Security News > 2021 > November > Not only MSPs: All cloudy firms are in line for UK security law crackdown
A government crackdown on British MSPs' security practices is drawing ever closer after the Department for Digital, Culture, Media and Sport floated plans to make Cyber Assessment Framework compliance mandatory.
Digital Minister Julia Lopez said in a canned statement: "We are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses' digital footprint and protect their sensitive data."
Better security in UK.gov's eyes appears to mean MSPs and other cloud service providers will have to comply with the NCSC-backed Cyber Assessment Framework "Or a framework based on it," industry feedback to the government-sponsored survey said.
If these are accurate reflections of what DCMS was told, it points the way towards Cyber Essentials Plus potentially becoming the baseline MSP/cloud security standard for British businesses - if DCMS adopts these calls for compliance monitoring of whatever security framework it picks.
Government focus on supply chain security was galvanised by high-profile MSP attacks such as Kaseya in the US. The MSP was compromised by attackers targeting its VSA endpoint and network management tool, giving instant visibility into most of its customers.
Not all UK MSPs are as dedicated to good security practices as one might hope as a lighter ransomware recovery tale from 2019 showed.