Cyber Security Procurement Language Guidance
The Energy Delivery Systems (EDS) – Procurement Language Guidance is a result of collaboration between ENA, BEIS, vendors and operators to improve procurement processes and requirements across the industry.
Cyber threats to the energy sector pose economic and national security risks, threatening a key ENA aim to ensure the UK's energy networks are the safest, most reliable, most efficient and sustainable in the world. The UK Energy System is amongst our most Critical National Infrastructure (CNI), underpinning many of our essential services. Improving cyber security will help ensure that the UK has a secure and resilient energy system, avoiding disruption through cyber-attack that could have a severe impact on the country’s national security. This impact could have a bearing on the lives of UK citizens, the stability and strength of the UK economy, and/or the UK’s international standing and reputation.
Weaknesses in supply chain and procurement processes are a means by which malicious code, compromised equipment and support services can affect Energy Delivery Systems. It is therefore necessary to address vulnerabilities across the supply chain, specifically the products, vendors and integrators of operational technology (OT) and network and information systems that underpin the operation of EDS.
The Procurement Language Guidance aims to support consistent and clear procurement tender development through delivering an effective approach to procurement by industry. This guidance contains a suite of procurement statements that can be incorporated into related documentation. This will enable users to effectively and consistently articulate and implement an industry baseline level of cyber security for the products and services used within their EDS.