A joint UK Ministry of Defence (MOD) and industry initiative to improve the protection of the defence supply chain from cyber threats.
The defence supply chain understands the cyber threat and is appropriately protected against attack. The defence sector is proactively supporting the National Cyber Security Strategy.
- Reputational risks to suppliers
- Theft of intellectual property, customer details and pricing information
- Capability compromise
- Counterfeit components / backdoors
- Ransomware – being unable to access your own information
National Cyber Security Strategy: Making the UK the safest place to do business online
What we are protecting: MOD Identifiable Information (MOD II)
All Electronic Information which is attributed to or could identify an existing or proposed MOD capability, Defence activities or personnel and which the MOD requires to be protected against loss, misuse, corruption, alteration and unauthorised disclosure. See DEFCON 658 for more information.
The Cyber Security Model
Mandated across new MOD contracts.
- Buyer completes Risk Assessment determines Cyber Risk Profile
- Cyber Risk Profile security requirements listed in DEFSTAN 05-138
- Supplier completes Supplier Assurance Questionnaire (SAQ) to demonstrate the compliance with the requirements.
- Cyber Implementation Plan (CIP) where requirements are not met
Suppliers complete a Risk Assessment for any elements they are sub-contracting.
- Understand the risk
- Proportionate protection
- Suppliers to defence meet the standards
A Quick Cyber guide for small businesses
Head over to our DCPP page for more information on:
- Supplier Cyber Protection tool
- DEFCON 658
- DEFSTAN 05-138
Also, find out more about Cyber Essentials here.
Download your copy of our DCPP Leaflet for further insight into the Defence Cyber Protection Partnership.
If you would like more information on DCPP email us at ISSDes-DCPP@mod.gov.uk
What is Cyber Essentials?
Cyber Essentials is a government-backed, industry-supported initiative from the National Cyber Security Centre (NCSC) to provide businesses supplying to the MOD with a basic level of cyber security controls.
Cyber Essentials certification is crucial for businesses looking to supply into the defence market. Based on DEFCON 658, official MOD policy is that all suppliers bidding for new MOD contracts that include the transfer of ‘MOD identifiable information’ should possess Cyber Essentials certification before contract award or be able to show evidence of progress towards it in time for contract start date.
Cyber Essentials certification enables you to showcase your credentials as a trustworthy and secure organisation and puts your business in a perfect position to supply to the defence sector, knowing that your bid can be backed up with evidence that your business is cyber secure.
Cyber Essentials is a key requirement for any supplier or buyer looking to business with defence. It is essential that businesses of all types know the benefits that gaining such certification provides.
- Cyber Essentials is a government-backed by the National Cyber Security Centre and has been in place since 2014.
- The controls Cyber Essentials puts in place protect a business from around 80% of Cyber Attacks but these should be seen as the minimum requirements.
- Certification is cheaper than paying the cost of a cyber breach. Cyber Breaches 2017 report indicated this cost is on average £1,340 per instance.
- Certification can be obtained from a range of providers, for example, Cyber Essentials Online offers this from £300 ex Vat for the base level certification.
- Cyber Essentials certification shows to us and your suppliers that you take data security seriously.
- To date over 9,000 businesses have been certified to the Cyber Essentials scheme.
Learn more about Cyber Essentials
Find out what Cyber Essentials is and how to get certified with DCI through their free webinar. As one of a number of suppliers in the certification space, DCI is unique in that it offers a defence-focused solution for MOD tenders and is well placed to share their expertise to help suppliers position themselves to comply with and win MOD tenders.
The webinar will talk you through the benefits of Cyber Essentials certification in defence and provide you with:
- An introduction to the DCPP
- What is the Cyber Security Model (CSM)
- How to meet the requirements of the Cyber Security Model
- How does the CSM impact supplier tendering in defence?
- How to become Cyber Certified with Cyber Essentials
Cyber Essentials is the minimum certification an organisation needs to implement to bid for new MOD defence contracts which include the transfer of ‘MOD identifiable information’.
The MOD has made this requirement mandatory since January 2016 for suppliers looking to do business in the defence sector.
As the risk level goes up, some additional controls are required that can be evaluated through Cyber Essentials Plus vulnerability tests.
The controls that need to be in place to achieve Cyber Essentials certification protect a business from around 80% of common cyber attacks.
It’s worth considering that certification is cheaper than the alternative of paying for the cost of a cyber breach. The Cyber Breaches Survey 2017 report indicated this cost is, on average, £1,340 per instance of a cyber breach.
Certification allows your business/organisation to promote itself as cyber secure up to the Cyber Essentials standard level, which can make a real difference when bidding for contracts.
When you receive your Cyber Essentials certificate, you will also receive the relevant Cyber Essentials branding to use on collateral such as tender bids for one of the many defence contracts available through Cyber Essentials Online.
Download a free Cyber Essentials Scheme Summary
The Cyber Essentials scheme summary will provide you with:
– Some background information about the scheme
– The scope of the assessment
– Assurance framework
– The next steps to becoming certified
After reading the scheme summary, you will have a clearer picture of the importance of the scheme and what is involved in the certification process.
As one of the available Cyber Essentials suppliers DCI offers the following options:
Key Supplier Information for Cyber Essentials certification
Which of the different accreditation/certification bodies should I choose to gain the Cyber Essentials certification?
Are there scenarios where I may be unable to gain Cyber Essentials certification?
If a supplier is unable to achieve Cyber Essentials in support of an MOD requirement they may be able to have this requirement waivered, this ‘risk acceptance’ process is outlined in DEFSTAN 05-138.