Be a cyber secure link in the MOD supply chain

Going into 2019, it is important for your business to assess the changes you need to make to become cyber secure.

Want to find out more about cyber security? Learn about the benefits of Cyber Essentials to MOD suppliers below.

Protecting the UK’s defence supply chain

This year the Ministry of Defence has continued to develop cyber security initiatives that aim to protect the UK’s defence supply chain.

During the Autumn Budget announcement, Chancellor of the Exchequer Philip Hammond announced that additional £1bn has been granted to the MOD to cover the remainder of 2018 and 2019, to “boost” the country’s cyber capabilities.

 

Global Threats

Attacks in recent years have made it ever more obvious that cyber threats to the supply chain are real, not just in the UK but globally.

In July 2018, the US’s National Counterintelligence and Security Center (NCSC) warned that:

“Software supply chain infiltration is one of the key threats that corporations need to pay attention to, particularly how software vulnerabilities are exploited”

Attackers are finding innovative ways to exploit computer networks, one being that they will hack into systems through technology providers that have privileged access – such as subcontractors or members of the supply chain.

 

Comply with Cyber Essentials

As the MOD’s supply chain is made up of a wide range of organisations, it must have strict conditions around supplier cyber security.

The MOD requires suppliers to have a Cyber Essentials certification by a contract start date (at the latest); the certification must also be renewed annually. This requirement must flow down the supply chain.

There are a number of suppliers that can help you get started with Cyber Essentials. However, if you would like to gain Cyber Essentials using Fast Track, this can be granted within 24 hours* with Cyber Essentials Online.

* Office hours are based on the UK working time 9am-5pm Monday-Thursday and 9am-2pm on Fridays. Fast Track applications made out with these times cannot be guaranteed for a 24 hour turnaround.

Cyber Security Month: Is your business Cyber Essentials certified?

cyber essentials

 

Did you know that October is Cyber Security month?

This makes now the perfect time for your business to become cyber security compliant.

If you are a supplier to the defence sector, it is vital to have a cyber security solution in place as it is now a standard part of the procurement process and central to MOD supplier selection.

 

Cyber Security Model

The MOD and DCPP mandated that all MOD suppliers need to comply with the new Cyber Security Model in October 2017. This requires all bidding suppliers to hold a version of Cyber Essentials certification.

 

What level of certification is required?

It is important that you select the correct Cyber Essentials solution for your business. Every supplier is different and that is why there is a range of certification options to choose from. One of the available Cyber Essentials suppliers, DCI, offers the following options:

 

Cyber Essentials

  • Suitable for suppliers handling MOD contracts where the risk is “Very Low”
  • Support and advice offered throughout the application process
  • Includes Cyber Essentials branding which your business can use to promote its certification
  • 12 months’ certification upon successful application
  • No additional costs for retests or Gap Analysis

 

Cyber Essentials Fast Track

  • Get certified within 24 hours
  • Gain access to the online self-assessment questionnaire
  • Suitable for suppliers handling MOD contracts where the risk is “Very Low”
  • Support and advice offered throughout the application process
  • Includes Cyber Essentials branding which your business can use to promote its certification
  • 12 months’ certification upon successful application
  • No additional costs for retests or Gap Analysis

 

Cyber Essentials Plus

  • Required for MOD contracts where the risk is “Low”, “Moderate” or “High”
  • Includes advanced assessments
  • On-site assessment and vulnerability test
  • Gain access to the online self-assessment questionnaire
  • Support and advice offered throughout the application process
  • Includes Cyber Essentials branding which your business can use to promote its certification
  • 12 months’ certification upon successful application

 

Keep in mind that for all MOD contracts where the risk is classified as “Very Low”, “Low”, “Moderate” or “High” suppliers should either already have Cyber Essentials certification in place or be able to show they are working towards Cyber Essentials certification.

More information

For more information on Cyber Essentials, access the Procurement Policy Note 09/14: Cyber Essentials scheme certification or download the DCI Cyber Essentials Scheme Summary.

