The UK government’s Foreign, Commonwealth and Development Office has announced a new partnership with Australia to strengthen global technology supply chains and tackle actors who disrupt cyberspace. The partnership comes following vital defence and security talks between the two nations and highlights the ongoing significance of supply chain cyberthreats.
UK-Australia partnership reflects shared security standards
The UK’s foreign secretary, Liz Truss, and Australia’s foreign minister, Marise Payne, agreed the Cyber and Critical Technology Partnership during the Australia UK Foreign and Defence Ministerial meetings (AUKMIN) in Sydney last week. The partnership includes provisions to build greater resilience to ransomware amongst Indo-Pacific nations and sharpen legal sanctions against cyber attackers. It will also deepen practical co-operation to ensure technology standards reflect the shared values of the UK and Australia, support the development of a network that will deter cyberattacks, and call out actors who perpetrate such acts.
“As champions of freedom and democracy, the UK and Australia are hard-headed in defending our values and challenging unfair practices and malign acts,” commented Truss. “In the battlegrounds of the future, cutting edge technologies will be crucial in the fight against malign cyber actors who threaten our peace and security.” The UK and Australia have agreed a new cyber and technology partnership to ensure that liberal democracies shape the technology rules of tomorrow, she added.
Supply chain cyberthreats continue to plague organisations
The partnership is an indicator of the ongoing cybersecurity risks posed by supply chains, a trend cited in the UK National Cyber Security Centre’s (NCSC) 2021 Annual Review, published last November. In the report, the NCSC named the SolarWinds compromise and the exploitation of Microsoft Exchange Servers – both the result of supply chain attacks – as significant markers of the cyberthreats faced by businesses. “These sophisticated attacks, which saw actors target less-secure elements – such as managed service providers or commercial software platforms – in the supply chain of economic, government, and national security institutions were two of the most serious cyber intrusions ever observed by the NCSC,” the review read. Supply chain incidents highlight the viability, effectiveness, and global reach of supply chain operations as a means of compromising comparatively well-defended targets, the NCSC added. “Further such operations are almost certain over the next 12 months,” it warned.
The review also outlined the work the NCSC did throughout 2021 to protect the UK from supply chain risks, particularly those surrounding the COVID-19 health crisis. “The COVID-19 pandemic created new areas of vulnerability, in creating a new requirement to protect and secure vaccine and health sector supply chains,” it said.
The scope of the NCSC’s work to protect the UK’s response to COVID-19 went beyond traditional healthcare and supported sectors not previously seen as critical parts of the infrastructure, such as manufacturers of ventilators and PPE, care homes, and supermarkets and their respective supply chains. In total, the NCSC engaged with approximately 5,000 organisations providing an essential service during the pandemic. “The NCSC liaised with manufacturers and other associated companies within overseas supply chains, assessing their cybersecurity, and offering protective advice,” it said. This included leveraging a network of international partners to work with 13 countries, as well as directly engaging companies and organisations including the World Health Organisation. “It also shared threat information where possible, to raise awareness of the risks to supply chains, and worked closely with the UK’s Vaccines Task Force.”