Cyber security is no longer a choice, but an absolute necessity for Government suppliers who handle sensitive and classified information. However, cyber security is not only about protecting your own systems and data, but also ensuring that your supply chain partners are equally secure and trustworthy.
A supply chain is a network of entities that provide goods or services to an organisation, such as suppliers, contractors, subcontractors, vendors, distributors and customers. A supply chain cyber-attack is an attempt to compromise one or more of these entities in order to gain access to their systems or data, or to disrupt their operations or delivery.
Supply chain cyber-attacks can have serious consequences for Government suppliers, such as:
- Loss of confidentiality, integrity or availability of information or systems
- Damage to reputation, trust or credibility
- Legal liability or regulatory sanctions
- Financial losses or penalties
- Operational disruption or delays
Therefore, it is essential that Government suppliers understand their responsibility in protecting Government information, products and services. Most importantly, understanding the implications of failure.
The National Cyber Security Centre (NCSC) of New Zealand has published a guidance document titled Supply Chain Cyber Security: In Safe Hands that outlines three key phases in establishing an effective capability to manage supply chain cyber risk and improve organisational cyber resilience:
- Phase 1: Identify supply chain entities and supplier management processes
- Phase 2: Assess the cyber threat landscape and determine which suppliers are most critical
- Phase 3: Establish processes to effectively manage supply chain risk and continuously improve your organisation’s cyber resilience
The guidance document provides practical advice and examples on how to implement each phase, as well as tools and templates to help you document your supply chain cyber risk management framework.
By following the NCSC's guidance, Government suppliers can enhance their cyber security posture and reduce their exposure to supply chain cyber-attacks. This will also help them comply with the Government's cyber security requirements and standards, such as the Protective Security Requirements (PSR) and the New Zealand Information Security Manual (NZISM) .
Are you confident of your company’s cyber security controls and practises? Supply chain cyber security is a shared responsibility that requires collaboration and communication among all supply chain partners. By working together, Government suppliers can create a more secure and resilient supply chain that benefits everyone.
James Chamberlain is the founder and Managing Director of Diligence, a forward thinking Cyber Security Solutions provider. With 25 years’ experience in technology, security, law-enforcement and intelligence both nationally and internationally, James continues to be passionate about Cyber Security and protecting New Zealand.
