Department for Digital, Culture, Media and Sport Call for views on cyber security in supply chains and managed service providers:Aston Cyber Security Innovation (CSI) Centre Response

Abstract

ead by Professor Vladlena Benson, the CSI centre works with businesses to help improve their security posture and develops state of the art solutions for supply chain resilience and business continuity. Professor Benson has served on the UK Cyber Security Council formation project and has been a regular contributor to the policy formation dialogue with the Government on cyber security and emergent technologies. Introduction Aston Business School welcomes the initiative of the DCMS to address Supply Chain Security and frameworks underlining it. We support the Call for views in recognition that the evolving cyber security landscape requires new approaches to encourage organisations to increase efforts around management of suppliers and their accountability. In this space the role of the UK Government incentives and regulations is paramount in supporting businesses of all sizes and making the UK digital economy safe. We support the Government efforts to bring Managed Service Providers into the conversation around their cyber security assurance reporting practices and transparency around their defence and incident handling mechanisms. This is of particular relevance in the aftermath of the most recent series of high profile cyber attacks on the MSPs ( Kesya and SolarWinds ), which had cascading consequences for their customers worldwide. There is an urgent need to address the lack of MSP accountability and assurance practices towards their client organisations, particularly SMEs, to enhance their cybersecurity posture. Our recent research explored organisational approaches to supply chain management, specifically in the times of remote arrangements and when traditional business continuity practices in supply chain management have been challenged. We base our response to the Call based on the evidence representing views of the West Midlands stakeholders. Based on the conclusions of our research, we make a recommendation that cyber security of any organisation, inclusive of its supply chain, should be promoted in conjunction with other organisational targets, such as profitability, productivity and financial/operational risk management. The identification and promotion of synergies between Cyber security, profitability, and productivity is a strong driver to ensure that, at a senior level, organisations take responsibility and accountability for effective cyber risk management. Indeed, profitability or productivity are close to the competitive advantage of the firm and security fo the supply chain of any organisation underpins its longevity on the market it operates in. Investment in cybersecurity measures, including supply chain risk assessment and counter-threat controls, should be viewed as a ‘cost of doing business’ and business success and/or longevity.