Be a cyber secure link in the MOD supply chain

Going into 2019, it is important for your business to assess the changes you need to make to become cyber secure.

Want to find out more about cyber security? Learn about the benefits of Cyber Essentials to MOD suppliers below.

Protecting the UK’s defence supply chain

This year the Ministry of Defence has continued to develop cyber security initiatives that aim to protect the UK’s defence supply chain.

During the Autumn Budget announcement, Chancellor of the Exchequer Philip Hammond announced that additional £1bn has been granted to the MOD to cover the remainder of 2018 and 2019, to “boost” the country’s cyber capabilities.

 

Global Threats

Attacks in recent years have made it ever more obvious that cyber threats to the supply chain are real, not just in the UK but globally.

In July 2018, the US’s National Counterintelligence and Security Center (NCSC) warned that:

“Software supply chain infiltration is one of the key threats that corporations need to pay attention to, particularly how software vulnerabilities are exploited”

Attackers are finding innovative ways to exploit computer networks, one being that they will hack into systems through technology providers that have privileged access – such as subcontractors or members of the supply chain.

 

Comply with Cyber Essentials

As the MOD’s supply chain is made up of a wide range of organisations, it must have strict conditions around supplier cyber security.

The MOD requires suppliers to have a Cyber Essentials certification by a contract start date (at the latest); the certification must also be renewed annually. This requirement must flow down the supply chain.

There are a number of suppliers that can help you get started with Cyber Essentials. However, if you would like to gain Cyber Essentials using Fast Track, this can be granted within 24 hours* with Cyber Essentials Online.

* Office hours are based on the UK working time 9am-5pm Monday-Thursday and 9am-2pm on Fridays. Fast Track applications made out with these times cannot be guaranteed for a 24 hour turnaround.

Cyber Reserves join the UK Armed Forces fight against cyber attacks

Reserves Day

An elite force of UK Armed Forces Cyber Reserves has joined the fight against cyber terrorism.

Due to the rise in cyber attacks, the Ministry of Defence has been hunting for gamers and amateur coders to become cyber Reserves.

The MOD has seen a huge increase in applications for these positions and has created an elite force of specialists that can help protect the UK with their specialist cyber skills.

 

Reserves Day

On 27 June Defence Secretary Gavin Williamson spoke at the Reserves Day reception in the House of Commons. He said that

“Reservists play a vital role in our Armed Forces, bringing a huge range of experiences and skills to the defence of our country.

“As the threats, we face intensify we need to attract the brightest and the best from all walks of life as part of a modern military.”

Mr Williamson has called for more specialists to join the Reserves. The MOD has requested that engineers, chefs, media operations and electricians sign up to join the UK Armed Forces as Reservists.

 

What are Cyber Reserves?

The Government has been investing in cyber security since 2013 when the Joint Forces Cyber Group was created. The Joint Cyber Reserve is a branch of the Reserve forces set up to help the UK protect its national security by defeating cyber attacks and other forms of online espionage. Candidates are chosen on the basis of  their technical knowledge, skills and experience.

 

Cyber security – protect your business

The UK Government is  investing heavily in cyber security and if you want to become a supplier to the MOD it is vital that you can promote your business as cyber secure.

DEFCON 658 is an official MOD policy, which states that all defence suppliers bidding for new MOD contracts (that include the transfer of ‘MOD identifiable information’) should possess Cyber Essentials certification before contract award or be able to show progress with cyber in time for the contract to begin.

This certification is government-backed and is supported by the National Cyber Security Centre (NCSC).

 

Cyber Essentials

Having Cyber Essentials certification will allow your business to comply with government standards, protect your business against 80% of cyber attacks and promote your services as cyber safe – something that incredibly important to the MOD in the current climate.

Learn more about cyber security in the Cyber Essentials section of our website.

 

Why is network security so important?

network security_cyber essentials

 

The latest 2018 Thales Data Threat Report has revealed that the UK is the most breached country in Europe, with 37% of businesses across the UK being breached last year.

As UK businesses face a growing threat from cyber attacks, now is the time to invest in your business’s network security strategy.

Find out why network security is so important below.

 

What is network security?

Network security helps businesses to protect the usability and integrity of their network and data, as it covers both hardware and software technologies.

This type of security counters cyber threats like phishing scams and ransomware and can stop such threats from entering your business network.

 

Government’s 10 Steps to Cyber Security

It is vital that you are taking all measures possible to enforce network security within your business.

Network security is mentioned in the Government’s 10 Steps to Cyber Security, a guide which sets out a comprehensive risk management regime that organisations can follow to improve their cyber security.

