I recently spoke at the Cisco Systems Industrial 5G and Cybersecurity in the age of Digital Transformation event in London, about Cyber Supply Chain Risks.
Identifying and monitoring cyber security risks within the Supply Chain is a live issue amongst manufacturers. Many companies we have spoken to have expressed concern over their Supply Chain risk but say they do not fully understand the extent of those risks.
As we increasingly use digital systems to automatically manage orders, supplies and manufacturing processes, we are increasing the areas that could be used to attack both the supplier and their partners.
Increasingly, customers are asking for assurance from their supply chain partners, and with over 40% of Make UK members saying they have been asked, it makes good commercial sense to ensure you can provide that assurance.
The Government is moving towards mandating Cyber Essentials Plus (CE+) as a standard for supply chain compliance. The MOD has recently introduced the Defence Cyber Protection Partnership (DCPP) scheme, to address potential vulnerabilities from the supply chain and the DoH are looking at a similar initiative. We would recommend CE+ as a good standard to start your cyber risk management journey. Learn more about Cyber Essentials from the National Cyber Security Centre.
Companies with a supply chain cannot rest at ensuring their own systems and processes are effective but must also consider what vulnerabilities exist within their suppliers and take action to secure that chain. There are many examples of suppliers being used as "a back door" to attack a target.
We are able to work with manufacturers to help them properly understand their supply chain risks and manage them effectively. Find out more about our cyber security services.
By Chris Ford, Make UK Cyber Security Service