The National Cyber Security Centre (NCSC) has published new guidance for organisations on assessing defences and resilience in their supply chains.
It said the move comes in response to a growing trend in supply chain attacks and urged organisations to work with their suppliers to identify weaknesses and boost resilience.
The guidance describes how vulnerabilities to cyber attack can arise in the chain, defines expected outcomes and sets out key steps to assessing the approach to security.
They include beginning with a knowledge of your own organisations’ approach to cyber risk management, then developing an approach to assess supply chain security. The latter involves prioritising the key factors and creating components for the approach.
Next is to apply the new approach to new supplier relationships, embedding security practices throughout the contract lifecycle and monitoring relevant performance.
This is followed by integrating the approach into existing supplier contracts, identifying those with security shortfalls and working with them on improvement plans. This should be reinforced by regular measurement against defined metrics.
It is rounded up by aiming to continuously improve the practices, periodically refining the approach as new issues emerge.
Ian McCormack, NCSC deputy director for government cyber resilience, said: “Supply chain attacks are a major cyber threat facing organisations and incidents can have a profound, long lasting impact on businesses and customers.
“With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place.
“Our new guidance will help organisations put this into practice so they can assess their supply chain’s security and gain confidence that they are working with suppliers securely.”