With a lot of media focus in recent weeks being on preventing and retaliating to state-sponsored cyber-attacks, one stand out point about the UK’s National Cyber Security Strategy (NCSS) that has been for the large part, ignored, is how tough it may be on IT Suppliers based in the UK.
So, What Is The NCCS?
The NCSS is a five-year plan for defending the UK’s IT systems and infrastructure, for deterring adversaries, and for developing a whole-society capability. The national cyber strategy was recently outlined in a speech at the Future Decoded conference by UK Chancellor Philip Hammond. The strategy will be carried out with the help of a £1.9bn budget which was allocated by the previous Chancellor George Osborne.
The Impact For IT Suppliers.
The Chancellor’s speech outlining the new national cyber strategy, although he focused on responding and retaliating to cyber-attacks, some key issues relating to policy changes and the impact that the strategy will have on IT Suppliers were overlooked. These will mean that:
- Suppliers to the public sector will be subject to tighter checks and regulations to preserve cyber security. This means that if products or services are supplied to the government, it is the sole responsibility of the supplier to make sure that they have high-level security features already implemented in them. This means that the government’s job will be to remove those security features if they don’t need them.
- There will be a new rating system used to grade suppliers, the results of this rating system will be made public. This means that public sector companies and members of the public will be able to judge the supplier in terms of how secure their products and services are.
- The government also looks to grant itself the power to test a supplier’s security measures, and to push them to make changes to improve them where weaknesses are found.
- Suppliers will be liable for cyber breaches that affect public services.
What Does This Mean For Your Business?
Although the government appears to believe that there will be an all-round general benefit from cyber security regulations implemented in the UK (being seen as higher in the UK than other economies), if you are an IT supplier to the public sector this new national strategy may affect you dramatically. How do you, the IT suppliers, feel about this?
It will mean higher costs coupled with greater risks and responsibilities, plus it could mean that smaller supply companies may find it much more difficult to compete. A poor rating could also cause serious business problems and this could cause greater fear for suppliers and put more pressure on them.