A new Somerset consortium has joined forces to give supply chain members working on the Hinkley Point C (HPC) project the best possible IT security advice and Government-recognised IT security accreditation.
The Somerset Cyber Group was formed last year by three local companies – Yeovil-based CETSAT and Blueloop and Bridgwater-based PC Comms. Between them they have decades of experience working with Government, defence and leading crime fighting agencies. Although all companies involved with the construction of Hinkley Point C must undergo formal security assurance for their systems, the Somerset Cyber Group is helping them to improve beyond best practice.
All three members of the group are qualified to provide the Government-approved Cyber Essentials and Cyber Essentials Plus certifications and are also able to offer a wide range of other IT and cyber security products and services for Hinkley Supply Chain members.
The Somerset Cyber Group was set up to ensure all companies involved in the Hinkley Point C new nuclear build meet a simple but effective set of standards in good IT practice and cyber security. Their procedures must also illustrate good security practice within the supply chain so they don’t present a risk to fellow suppliers or their clients.
Durgan Cooper, Chairman of the Somerset Cyber Group, said: “We have been working with Somerset Larder for a number of years, helping them to ready themselves for their cyber security needs.
“Scaling-up and coming together as a consortium allows us to deliver best practice and commonality to a much wider range of organisations in the supply chain. We want to be working with Tier 1, Tier 2 and Tier 3 members on their IT security.
“We can help suppliers add value to their work – 90 per cent of all cyber compromises of businesses are usually due to user interactions; we are here to train people well and to help prevent them from falling foul of criminals.”
Somerset Larder, a consortium of local food suppliers, has provided all the catering needs at Hinkley Point C since 2014 and wanted to partner with other local companies with expertise outside of their own remit to ensure they could fulfil all aspects of their contract.
Stephen Stapenhill-Hunt, Somerset Larder Manager, said an IT tie-up was vital as the company’s portfolio of responsibility grew to include the operation of Somerset Larder’s own IT network and systems. And those systems had to be highly regulated and tightly controlled.
Mr Stapenhill-Hunt said: “CETSAT, which is now part of Somerset Cyber Group, has been instrumental in ensuring that we comply with all legal and project requirements, additionally, they have provided that essential support, advice, resource and expertise that has allowed us to focus on our core purpose.
“For Somerset Larder this has been a journey with a companion, importantly, a journey travelled with an expert guide.”
Mr Cooper said he hoped Somerset Cyber Group would be able to engage with a wide range of supply chain members on both a national and regional level and would also offer training workshops and services as well IT health checks and cyber security certifications.
HPC’s Project Security Compliance Manager, Chris Whyborn said: “All companies involved in construction and construction support at HPC are expected to undergo a level of Security Assurance for Information and Operational Technology systems. HPC contractors often use external service providers to assess or improve their own cyber security posture over and above the Project’s core requirements.”
The Somerset Cyber Group is already working with many organisations of differing sizes and in a wide range of industries as other large projects and associated supply chains recognise the need to ensure good IT practice and procedures, all with a recognised certification.
The Government-backed Cyber Essentials and Cyber Essentials Plus certifications show that companies take their IT security needs seriously and have installed systems to protect their customers’ data online.
This includes the use of boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management.
Cyber Essentials Plus goes one step further and includes a more in-depth technical review of workstations to give clients an even greater security assurance.
Once an organisation has been assessed against the Cyber Essentials or Cyber Essentials Plus security criteria and passes, they receive the relevant Cyber Essentials award, which demonstrates they have achieved a fundamental level of cyber security.
Mr Cooper added: “We don’t want to be scaremongering, but every organisation is at risk and they need good IT cyber security. It’s like having insurance – we all have it but very few of us actually make a claim on it of things go wrong.
“Everyone is aware of cyber security and IT is now embedded in most organisations but there are multiple things people need to do to protect themselves and good cyber security is just a starting point, it’s not the destination.”
The Somerset Cyber Group already works with Avon and Somerset Police’s South West Regional Cyber Crime Unit and the group prides itself on using ‘agile technology’ to quickly adapt to new cyber threats and the needs of businesses.
