Cybersecurity attacks on the supply chain have increased dramatically particularly during the COVID-19 pandemic period. The European Union Agency for Cybersecurity (ENISA)’s annual Threat Landscape report showed a significantly growing threat targeting suppliers of critical services which accounts for more than 16% increase in attacks between 2020 and 2021 and continues to increase up to this day. Clearly, cybersecurity best practices must be applied right at the earliest time possible when acquiring technology and related services.
The Guidelines on Cyber Security Specifications (ICT Procurement for Public Service Bodies), which is the first guidance issued by the National Cyber Security Centre (NCSC) to Irish government bodies sets out an easy-to-use, understandable set of specifications that can be referenced by Public Sector Bodies (PSBs) when they are planning the procurement of Information and Communications Technology (ICT) goods and services. It addresses a range of cyber security domains including organisational practices, supply chain security (including risks such as data leaks, supply chain breaches, and malware attacks), evaluation considerations, and attestation information that may be required from suppliers when procuring ICT goods and services.
The guidelines have been developed by a Grant Thornton Ireland team for the NCSC through collaboration with multiple stakeholders including relevant government, public bodies, policy makers, regulators, service providers, manufacturers, suppliers and cyber security experts within Ireland and the EU.
If you’d like more information about the Guidelines, feel free to connect and reach out to our cybersecurity experts and the authors themselves.
Read more about the government publication here: