Container Shipping Gets A Cyber Security Mandate

The Digital Container Shipping Association (DCSA) has published its cyber security guidance to prepare ship-owners and vessels for the International Maritime Organisation’s(IMO) pending cyber security mandate.

The DCSA is a  non-profit founded by major ocean carriers to standardise the container shipping industry. Its members include container giants such as MSC, Maersk, CMA CGM, Hapag-Lloyd, ONE, Evergreen, Yang Ming, HMM and ZIM. Maersk was a notable casualty of the NotPetya malware attacks of 2017
 

IMO’s Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems was adopted in 2017 to ensure that vessels’ cyber risks are appropriately addressed in existing safety management systems.

The guidelines provide high-level recommendations related to maritime cyber risk management in order to protect vessel’s against current and emerging cyber threats and vulnerabilities. The deadline for its implementation is set for January 2021.

The DCSA cyber security guide aligns with existing Standards and Technology cyber risk management frameworks, enabling ship-owners to effectively incorporate cyber risk management into their existing Safety Management Systems (SMS).

Ship-owner association BIMCO and the US National Institute of Standards and Technology (NIST) have developed cyber risk management frameworks that enable ship-owners to “effectively incorporate cyber risk management into their existing safety management systems” and the DCSA advice today helps the container shipping sector align with those frameworks.

“As shipping catches up with other industries such as banking and telco in terms of digitisation, the need for cyber risk management becomes an imperative,” said Thomas Bagge, CEO, DCSA.

Specifically, the DCSA guide will provide ship-owners with tools to help designated technical crew members mitigate the risk of a cyber-attack, or contain damage and recover in the event of an attack.

“Due to the global economic dependence on shipping and the complex inter-connectedness of shipping logistics, cyber-attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy,” said Bagge.

“The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a ship-owner company.... Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document ‘Guidelines on Cyber Risk Management Onboard Ships’,”said Jakob Larsen, Head of Maritime Safety & Security for BIMCO.

The DCSA cyber security guide, DCSA Implementation Guide for Cyber Security on Vessels, can be freely downloaded from the DCSA website.

DCSA:        GCaptain.com:    TheLoadStar:      Splash247

You Might Also Read: 

Maritime Shipping Is Badly Exposed:

 

 

« Wikileaks Alerted Hackers To CyberCom
The US Is Facing A Catastrophic Cyber Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

4Secure

4Secure

4Secure is a cyber security company providing services and solutions to counter and respond to the most sophisticated and targeted cyber threats.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

Kasin Consulting

Kasin Consulting

Kasin Consulting is a management consulting company combining a deep understanding of the cyber domain with C-suite level business understanding.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

TotalAV

TotalAV

TotalAV Antivirus is a free-to-use app packed with all the essential features to find and remove malware, keeping you safe.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.