The Ministry of Defence (MoD) is taking a new run at developing a digital service to strengthen cyber security in its supply chain.
This follows the retirement of its previous Octavian Supplier Cyber Protection Service (SCPS) last year and the abandonment of a replacement SCPS digital solution (SCePTre) at private beta stage earlier this year. The decision was made when an assessment showed that, although the interface and business logic were satisfactory, the architecture and support wrap could not achieve the desired level of compliance with the Government Service Standard.
In the interim the ministry has been running a manual operation for cyber risk profiling of its supply chain.
It has now published a market notice for support in an 18-month project to refresh the findings from the previous discovery project then define and deliver a new service.
Quantifying risk
This specifies that a new SCePTre system would enable MoD buyers to quantify the level of a supplier’s cyber risk through a risk assessment, and to review supplier responses to a supplier assurance questionnaire. This is aimed at ensuring adequate protection for MoD identifiable information shared with them.
Suppliers will also need to apply the risk assessment and assurance process through their own supply chain for organisations involved in delivering a contract with the MoD.
The notice also indicates that the supplier involved in the earlier development is now withdrawing and will not be involved in any work.
The development is taking place under the Defence Cyber Protection Partnership a joint MoD and industry initiative to protect the defence supply chain from cyber threats.