The Government’s own Cyber Security Breaches Survey 2018 analysed the proportion of UK businesses undertaking action in each of the 10 Steps. The survey revealed that 89% have taken steps to introduce ‘network security – firewalls with appropriate configurations’.

 

Protect your business

Peter Galvin, Chief Strategy Officer at Thales eSecurity, has made several recommendations aimed at businesses that want to protect their data and improve their current cyber security strategy. He says:

“To stand the best chance of success against these advanced attacks, businesses need to dedicate the appropriate level of attention, budget and resource into safeguarding their sensitive data, wherever it happens to be created, shared or stored.”

There are many ways your business can do this, one of them being Cyber Essentials certification. Cyber Essentials certification will not only demonstrate that you have control of your company’s network security; it will help to protect your business from around 80% of common cyber attacks.

 

Cyber Essentials

Certification can be obtained from a range of Cyber Essentials providers; however, DCI offers three levels of certification:

If you would like to learn more, download a free Cyber Essentials Scheme Summary or visit DCI for full information on all of the packages mentioned above.

Defence Secretary announces major cyber investment

Cyber Security at the Ministry of Defence

The UK will invest up to £265m to boost the defence of military cyber systems, the Defence Secretary has announced.

Michael Fallon said the investment, which supports the new Cyber Vulnerability Investigations (CVI) programme, will help the MOD better understand cyber risks.

Speaking at the second International Cyber Symposium Mr Fallon said it will also help the MOD ensure that resilience to cyber-attack is built-in when buying equipment in future.

Defence Secretary Michael Fallon said: “Cyber-attack is one of the greatest challenges to our security. It’s crucial we use our increasing defence budget to stay ahead and investing in this programme will help us protect against these threats.”

The programme will complement the work of the Cyber Security Operations Centre (CSOC), the £40 million facility announced in April to use state-of-the-art cyber capabilities to protect the MOD’s cyberspace from malicious actors.

The programme has also benefited from detailed analysis across the full range of potential cyber-attacks, meaning it is dynamic and can be applied to all aspects of MOD digital systems.

The funding follows the UK and US signing a Memorandum Of Understanding to work more closely together to overcome the growing cyber risk.

Separately the UK and France confirmed greater co-operation to defeat this threat under the Lancaster House Agreement.

Today’s announcement comes on the same day that Minister for Defence Procurement Harriett Baldwin launched the next phase of a €150 million joint Maritime Mine Counter Measures (MMCM) programme alongside her French counterpart, Laurent Collet-Billon.

Working with French allies, the programme will develop cutting edge maritime mine warfare capability to keep the UK and France at the forefront of autonomous systems technology. The development and deployment of unmanned mine clearance drones will help keep our personnel safe in challenging maritime environments.

As part of our £178 billion equipment plan, the programme will be supported by a defence budget that will rise every year until the end of the decade, meeting the NATO commitment to spend two per cent of GDP on defence.

Cyber security Explained: Andres Haggman [video]

On 1 October 2014, Cyber Essentials certification became mandatory for suppliers bidding for government contracts involving sensitive or personal information. The certification became mandatory for defence contracts at the start of 2016.

Here the then Defence Contracts Bulletin Magazine Editor Paul Elliott speaks to Royal Holloway University of London PHD Cyber Researcher, Andres Haggman about the necessity of good cyber security.

 

As defence is one of the world’s largest markets, organisations of any size can and already do successfully win new business and form strong partnerships with some of the world’s leading public and private companies.

To gain a share of this spend, you need to ensure you have access to the right intelligence to understand the market, exactly what you will receive with DCO.

Register for DCO now.

 

Cyber Essentials Explained: Ian Kerr [video]

Ian Kerr On 1 October 2014, Cyber Essentials certification became mandatory for suppliers bidding for government contracts involving sensitive or personal information. The certification became mandatory for defence contracts at the start of 2016. Here Defence Contracts Bulletin Editor, Paul Elliott, speaks with ID Cyber Solutions Managing Director, Ian Kerr, about the scheme’s significance to suppliers.
Cyber Essentials is a scheme that tackles the increase in online threats to national security, by ensuring better online protection among the suppliers that sell to government.
Here ID Cyber Solutions Managing Director Ian Kerr explains:
Why businesses should invest in cyber security.
Common areas of business vulnerable to cyber attack.
 How Cyber Essentials can help suppliers beat their competition.

Leading the way in public sector procurement, DCI is working with ID Cyber Solutions and the UK MOD to offer Cyber Essentials Accreditation through its portal.

For more information on Cyber Essentials click here.

 

WIN A STAND AT INFOSECURITY EUROPE AS PART OF CYBER INNOVATION ZONE & TITLE OF UK’S MOST INNOVATIVE SMALL CYBER SECURITY FIRM

The Department for Culture, Media & Sport is funding the UK Cyber Innovation Zone at InfoSecurity Europe from the 7 to 9 June 2016 at Olympia, London. The zone will showcase 11 small, innovative UK cyber security companies and will build on the success from last year’s activity.