 

 

 

 

 

 

Promote your business as cyber safe with Cyber Essentials

cyber essentials

 

Backed by the UK Government and the National Cyber Security Centre (NCSC), Cyber Essentials certification is a key requirement for any defence supplier that wants to work with the Ministry of Defence.

Having this certification or not could potentially make or break your chance of winning defence and wider public sector contracts.

Find out more about Cyber Essentials and how your business can become certified below.

 

The MOD’s Cyber Security Model

If your business wants to work with the MOD it is vital that you understand the associated Cyber Risk profiles MOD contracts may contain.

The Cyber Security Model introduced by the Defence Cyber Protection Partnership (DCPP) within the MOD recommends Cyber Essentials certification. In fact, under the Defcon 658 notice suppliers will need to know what level of Cyber Essentials certification their business must have to comply with MOD cyber requirements throughout their supply chain.

 

Promoting Cyber Essentials

When a business becomes Cyber Essentials certified it can then be promoted as cyber secure up to the Cyber Essentials standard level.

Businesses that receive the Cyber Essentials certificate also receive the relevant Cyber Essentials branding to use on collateral such as tender bids.

 

Secure your business

Protection is another benefit of Cyber Essentials.

This year, the Cyber Security Breaches Survey revealed that over four in ten businesses (43%) have experienced a cyber security breach or attack in the last 12 months.

If you want to protect your business from the ever-increasing cyber threat, the controls that need to be in place to achieve Cyber Essentials certification can help to protect your business from around 80% of common cyber attacks.

 

Find out more about Cyber Essentials

If you would like to learn more about cyber security, download a free Cyber Essentials Scheme Summary.

This will give your business a clearer picture of how cyber attacks can affect your business and what is involved in the certification process.

 

Cyber Reserves join the UK Armed Forces fight against cyber attacks

Reserves Day

An elite force of UK Armed Forces Cyber Reserves has joined the fight against cyber terrorism.

Due to the rise in cyber attacks, the Ministry of Defence has been hunting for gamers and amateur coders to become cyber Reserves.

The MOD has seen a huge increase in applications for these positions and has created an elite force of specialists that can help protect the UK with their specialist cyber skills.

 

Reserves Day

On 27 June Defence Secretary Gavin Williamson spoke at the Reserves Day reception in the House of Commons. He said that

“Reservists play a vital role in our Armed Forces, bringing a huge range of experiences and skills to the defence of our country.

“As the threats, we face intensify we need to attract the brightest and the best from all walks of life as part of a modern military.”

Mr Williamson has called for more specialists to join the Reserves. The MOD has requested that engineers, chefs, media operations and electricians sign up to join the UK Armed Forces as Reservists.

 

What are Cyber Reserves?

The Government has been investing in cyber security since 2013 when the Joint Forces Cyber Group was created. The Joint Cyber Reserve is a branch of the Reserve forces set up to help the UK protect its national security by defeating cyber attacks and other forms of online espionage. Candidates are chosen on the basis of  their technical knowledge, skills and experience.

 

Cyber security – protect your business

The UK Government is  investing heavily in cyber security and if you want to become a supplier to the MOD it is vital that you can promote your business as cyber secure.

DEFCON 658 is an official MOD policy, which states that all defence suppliers bidding for new MOD contracts (that include the transfer of ‘MOD identifiable information’) should possess Cyber Essentials certification before contract award or be able to show progress with cyber in time for the contract to begin.

This certification is government-backed and is supported by the National Cyber Security Centre (NCSC).

 

Cyber Essentials

Having Cyber Essentials certification will allow your business to comply with government standards, protect your business against 80% of cyber attacks and promote your services as cyber safe – something that incredibly important to the MOD in the current climate.

Learn more about cyber security in the Cyber Essentials section of our website.

