The British government has vowed to create a legally binding cybersecurity framework for managed service providers (MSPs). The supply chain review comes in the wake of high-profile events like the SolarWinds compromise.
Targeted at MSPs and firms outsourcing their digital infrastructure services alike, the review is described by the government as helping build evidence for “additional government intervention” to force businesses into formally assessing cyber risks to their supply chains.
It also looks like MSPs will be subject to a legally binding security framework as a result of the review.
Matt Warman MP, whose Department for Digital, Culture, Media and Sport, said in a statement:
‘There is a long history of outsourcing of critical services. We have seen attacks such as ‘CloudHopper’ where organisations were compromised through their managed service provider. ‘It’s essential that organisations take steps to secure their mission-critical supply chains – and remember they cannot outsource risk.’
Sebastian Jesson-Ward of Serviceteam IT said:
‘It’s interesting to see the onus the government is placing on providers of digital services, in particular those providing managed services – suggesting they may be subject to some sort of regulation for the first time.
‘Depending on the level of maturity, this may be music to the ears of some, allowing them to distinguish their services and show they are equipped to protect customers from supply chain attacks.
For others, this could be time consuming and a difficult process.