Companies will be selected through a national competition to identify the 11 firms for the Cyber Zone and to award one company the title of the UK’s Most Innovative Small Cyber Security Company of the Year.  

The closing date for applications is 11.00 on 11 April.

A shortlist of companies will be selected from the applications received to pitch to a panel of experts on the 25 April.  The company pitches will be through the Cyber Demonstration Centre‘s video conferencing facility, meaning that participants will not have to travel to a venue.

The judging panel will also selected a top 4 from the featured 11. The fab 4 will pitch-off during Infosecurity Europe for the title of the UK’s Most Innovative Small Cyber Security Company of the Year.  

The activity is being coordinated through the Cyber Connect initiative.

For more information and to download an application form – https://cgp.uk.net/#/news/232

MOD funds research into cyber security

Cyber security | MOD Defence Contracts OnlineSummary: The MOD is to introduce £10m of funding into research to study the growing culture of computer hackers as well as crowd behaviour and how social media can impact upon behaviours in crises.

The research, for the MOD’s Defence Science and Technology Laboratory (Dstl), aims to “deliver new and innovative ways to understand and influence online behaviour”.

The ‘information age’ and global security

The £10m project allows postgraduates to study the various reasons people may have for joining online ‘hacktivist’ groups, how online and social activity can influence or dictate real-world crises and how changes brought about by the ‘information age’ are impacting upon global security.

Global threats are throwing up new challenges for the defence industry supply chain and procurement sectors. Threats to cyber security can have a major impact on UK industry and an inadequate information security system can put businesses both large and small at serious risk.

Growing importance of cyber security

Over the past five years, Dstl has funded multiple PhD projects, and over the last year almost £100,000 was awarded for research on the rise of digital insurgency.

An MOD spokesperson quoted in the Guardian said: “Cyber-security is an issue of growing importance. As routine cyber-security measures (patching, anti-virus) become ubiquitous, socially engineered attacks are a growing threat.

“DSTL seeks to understand these threats and the vulnerabilities they exploit in order to provide effective advice and support to the MOD and wider government on defending against these threats.”

The spokesperson added that the MOD was also “trying to understand the world in which we live and anticipate the world in which we will live” and that to do so “it now needs to incorporate an understanding of events in cyberspace and how they might unfold”.

Cyber Security Scotland summit to include Thales, Finmeccanica Selex and the MOD

NDI logoThales, Finmeccanica Selex, Lockheed Martin UK and the Ministry of Defence have been confirmed as major contractors featuring at the NDI Cyber Security Scotland event in February at the RBS Global Headquarters in Edinburgh.

Vic Leverett  (Business Development Director of Finmeccanica Selex), will be speaking as the Chair of the DCPP (Defence Security Protection Partnership) – an innovative new partnership set up to bolster the security of the defence supply chain.

Vic will be joined by other DCPP member companies (E.g. Thales, BAE Systems, Rolls Royce, Lockheed Martin, Cassidian, BT, Logica/CGI, HP) and key business leaders to discuss the future expectations of their supply chains and why businesses will need to have cyber security standards and strategies in place to enable them to compete for future contracts effectively.

Cyber Security experts will be also be hosting practical workshops and seminars to help businesses to put these recommendations into action quickly and cost effectively.

As well as the programme in the morning, Buyers and Purchasing Managers from the MOD, RBS, Finmeccanica Selex, Lockheed Martin UK, Thales and many others will be attending to meet directly with potential new suppliers.

This summit will ensure businesses are prepared for future changes in the procurement process and can quickly respond to future new business opportunities, as well as introducing them directly to immediate and future requirements of buyers who are actively looking for new suppliers now.

Executive Director of NDI, David Townsley, said: “Cyber Security is a major risk to UK industry that cannot be ignored. An inadequate information security system is one of the major global threats to businesses both large and small, and if not taken seriously can have devastating consequences for any supply chain.

“This event will provide companies with information needed to make an informed decision about how to protect themselves and also an opportunity for information security providers to demonstrate their skills and meet the right contacts to break into the cyber security supply chain market.”

Packages are available for companies willing to sponsor the Cyber Security Scotland event which is supported by RBS, Scottish Enterprise and Scottish Development International. Ticket prices are £175+VAT for non-NDI members; however, there is an early bird offer using the code “earlybird” which is £125+VAT.

NDI are a nationwide trade organisation specialising in supply chain development in the defence, space, aerospace and security sectors. The company supports its customers with a range of business development services, helping them access the supply chains of higher tier companies across the globe.