 

Why is network security so important?

network security_cyber essentials

 

The latest 2018 Thales Data Threat Report has revealed that the UK is the most breached country in Europe, with 37% of businesses across the UK being breached last year.

As UK businesses face a growing threat from cyber attacks, now is the time to invest in your business’s network security strategy.

Find out why network security is so important below.

 

What is network security?

Network security helps businesses to protect the usability and integrity of their network and data, as it covers both hardware and software technologies.

This type of security counters cyber threats like phishing scams and ransomware and can stop such threats from entering your business network.

 

Government’s 10 Steps to Cyber Security

It is vital that you are taking all measures possible to enforce network security within your business.

Network security is mentioned in the Government’s 10 Steps to Cyber Security, a guide which sets out a comprehensive risk management regime that organisations can follow to improve their cyber security.

The Government’s own Cyber Security Breaches Survey 2018 analysed the proportion of UK businesses undertaking action in each of the 10 Steps. The survey revealed that 89% have taken steps to introduce ‘network security – firewalls with appropriate configurations’.

 

Protect your business

Peter Galvin, Chief Strategy Officer at Thales eSecurity, has made several recommendations aimed at businesses that want to protect their data and improve their current cyber security strategy. He says:

“To stand the best chance of success against these advanced attacks, businesses need to dedicate the appropriate level of attention, budget and resource into safeguarding their sensitive data, wherever it happens to be created, shared or stored.”

There are many ways your business can do this, one of them being Cyber Essentials certification. Cyber Essentials certification will not only demonstrate that you have control of your company’s network security; it will help to protect your business from around 80% of common cyber attacks.

 

Cyber Essentials

Certification can be obtained from a range of Cyber Essentials providers; however, DCI offers three levels of certification:

  • Base level certification
  • Fast track option
  • Cyber Essentials Plus

If you would like to learn more, download a free Cyber Essentials Scheme Summary or visit DCI for full information on all of the packages mentioned above.

Under a week until GDPR: Is the defence sector ready?

The new GDPR regulations, which will come into place on 25 May 2018, will raise the bar for cyber security. The MOD already requires defence suppliers to have a Cyber Essentials certificate by the contract start date at the latest, and for it to be renewed annually.

What will the changes mean for defence suppliers?

Read about what your organisation MUST know in preparation for GDPR implementation this week.

 

Are you EU compliant?

The changes affect all defence suppliers that want to sell their goods or services to people in the EU (even if they are located outside it). Defence suppliers must be compliant with GDPR.

More information can be found at the official EU General Data Protection Regulation (GDPR) site here.

 

GDPR: what’s new?

GDPR includes requirements that could affect the way your organisation controls, stores and uses personal data. On 25 May, when GDPR comes into force, your organisation will be expected to be ready and compliant.

For some organisations the introduction of GDPR will make little difference as they are already working within the limits set by the regulation. However, those that are not need to start making sure they are compliant immediately.

The current maximum fine for a data breach is £500,000. However, moving forward, organisations that experience a data breach will see fines of up to 4% of their annual turnover or 20 million Euros, depending on which is greater.

If your organisation does suffer from a data breach, the Information Commissioner’s Office (ICO) MUST be informed within 72 hours of the breach.

 

Cyber Essentials and GDPR

Is your business protected against looming cyber attacks? The head of the UK’s National Cyber Security Centre has warned that a major cyber attack on the UK is a matter of “when, not if”.

Although your organisation will require more than Cyber Essentials to comply with GDPR, protecting your business against cyber breaches will help you to tick some of the GDPR boxes.

Gaining Cyber Essentials certification is also a quick and straightforward way to provide evidence that you have taken steps towards protecting your organisation and its data from cyber attacks.

 

Become Cyber Essentials Certified

There is still time to become Cyber Essentials certified before GDPR launches.

Cyber Essentials is recommended by the UK Government. The certification is designed to provide a statement of the basic controls that can protect your organisation from 80% of common cyber threats.

