Container Shipping Gets A Cyber Security Mandate

The Digital Container Shipping Association (DCSA) has published its cyber security guidance to prepare ship-owners and vessels for the International Maritime Organisation’s(IMO) pending cyber security mandate.

The DCSA is a  non-profit founded by major ocean carriers to standardise the container shipping industry. Its members include container giants such as MSC, Maersk, CMA CGM, Hapag-Lloyd, ONE, Evergreen, Yang Ming, HMM and ZIM. Maersk was a notable casualty of the NotPetya malware attacks of 2017
 

IMO’s Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems was adopted in 2017 to ensure that vessels’ cyber risks are appropriately addressed in existing safety management systems.

The guidelines provide high-level recommendations related to maritime cyber risk management in order to protect vessel’s against current and emerging cyber threats and vulnerabilities. The deadline for its implementation is set for January 2021.

The DCSA cyber security guide aligns with existing Standards and Technology cyber risk management frameworks, enabling ship-owners to effectively incorporate cyber risk management into their existing Safety Management Systems (SMS).

Ship-owner association BIMCO and the US National Institute of Standards and Technology (NIST) have developed cyber risk management frameworks that enable ship-owners to “effectively incorporate cyber risk management into their existing safety management systems” and the DCSA advice today helps the container shipping sector align with those frameworks.

“As shipping catches up with other industries such as banking and telco in terms of digitisation, the need for cyber risk management becomes an imperative,” said Thomas Bagge, CEO, DCSA.

Specifically, the DCSA guide will provide ship-owners with tools to help designated technical crew members mitigate the risk of a cyber-attack, or contain damage and recover in the event of an attack.

“Due to the global economic dependence on shipping and the complex inter-connectedness of shipping logistics, cyber-attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy,” said Bagge.

“The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a ship-owner company.... Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document ‘Guidelines on Cyber Risk Management Onboard Ships’,”said Jakob Larsen, Head of Maritime Safety & Security for BIMCO.

The DCSA cyber security guide, DCSA Implementation Guide for Cyber Security on Vessels, can be freely downloaded from the DCSA website.

DCSA:        GCaptain.com:    TheLoadStar:      Splash247

You Might Also Read: 

Maritime Shipping Is Badly Exposed:

 

 

« Wikileaks Alerted Hackers To CyberCom
The US Is Facing A Catastrophic Cyber Attack »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Certification Europe

Certification Europe

Certification Europe (now Amtivo Ireland) is an accredited certification body which provides ISO management system certification, including ISO 27001.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

WebSec

WebSec

WebSec is a cybersecurity firm based in Amsterdam (NL) and Wyoming (US), specializing in offensive security services including penetration testing, red teaming, and tailored security assessments.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.

Konsulko Group

Konsulko Group

Konsulko Group offers embedded Linux software and hardware development and Yocto Project services.

Corvid Cyberdefense

Corvid Cyberdefense

Corvid Cyberdefense provides military-grade cybersecurity as a service for growing organizations and municipalities of all sizes.

Adaptive Security

Adaptive Security

Adaptive is a next-generation cybersecurity platform. We're working with pioneering security teams to protect critical systems from AI-powered cyber attacks.

CyberTee

CyberTee

CyberTee is an Alliance designed for and by independent cybersecurity professionals to address the talent shortage.