Supply Chain Cyber Security: In Safe Hands

High-profile cyber incidents reinforce cyber risks in supply chains

The Government Communications Security Bureau’s National Cyber Security Centre (NCSC) has developed a new resource to help business leaders and cyber security professionals better understand and manage the cyber security risks in supply chains.

NCSC Director Lisa Fong says the recent spate of high-profile cyber security incidents reinforces the importance of managing cyber security across the supply chain.

“Supply chain vulnerabilities are amongst the most significant cyber threats facing organisations today.

“Major incidents like last year’s global distributed denial of service (DDoS) campaign which significantly impacted a range of New Zealand organisations, and the compromise of file transfer software used by the Reserve Bank, reinforce the critical importance of supply chain cyber security,” she says.

The NCSC’s new resource Supply Chain Cyber Security: In Safe Hands is the third release in a guidance series based on analysis of 250 New Zealand organisations’ cyber security resilience. Previous releases focused on improving incident management and cyber security governance.

Ms Fong says cyber security threats target organisation’s most vulnerable points.

“As organisations strengthen their own cyber security, their exposure to cyber threats in their supply chain increasingly becomes their weakest point.

“Digital interaction with supply chain elements can occur across many aspects of an organisation’s operation, not just IT or procurement teams. For example, a marketing department might use a third-party service to store a customer information in database in the cloud.

The guidance outlines three key phases in establishing an effective capability to manage supply chain cyber risk and improve organisational cyber resilience - Identify, Assess and Manage.

"Identify who your critical suppliers are and understand which of your key assets and services are most vulnerable to threats in your supply chain.

"Assess vulnerabilities in your supply chain and allocate resources to increase the cyber security resilience of critical areas.

"Manage supply chain risk through a programme of monitoring, cyber security performance assessment, and integration of supply chain risk into organisational risk management frameworks.

“This guidance is designed for both government and non-government organisations of varying sizes and capabilities. It provides an introduction to understanding and managing supply chain cyber risk.

“We hope organisations will use this as a resource to support the conversation between practitioners and leaderships to better identify and manage supply chain cyber security risk,” Ms Fong says.

Download Supply Chain Cyber Security: In Safe Hands

Media Contact: Please email media@nzic.govt.nz