The Department for Digital, Culture, Media and Sport (DCMS) is asking MSPs and the Channel their views on protecting the digital supply chain.
MSPs can comment on measures that would increase the security of digital supply chains and how protection could be improved for those in the channel providing services including data processing and infrastructure management.
The consultation period runs until 11 July with the DCMS is keen to hear about best practices and examples of good supplier risk management.
DCMS research has exposed a potential problem with only 12 percent of firms reviewing the risk coming from their immediate suppliers.
One of the ideas is that it could become mandatory for MSPs to meet the current Cyber Assessment Framework and adhere to the 14 principles that encourage higher levels of security.
Digital infrastructure minister Matt Warman is concerned about outsourced services being vulnerable.
“We have seen attacks such as ‘CloudHopper’, where organisations were compromised through their managed service provider. It is essential that organisations take steps to secure their mission-critical supply chains – and remember they cannot outsource risk.”
As well as the CloudHopper attacks that first started to cause headaches a few years ago, MSPs have also been targeted by ransomware attacks as criminals look to access customers via that link in the supply chain.
The government has been providing support for MSPs through the National Cyber Security Centre with the Cyber Assessment Framework, as well as Supply Chain Security and Supplier Assurance guidance. There has also been £500,000 of funding for those serving the healthcare sector.
