Government to strengthen cyber demands on contractors

Minister says more suppliers will have to be Cyber Essentials certified as part of push to get all UK businesses to take part

The Government is planning to toughen up its requirements for contractors to hold a Cyber Essentials certificate to strengthen security in field.

Matt HancockMinister for Digital and Culture Matt Hancock announced the move as part of a speech on cyber security to the Institute of Directors Conference in London yesterday.

It is part of one of two measures that he highlighted in a campaign to strengthen the UK’s overall approach to cyber resilience.

Currently the Government requires all suppliers handling sensitive information to hold a Cyber Essentials certificate, which demonstrates that they know how to address recognised vulnerabilities such as password and administration access policies.

“We’ll be strengthening this requirement to ensure even more of our contractors take up the scheme,” Hancock said. “I can announce today that we will beef up our requirements for contractors to use the scheme.”

Big firms' backing

While he did not outline how this would be done, he added: “And I’m pleased to announce that a number of the country’s biggest firms have agreed to encourage their suppliers to adopt Cyber Essentials. These include Barclays, BT, Vodafone, Astra Zeneca and Airbus.

“I think this is a powerful signal that the security of our suppliers is as important as our own security – the two things are inextricably linked. It is also a recognition that Cyber Essentials is an effective tool which can be built on to achieve greater security in our organisations.”

This is part of an effort to encourage all UK businesses to adopt the scheme. Hancock said that over the past year the number of certificates issued has more than trebled to surpass 6,000.

He added that the requirements for the scheme have been updated to make it easier to use, and that the Government is to launch a marketing campaign to increase awareness later this week.

10 Steps

Hancock also flagged up the importance of the 10 Steps to Cyber Security guidance, saying it is something with which board members should familiarise themselves, and the HutZero accelerator programme – run by Cyber London and Queen’s University Belfast – to help commercialise strong ideas for cyber security products.

Other measures include the establishment of cyber security apprenticeships in government – in which HM Revenue & Customs has taken a lead – and a Cyber Retraining Programme to help close the skills gap in the field.

The Government launched its National Cyber Security Strategy in November of last year, pumping in £1.9 billion up to 2021 to support an approach based on three principles – detect, trace and retailiate  – and with four main features: building up the national capability, expanding the collection of relevant intelligence, working with industry on new technology, and all with the support of the new National Cyber Security Centre.

Image from GOV.UK, Open Government Licence v3.0