Container Shipping Gets A Cyber Security Mandate

Uploaded on 2020-04-06 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

The Digital Container Shipping Association (DCSA) has published its cyber security guidance to prepare ship-owners and vessels for the International Maritime Organisation’s(IMO) pending cyber security mandate.

The DCSA is a  non-profit founded by major ocean carriers to standardise the container shipping industry. Its members include container giants such as MSC, Maersk, CMA CGM, Hapag-Lloyd, ONE, Evergreen, Yang Ming, HMM and ZIM. Maersk was a notable casualty of the NotPetya malware attacks of 2017
 
IMO’s Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems was adopted in 2017 to ensure that vessels’ cyber risks are appropriately addressed in existing safety management systems.

The guidelines provide high-level recommendations related to maritime cyber risk management in order to protect vessel’s against current and emerging cyber threats and vulnerabilities. The deadline for its implementation is set for January 2021.

The DCSA cyber security guide aligns with existing Standards and Technology cyber risk management frameworks, enabling ship-owners to effectively incorporate cyber risk management into their existing Safety Management Systems (SMS).

Ship-owner association BIMCO and the US National Institute of Standards and Technology (NIST) have developed cyber risk management frameworks that enable ship-owners to “effectively incorporate cyber risk management into their existing safety management systems” and the DCSA advice today helps the container shipping sector align with those frameworks.

“As shipping catches up with other industries such as banking and telco in terms of digitisation, the need for cyber risk management becomes an imperative,” said Thomas Bagge, CEO, DCSA.

Specifically, the DCSA guide will provide ship-owners with tools to help designated technical crew members mitigate the risk of a cyber-attack, or contain damage and recover in the event of an attack.

“Due to the global economic dependence on shipping and the complex inter-connectedness of shipping logistics, cyber-attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy,” said Bagge.

“The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a ship-owner company.... Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document ‘Guidelines on Cyber Risk Management Onboard Ships’,”said Jakob Larsen, Head of Maritime Safety & Security for BIMCO.

The DCSA cyber security guide, DCSA Implementation Guide for Cyber Security on Vessels, can be freely downloaded from the DCSA website.

DCSA:        GCaptain.com:    TheLoadStar:      Splash247

You Might Also Read: 

Maritime Shipping Is Badly Exposed:

 

 

« Wikileaks Alerted Hackers To CyberCom
The US Is Facing A Catastrophic Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

Ambersail

Ambersail

Ambersail provide Penetration Testing and Cyber Security Compliance services.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

Threat Status

Threat Status

Threat Status are a Threat Intelligence company. We are the developers of Trillion. A cloud based Security As A Service (SaaS) platform.

HARMAN International

HARMAN International

HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

HP Wolf Security

HP Wolf Security

HP Wolf Security protects your organization and devices from cyberattacks no matter where, when or how you work.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.

Velstadt Cybersecurity

Velstadt Cybersecurity

Velstadt's team of experienced professionals works on identifying vulnerabilities, analyzing threats, and developing strategies to ensure the highest level of security.