Morgan Sindall, a prominent construction company in the UK, has made history by becoming the first organization in the country to achieve certification under a new scheme established by the Ministry of Defence (MoD) and certification body IASME.
The Defence Cyber Certification (DCC) scheme was created with the aim of enhancing supply chain security nationwide and bolstering the UK’s overall resilience against cyber attacks, which have been increasingly targeting victims through their supply chain suppliers. Recent incidents involving retailers such as Marks & Spencer, Co-op Group, and Harrods highlight the urgency of such measures.
A report by Thales in 2024 revealed that over 90% of organizations operating within critical national infrastructure (CNI) have faced a rise in cyber attacks, both attempted and successful.
The DCC project serves as a proactive response to this threat, ensuring that all organizations within the MoD’s supply chain, including Morgan Sindall, are equipped to defend against cyber risks. Morgan Sindall is actively involved in projects with the MoD, such as the revitalization of Britain’s military housing stock and other facilities.
Moreover, the organization is engaged in public infrastructure projects, including upgrades to the A421 in Milton Keynes, extensions to the London Overground rail line in Barking, and the replacement of overhead power lines with underground cabling in Dorset. This makes it a prime target for threat actors aiming at sectors like transport and utilities.
Eleanor Fairford, Director of Cyber Defence and Risk at the MoD, emphasized the importance of DCC in strengthening cyber resilience within the UK’s defence supply chain.
The DCC certification is structured into four tiers (L0 to L3), each corresponding to a specific level of cyber risk based on the organization’s role within the MoD supply chain. The certification process involves an assessment against UK defence standards, which will soon be a requirement for all defence procurement and contract activities.
As the scheme progresses, higher levels of certification (L2 and L3) will be introduced to meet the stringent standards for organizations facing the highest cyber risks. The flexibility of the scheme allows organizations to demonstrate their commitment to resilience and prepare for future opportunities without repeated assessments.
All levels of certification require organizations to hold the National Cyber Security Centre’s (NCSC’s) Cyber Essentials badge, with higher levels demanding Cyber Essentials Plus certification. IASME CEO Emma Philpott expressed gratitude for collaborating with the MoD on the DCC scheme, while Hannah Clarke-Dabson from Bridewell highlighted the importance of supporting organizations through the certification process.
Organizations interested in participating in the scheme are encouraged to visit the IASME-hosted homepage for more information.
