The UK government has unveiled plans to boost the cyber security of the country’s digital supply chains with a series of measures that could include mandating IT service providers to adhere to the National Cyber Security Centre’s (NCSC’s) Cyber Assessment Framework (CAF).
Other proposals include new procurement rules to guarantee that public sector organisations procure technology from firms with solid cyber postures and plans for improved cyber security advice and guidance campaigns.
The proposals follow a Department for Digital, Culture, Media and Sport (DCMS) consultation on the issue of digital supply chains and third-party IT services, launched in May 2021 after a spate of incidents in which IT companies – most notably SolarWinds – were used by malicious actors to target downstream customers.