Several providers offer Cyber Essentials certification; however, with DCI Cyber Essentials Fast Track you can gain certification within 24 hours*.

 

*Office hours are based on GMT working time 9am-5pm Monday -Thursday and 9am-2pm on Fridays. Fast Track applications made outside these times cannot be guaranteed for a 24 hour turnaround.

5 tips that will help you win defence contracts

There are several things your business can do to increase its chances of winning defence contracts.

Whether you are looking to become more involved in the defence community or improve the way your business is looking for defence contracts, we have listed a range of ways your business can become more efficient in finding defence opportunities. 

Read our 5 tips that will help you win defence contracts.

 

Webinars

Webinars are an excellent way to gain insight into how your business can win defence contracts. We encourage all DCO users to attend the ‘How to find and win more defence and civil contracts’ webinar which is hosted by DCI (Defence Contracts International).

During the webinar you will learn how to fill your pipeline with hard-to-find public and private sector contracts and can ask defence contracts sourcing experts any questions that you may have about winning business with the defence sector.

Secure your place at the DCI webinar.

 

Industry Events

The Ministry of Defence, Defence Infrastructure Organisation and Defence Contracts Online are all official partners of the UK’s premier defence procurement event, DPRTE.

Attending events like DPRTE gives you a chance to meet defence buyers face to face and participate in training sessions that could help you to win future contract opportunities.

At the 2018 DPRTE event over 1300 delegates enjoyed 40+ training sessions across five Knowledge Transfer Zones. If you missed this event, you can register your interest now for DPRTE 2019.

 

BiP DPRTE 2018

 

 

Cyber Essentials

Cyber certification is now seen as the first step to success when it comes to defence tendering.

Based on DEFCON 658, official MOD policy is that defence suppliers bidding for MOD contracts that “include the transfer of MOD identifiable information” should possess Cyber Essentials certification before contract award. Suppliers are expected to show evidence of progress towards cyber certification in time for contract start date.

Once your brand is certified it will receive the relevant Cyber Essentials branding to use on collateral such as tender bids. If you would like to promote your business as cyber secure with Cyber Essentials, request your scheme summary.

 

MOD Guide to Defence & Security

When it comes to winning defence contracts, where better to get advice about defence procurement than from the MOD first hand? The MOD Guide to Defence & Security 2018 is now available. This publication gives defence suppliers guidance on how to engage in defence procurement and includes key contact details from across the major defence bodies.

The MOD Guide, which costs £75, includes two free exclusive Industry Reports that will help your business to grow its sales opportunities.

Order now

MOD Guide to Security and Defence 2018

Contract Alerts

One of the simplest ways you can win defence contracts is through tender alerts.

Defence Contracts Online is the official source of MOD contracts. We publish MOD contracts valued at £10,000 and over. Once you have set up your customisable search profile, we will send you daily relevant contract alerts via email.

Register for free online now and gain 24/7 access to all UK MOD published contracts.

 

The Government has released a new plan to support cyber security exports

cyber security export strategy

 

The latest cyber threats against NATO countries could mean future attacks on global and UK organisations. In preparation for this, the UK Government is urging businesses at home and abroad to act and ensure that they meet cyber security standards.

The Cyber Security Export Strategy has been put in place to support UK companies that want to export their cyber security services or products to allied countries.

Find out more about the new strategy below.

What is the Cyber Security Export Strategy?

The Cyber Security Export Strategy has been released by the Department for International Trade (DIT). It outlines how the UK Government will support the cyber security sector in the current high threat climate.

It has already been stated by the head of the UK’s National Cyber Security Centre that it is only a matter of time before there is a major cyber attack on the UK. Possible targets could include future elections and Britain’s critical infrastructure.

Tackling foreign threats

The new strategy also aims to tackle foreign threats head on. When International Trade Secretary Dr Liam Fox launched the Government’s new Cyber Security Export Strategy he referenced the recent poisoning of Sergei Skripal and how regular Russian cyber attacks are becoming.

