Container Shipping Gets A Cyber Security Mandate

Uploaded on 2020-04-06 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

The Digital Container Shipping Association (DCSA) has published its cyber security guidance to prepare ship-owners and vessels for the International Maritime Organisation’s(IMO) pending cyber security mandate.

The DCSA is a  non-profit founded by major ocean carriers to standardise the container shipping industry. Its members include container giants such as MSC, Maersk, CMA CGM, Hapag-Lloyd, ONE, Evergreen, Yang Ming, HMM and ZIM. Maersk was a notable casualty of the NotPetya malware attacks of 2017
 
IMO’s Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems was adopted in 2017 to ensure that vessels’ cyber risks are appropriately addressed in existing safety management systems.

The guidelines provide high-level recommendations related to maritime cyber risk management in order to protect vessel’s against current and emerging cyber threats and vulnerabilities. The deadline for its implementation is set for January 2021.

The DCSA cyber security guide aligns with existing Standards and Technology cyber risk management frameworks, enabling ship-owners to effectively incorporate cyber risk management into their existing Safety Management Systems (SMS).

Ship-owner association BIMCO and the US National Institute of Standards and Technology (NIST) have developed cyber risk management frameworks that enable ship-owners to “effectively incorporate cyber risk management into their existing safety management systems” and the DCSA advice today helps the container shipping sector align with those frameworks.

“As shipping catches up with other industries such as banking and telco in terms of digitisation, the need for cyber risk management becomes an imperative,” said Thomas Bagge, CEO, DCSA.

Specifically, the DCSA guide will provide ship-owners with tools to help designated technical crew members mitigate the risk of a cyber-attack, or contain damage and recover in the event of an attack.

“Due to the global economic dependence on shipping and the complex inter-connectedness of shipping logistics, cyber-attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy,” said Bagge.

“The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a ship-owner company.... Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document ‘Guidelines on Cyber Risk Management Onboard Ships’,”said Jakob Larsen, Head of Maritime Safety & Security for BIMCO.

The DCSA cyber security guide, DCSA Implementation Guide for Cyber Security on Vessels, can be freely downloaded from the DCSA website.

DCSA:        GCaptain.com:    TheLoadStar:      Splash247

You Might Also Read: 

Maritime Shipping Is Badly Exposed:

 

 

« Wikileaks Alerted Hackers To CyberCom
The US Is Facing A Catastrophic Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

Digittrade

Digittrade

Digittrade develop and produce external encrypted hard disks and secure communications apps.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

ScorpionShield

ScorpionShield

ScorpionShield CyberSecurity is an EC-Council Accredited Training Center, and an On-Demand Service for Cybersecurity professionals.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

Cloud Range

Cloud Range

Cloud Range provides cybersecurity teams with access to the world's leading cyber range platform, eliminating the need to invest in costly cyber range infrastructure.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.

Tracer

Tracer

Tracer is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.