Skip to the content

Follow us @UKAuthority

NCSC publishes guidance on supply chain cyber security

13/05/22

Mark Say Managing Editor

Get UKAuthority News

Share

Lock joining links in chain
Image source: istock.com/Alzay

The National Cyber Security Centre (NCSC) and a number of international partners have published a joint advisory notice with guidance on cyber protection in the supply chain.

It related the initiative to incidents such as the attack through Solarwinds network management software in 2020, clients of which included a range of UK public sector and defence organisations, and concerns about an increase in attacks in the wake of Russia’s invasion of Ukraine.

The advisory includes a series of practical steps for managed service providers (MSPs) and their customers and has been issued with the US Cybersecurity and Infrastructure Security Agency, National Security Agency, and Federal Bureau of Investigation, and the Australian Cyber Security Centre, Canadian Centre for Cyber Security and the New Zealand National Cyber Security Centre.

NCSC said MSPs provide IT support to their customers in various ways, for example through software or cyber security services, and in order to do so they are granted privileged access to a customer’s network. This can create opportunities for attackers, who can gain access to an organisation’s network by compromising their MSPs.

Recommendations include the improvement of monitoring and log-in processes, the enforcement of multi-factor authentication, the segregation of internal networks and application of the principle of least privilege.

Strengthening resilience

NCSC CEO Lindy Cameron said: “We are committed to further strengthening the UK’s resilience, and our work with international partners is a vital part of that.

“Our joint advisory with international partners is aimed at raising organisations’ awareness of the growing threat of supply chain attacks and the steps they can take to reduce their risk.”

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.