“Recent events show that the UK faces a diverse range of threats from hostile state actors… In an increasingly digital world, it’s vital that we improve our cyber capabilities, which are crucial for national security and prosperity.”

What sectors will the new strategy target?

Moving forward, DIT would like to engage with businesses and organisations in the UK and abroad and assist cyber security companies that want to build business relationships in the UK and with allied countries.

The new strategy aims to support cyber security firms that work with the following areas:

Government and Healthcare

Ransomware attacks like WannaCry have shown the vulnerability of public sector organisations around the world.

One year on from this attack, it has been reported that the NHS still has a long way to go before its trusts are completely cyber secure.

Private sector organisations will inevitably play a huge part both in strengthening cyber security and in the digital and IT transformation and modernisation needed not just by the NHS but by public sector organisations around the world.

Financial Services

With eCommerce and contactless payments becoming more and more popular, companies that work in financial services must prepare for potential hacks.

In this sector, consumer trust is incredibly important and poor cyber security standards could convince finance customers to move to another provider.

Automotive

New generation cars may well be the next victim of cyber attacks as the innovative technology could be vulnerable. Cars are already being ‘hacked’ by thieves using transmitters to enhance the signal from a vehicle’s entry system, kept securely in the owner’s house, in order to unlock a car on a drive and steal it without triggering the vehicle’s security system.

Businesses working in the automotive sector are already investing in cyber security with significant growth expected in global spending in this area by the early 2020s. Statista.com quotes figures of $20 million for 2016, with projections of $770 million by 2023*.

Energy and Critical National Infrastructure

The Government has reported that businesses within the energy and critical national infrastructure sectors are further behind on technological advancements than expected. Many are still using legacy technologies and software programs that require ongoing maintenance. WannaCry revealed the risks of using out-of-date software – many of the NHS organisations affected were using such technologies.

Digital Infrastructure

The Cyber Security Export Strategy has highlighted how vulnerabilities in digital infrastructure could cause severe disruption or loss of personal data:

“Digital infrastructure is increasingly ubiquitous, ranging from smart ticketing on urban rail to technology-enabled customer journeys through the world’s airports.”

Find cyber security opportunities

With the Government releasing the Cyber Security Export Strategy, now is the time for UK cyber security businesses to start looking for work at home and in allied countries.

If your company provides cyber security services and wants to work with the government and defence sector, register on our portal today for free.

 

 

Cyber Essentials Attraction: David Prince [video]

The Royal United Services Institute for Defence and Security Studies, officially still known by its old name, the Royal United Services Institution, is a British defence and security think tank.

Here the then Defence Contracts Bulletin Magazine Editor Paul Elliott speaks to RUSI Director of Defence and Industries and Society John Lough about the vitality of defence academia.

 

 

Leading the way in public sector procurement, BiP is working with ID Cyber Solutions and the UK MOD to offer Cyber Essentials Accreditation through its portal.

For more information on Cyber Essentials click here.

Cyber Essentials Explained: Ian Kerr [video]

Ian Kerr On 1 October 2014, Cyber Essentials certification became mandatory for suppliers bidding for government contracts involving sensitive or personal information. The certification became mandatory for defence contracts at the start of 2016. Here Defence Contracts Bulletin Editor, Paul Elliott, speaks with ID Cyber Solutions Managing Director, Ian Kerr, about the scheme’s significance to suppliers.
Cyber Essentials is a scheme that tackles the increase in online threats to national security, by ensuring better online protection among the suppliers that sell to government.
Here ID Cyber Solutions Managing Director Ian Kerr explains:
Why businesses should invest in cyber security.
Common areas of business vulnerable to cyber attack.
 How Cyber Essentials can help suppliers beat their competition.
Leading the way in public sector procurement, DCI is working with ID Cyber Solutions and the UK MOD to offer Cyber Essentials Accreditation through its portal.

For more information on Cyber Essentials click here.