News / Digital Container Shipping Association publishes cyber security guidelines

© Tegotego

The Digital Container Shipping Association (UDCSA) today published its guidelines for the box shipping sector to comply with the forthcoming International Maritime Organization’s (IMO) anti-cyber crime legislation.

The IMO’s Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems is set to become law in January next year, and the new DCSA publication “provides all shipping companies with a common language and a manageable, task-based approach for meeting the IMO’s implementation timeframe”.

Shipowner association BIMCO and the US National Institute of Standards and Technology (NIST) have developed cyber risk management frameworks that enable shipowners to “effectively incorporate cyber risk management into their existing safety management systems”, and the DCSA advice today helps the container shipping sector align with those frameworks.

“We have worked with BIMCO on this, and this is something that not only our nine members will benefit, but the entire industry,” DCSA chief executive Thomas Bagge told The Loadstar last week.

“As shipping catches up with other industries, such as banking and telcoms, in terms of digitisation, the need for cyber risk management becomes an imperative.

“Due to the global economic dependence on shipping and the complex interconnectedness of shipping logistics, cyber attacks, such as malware, denial of service and system hacks, cannot only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy,” he added today.

The DCSA implementation guide breaks down the BIMCO framework into themes and maps these themes to the controls that underpin the NIST functional elements: Identify, Protect, Detect, Respond, Recover.

The organisation said that by following its guidance, vessel owners would have “a catalogue of cyber security safeguards aligned with each vulnerability identified during risk assessment, together with notes explaining any residual risk”.

Jakob Larsen, head of maritime safety & security at BIMCO, explained: “The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a shipowner company.

“Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document Guidelines on Cyber Risk Management Onboard Ships.”