Editorial

Breakfast briefing: Securing the software supply chain in the public sector

Find out how to identify, understand and manage supply chain risks on the path to digital transformation

Posted 20 September 2022 by Christine Horton


The UK government is undertaking a major digital transformation, which includes ambitious plans to help the public sector improve its cyber resilience. The Government Cybersecurity Strategy aims to ensure that essential government services remain resilient in the face of increasing cyber threats.

This is no easy task. Of the 777 incidents managed by the National Cybersecurity Centre (NCSC) between September 2020 and August 2021, around 40 percent were aimed at the public sector. In 2020, both Redcar & Cleveland and Hackney Councils were hit by ransomware attacks impacting council tax, benefits and housing waiting lists. Gloucester City Council was then the subject of a further cyberattack in 2021.

Moreover, high-profile cyber incidents such as the cyberattack on SolarWinds and on Microsoft Exchange Servers have directed attention to the resilience of the supply chain. These attacks demonstrated how vulnerabilities in the third-party products and services can be exploited by cybercriminals and hostile states, affecting hundreds of thousands of organisations at the same time.

“Supply chain security concerns – whether insecure open source software, container image vulnerabilities or unauthorised access to code – can stand in the way of broader adoption and generate compliance or risk issues,” said Eilon Elhadad, senior director, supply chain security at cloud native security company Aqua Security. “But building and deploying applications through DevOps pipelines can improve efficiency, repeatability, and consistency.”

You’re invited: Breakfast briefing

In partnership with AWS, Gitlab, and Contino, Aqua Security is hosting a breakfast meeting for UK central government and public sector entities to discuss how best to secure the supply chain.

The event will bring together a curated ecosystem of partners to discuss options for an integrated approach to software supply chain integrity and benchmarking, DevSecOps best practices and ongoing risk management for public sector entities.

“We want to help government and public sector organisations better understand the concept of cloud native security, using supply chain as a use case,” said Elhadad.

“We will provide practical tips and best practices to help government entities understand the risks and establish control of their supply chain. Attendees can also learn and interact first-hand with experts in the field of cloud native security, supply chain and DevSecOps.”

When: Wednesday 12 October: 8:30 – 11:00 am

Where: Amazon UK HQ, London

Register: https://events.bizzabo.com/UK_Gov_Breakfast_Briefing