The Digital Container Shipping Association (DCSA) has published a new cyber security implementation guide to assist vessel operators in preparing for the upcoming IMO cyber risk management changes to Safety Management Systems in 2021.
The best practices outlined in the guide, and backed by the Association’s nine member carriers, aims to provide all shipping companies with a common language and a task-based approach for meeting the January 2021 implementation timeframe.
The cyber security guide, DCSA Implementation Guide for Cyber Security on Vessels, can be freely downloaded from the DCSA website, and is aligned with existing BIMCO and NIST (US National Institute of Standards and Technology) cyber risk management frameworks.
The document outlines procedures to help designated technical crew members mitigate the risk of cyber-attack, or to contain damage and recover in the event of an attack.
“As shipping catches up with other industries such as banking and telco in terms of digitisation, the need for cyber risk management becomes an imperative,” said Thomas Bagge, CEO, DCSA.
“Due to the global economic dependence on shipping and the complex interconnectedness of shipping logistics, cyber-attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy.”
“As a neutral digital standards organisation, DCSA is uniquely positioned to help vessel owners mitigate the increasing risk of cyberattack on their ships, and in turn, on the industry at large.”
The DCSA cyber security implementation guide breaks down the BIMCO framework into themes and maps these themes to the controls that underpin the NIST functional elements: Identify, Protect, Detect, Respond, Recover.
Non-technical explanations are included, as well as specific actions to be taken to address each NIST element in accordance with a company’s level of cyber maturity within each BIMCO theme.
Following the guidance will provide vessel owners with a catalogue of cyber security safeguards aligned with each vulnerability identified during risk assessment, together with notes explaining any residual risk, DCSA says.