Container Shipping Gets A Cyber Security Mandate

Uploaded on 2020-04-06 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

The Digital Container Shipping Association (DCSA) has published its cyber security guidance to prepare ship-owners and vessels for the International Maritime Organisation’s(IMO) pending cyber security mandate.

The DCSA is a  non-profit founded by major ocean carriers to standardise the container shipping industry. Its members include container giants such as MSC, Maersk, CMA CGM, Hapag-Lloyd, ONE, Evergreen, Yang Ming, HMM and ZIM. Maersk was a notable casualty of the NotPetya malware attacks of 2017
 
IMO’s Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems was adopted in 2017 to ensure that vessels’ cyber risks are appropriately addressed in existing safety management systems.

The guidelines provide high-level recommendations related to maritime cyber risk management in order to protect vessel’s against current and emerging cyber threats and vulnerabilities. The deadline for its implementation is set for January 2021.

The DCSA cyber security guide aligns with existing Standards and Technology cyber risk management frameworks, enabling ship-owners to effectively incorporate cyber risk management into their existing Safety Management Systems (SMS).

Ship-owner association BIMCO and the US National Institute of Standards and Technology (NIST) have developed cyber risk management frameworks that enable ship-owners to “effectively incorporate cyber risk management into their existing safety management systems” and the DCSA advice today helps the container shipping sector align with those frameworks.

“As shipping catches up with other industries such as banking and telco in terms of digitisation, the need for cyber risk management becomes an imperative,” said Thomas Bagge, CEO, DCSA.

Specifically, the DCSA guide will provide ship-owners with tools to help designated technical crew members mitigate the risk of a cyber-attack, or contain damage and recover in the event of an attack.

“Due to the global economic dependence on shipping and the complex inter-connectedness of shipping logistics, cyber-attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy,” said Bagge.

“The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a ship-owner company.... Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document ‘Guidelines on Cyber Risk Management Onboard Ships’,”said Jakob Larsen, Head of Maritime Safety & Security for BIMCO.

The DCSA cyber security guide, DCSA Implementation Guide for Cyber Security on Vessels, can be freely downloaded from the DCSA website.

DCSA:        GCaptain.com:    TheLoadStar:      Splash247

You Might Also Read: 

Maritime Shipping Is Badly Exposed:

 

 

« Wikileaks Alerted Hackers To CyberCom
The US Is Facing A Catastrophic Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

CIRISK

CIRISK

CIRISK offers a wide range of services from consulting to audit or project management to help you develop your cyber security or information security strategy.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

TPx Communications

TPx Communications

TPx is a leading managed services provider offering a full suite of managed IT, unified communications, network connectivity and security services.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.