March 12 ------ The Digital Container Shipping Association (DCSA), a non-profit group established to further digitalization of container shipping through technology standards, has published a cyber-security implementation guide to facilitate vessel readiness by 2021. The guide, released in conjunction with DCSA’s nine member carriers, would enable ships to be prepared for the International Maritime Organization (IMO) Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems. “The best practices outlined by DCSA provide all shipping companies with a common language and a manageable, task-based approach for meeting the IMO’s January 2021 implementation timeframe,” the association said.
As explained, the DCSA Implementation Guide for Cyber Security on Vessels aligns with existing BIMCO and US National Institute of Standards and Technology (NIST) cyber risk management frameworks, enabling shipowners to incorporate cyber risk management into their existing safety management systems (SMS). Specifically, the DCSA guide gives shipowners the tools they need to help designated technical crew members mitigate the risk of cyberattack, or contain damage and recover in the event of an attack. “As shipping catches up with other industries such as banking and telco in terms of digitization, the need for cyber risk management becomes an imperative,” Thomas Bagge, CEO of DCSA, commented. “Due to the global economic dependence on shipping and the complex interconnectedness of shipping logistics, cyber attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy. As a neutral digital standards organization, DCSA is uniquely positioned to help vessel owners mitigate the increasing risk of cyberattack on their ships, and in turn, on the industry at large,” he continued.
According to DCSA, the guide breaks down the BIMCO framework into themes and maps these themes to the controls that underpin the NIST functional elements: Identify, Protect, Detect, Respond, Recover. DCSA provides non-technical explanations and specific actions to be taken to address each NIST element in accordance with a company’s level of cyber maturity within each BIMCO theme. “Following DCSA guidance will provide vessel owners with a catalogue of cyber security safeguards aligned with each vulnerability identified during risk assessment, together with notes explaining any residual risk,” DCSA said. “The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a shipowner company,” Jakob Larsen, Head of Maritime Safety & Security for BIMCO, added. “Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document Guidelines on Cyber Risk Management Onboard Ships.”