GovAssure is it enough?

Cyber security must be a strategic national priority for public procurement, and HP is calling on the UK government to strengthen the draft Procurement Bill currently debated in Parliament. This can be achieved through the National Procurement Policy Statement (NPPS), which provides national priorities and guidance for contracting authorities, to explicitly set out cyber security requirements as necessary purchasing criteria for all public sector organisations.

Last week in Belfast, Secretary of State at the Cabinet Office, Oliver Dowden MP, - before he was promoted to become Deputy Prime Minister - joined previous warnings from the Heads of MI5 and the FBI, to highlight the growing threat of ideologically driven cyber adversaries and the need for businesses and critical infrastructure operators to strengthen their security. At HP, we fully support Mr Dowden’s “call to arms”, because as he says “a safer business means a safer economy and a more attractive destination for entrepreneurs.”

However, despite these warnings, cyber security is not always top of mind when it comes to risk management. People typically think about software and supply chains, but the resilience of PCs, laptops, and printers is often overlooked. This lack of protection for hardware can leave businesses and the public sector vulnerable to malicious actors. HP’s Cybersecurity Threat Reports have detailed the growing sophistication of cybercrime activity, and the solutions organisations need to stay ahead of future threats.

For example, our recent Threat Report shows that attackers are bypassing perimeter network security controls, such as email gateway scanners, by embedding malicious links in PDF files. HP Wolf Security detected a 38% rise in PDF malware in Q4 compared to the previous quarter. This highlights the need for greater focus on cyber security not just for businesses, but also in public procurement of IT equipment to keep our sensitive data and assets protected from threats.

The UK government’s Cyber Security Strategy has revealed that the government remains an attractive target for cyber attackers, with 40% of cyber incidents between 2020 and 2021 affecting the public sector. This makes it crucial for the government to put a greater emphasis on cyber security and take steps to protect its critical IT systems. That's why we commend the Cabinet Office's new and enhanced cyber security measures, GovAssure, which will increase the UK’s cyber resilience and protect the government’s essential IT functions from ever growing threats.

Under the new rules, all central government departments will have their cyber health reviewed annually through new, more robust criteria. But the government should go further. Cyber security should be explicitly set out as a required purchasing criteria in public sector procurement for all public sector organisations. The draft Procurement Bill is a unique opportunity to strengthen UK’s cyber resilience and put the necessary focus on cyber security to keep the UK safe from malign actors. It's time to act and prioritise cyber security in public procurement in addition to UK businesses.?