Cyber security: protection through partnership

Peter ArmstrongThe Ministry of Defence has set out to boost the UK’s cyber security, in partnership with a number of the country’s leading defence firms. Here, Peter Armstrong, Director of Cyber Security at Thales UK, one of the firms involved, outlines for MOD DCB the partnership’s key priorities for the year ahead.

A report released earlier this year by KPMG revealed that British FTSE 350 firms are failing to keep their networks safe, and as a result are putting the safety of Britain’s economy and national security under threat due to simple flaws in web security. And it’s not just the larger firms that are causing concern; a survey by McAfee also highlighted that despite British small and medium-sized enterprises (SMEs) providing training in IT and security, their employees often fail to prevent breaches and data leaks. As the number of threats to British businesses rises month on month, the cyber support to allow British firms and their suppliers to help prevent the nation coming under attack becomes ever more critical.

The Ministry of Defence has acknowledged the need for better cyber security by launching the Defence Cyber Protection Partnership (DCPP) in conjunction with other government agencies and nine UK defence and telecoms firms including GCHQ, BAE Systems, BT and Thales UK. The partnership’s main focus will be to reduce threats to the UK’s defence supply chain, particularly from the aggregation of low-level risks, with the intention of eventually filtering the output down to benefit trade and industry too.

DCPP: just another cyber security partnership?

The creation of the DCPP intends to build upon the UK’s ongoing commitment to the reinforcement of the UK as a safe place to do online business; it is an important government-industry cyber initiative formed to improve the cyber defences of the MOD’s supply chain. The DCPP will work to define and apply a new standards framework that protects investments already made in cyber security, eventually rolling it out to the whole defence industry. It will achieve this by setting high standards, developing best practice, sharing real-time information about the type and extent of cyber attacks that each company is experiencing, and raising the awareness and defence posture in the defence supply chain.

Understandably there may be questions around why the Government needs to launch yet another private/public sector cyber security partnership – surely there are enough of those already? It has been compared to the Cyber Security Information Sharing Partnership (CISP) which launched in March this year to encourage information and intelligence sharing across the private and public sectors. The DCPP, though, has a clear remit to augment, refine or accelerate existing initiatives and as such will support CISP and other initiatives in this field, avoiding duplication but reinforcing the overall cyber defence posture, according to the MOD.

There will be three key activity streams to the DCPP in 2013: information sharing; development of threat-derived cyber standards and a measurement framework (spearheaded by Thales); and communication and awareness in the supply chain. The partnership will address the lack of awareness of cyber risks across the supply chain, with the DCPP partners all collaborating on these activities with a clear focus to improve standards and practices of cyber defence in the whole MOD supply chain.

Protecting the supply chain

The protection of UK companies from cyber attack is one of the most pressing national security issues of the day, identified as a UK National Tier 1 Threat, and the DCPP will encourage the supply chain to embark upon this improvement journey together, both requiring and fostering collective responsibility. Typically, companies’ IT systems and networks must, by necessity, carry large amounts of highly sensitive information, enticing cyber crooks and increasing the impact that any potential attack could make tenfold. Aeronautics giant and IT supplier to the US Pentagon, Lockheed Martin, learnt this lesson the hard way when it famously came under attack in 2011 as a result of hacks at two of its suppliers. This is a classic example of aggregated low-level risk at work.

There are currently over 50 security regulatory standards in existence across the globe, which are adopted by companies according to their geography, industry sector and unique security compliance needs. For multi-national and/or multi-sector organisations this creates a massive compliance headache when trying to improve the security maturity of one’s supply chain. The DCPP intends to create a framework that straight-forwardly compares the effectiveness of these many standards when measured against the threat-derived controls that the MOD is requiring its suppliers to embrace. This will allow organisations that have already invested in a compliance regime to preserve their investments and only augment their regime with a few additional threat-derived controls. The new framework will utilise an easy to use set of assessment frameworks with an easy to understand formula to determine the level of rigour different organisations need to apply to defence in the context of these controls.

Once the DCPP has produced its assessment framework and ensured the members themselves are complying, the members will start extending the compliance to these controls throughout their supply chains, including SMEs. In 2014 the partnership will open up its membership to other firms and eventually to firms in other industries, enabling greater collaboration across the country to tackle the growing threat of cyber attacks on the supply chain.

Spreading the word

The DCPP will enable a collaborative approach to cyber defence across the entire MOD supply chain, and will ensure that every stage of the procurement, manufacturing and delivery process is as secure as it can possibly be. It is imperative that UK businesses acknowledge that cyber attacks are now ranked as a Tier 1 threat to national security, and understand that any company of any size can be hit in a chain of attack.

For more information, visit: www.thalesgroup.com