, data breaches, and malware. This has made it crucial for public and private sector suppliers to implement the necessary cybersecurity controls and work with experts in the field for protection from cyber threats.
Besides, the UK government revealed plans on increasing the defence spending in its latest budget to allow for the Armed Forces to control cyber-attacks.
The news came after the WannaCry ransomware attack that happened in 2018. This cyber-attack cost NHS 92 million pounds and led to the cancellation of 19,000 appointments, which was a major blow to the United Kingdom public sector.
Cyber Essentials
This is a government initiative from the NCSC (National Cyber Security Centre) to offer SMEs and large suppliers supplying to the Ministry of Defence with cybersecurity controls. Businesses willing to supply to the defence sector should have a Cyber Essential certification.
The certification allows businesses to show their credentials as secure and trustworthy organisations and put themselves in a great position to supply to the defence market knowing that their bids stand out in the competitive marketplace.
Benefits of Cyber Essentials
Some benefits of Cyber Essential include.
- Cyber Essentials is supported by the National Cyber Security Centre.
- Certification shows that you take data security seriously.
- Cyber Essential controls protect businesses from approximately 80 percent of cyber attacks.
- Certification is a cheaper alternative to paying the costs of a cyber breach.
- Different providers offer certification meaning it is readily available.
Cyber Security Tenders
Cybersecurity contracts involve a wide range of areas and public sector organisations that depend on the support of suppliers to protect their software, data, hardware, and inter-connected systems from cyber-attacks.
Cybersecurity tenders are released to stop these attacks from happening. Public sector organisations may seek tenders in areas such as.
- Internet of Things (IoT) security.
- Application security.
- Critical infrastructure security.
- Network security.
- Cloud security.