Cookies help us deliver the best experience on our website. By using our website, you agree to our use of cookies Dismiss

By Ken Woghiren, Chief Technology Officer, CyberOwl

Monitoring is the backbone of good cyber risk management. If you don’t know what assets you have and can’t see what is happening to those assets, then you can’t respond properly if they are under attack. But some fleet operators struggle to justify the budget until they better understand the volume and severity of cyber risks they’re exposed to - a vicious cycle, where lack of visibility leads to lack of action. Shipping IT managers can break out of this vicious cycle and implement some basic cybersecurity monitoring. This article sets out some practical guidance to get started. The rationale is clear: even some basic monitoring and a response plan makes your vessel significantly harder to attack than the next one. 

Experts in cybersecurity and maritime operations are forging ahead with the creation of a first-of-its-kind research facility at the University of Plymouth.

The Digital Container Shipping Association (DCSA), a neutral, non-profit group established to further digitalisation of container shipping through technology standards, in conjunction with its nine member carriers, has published the DCSA cybersecurity implementation guide. The guide aims to facilitate vessel readiness for the IMO Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems.

The best practices outlined by DCSA provide all shipping companies with a common language and a manageable, task-based approach for meeting the IMO’s January 2021 implementation timeframe.

The DCSA cybersecurity guide, DCSA Implementation Guide for Cyber Security on Vessels, can be freely downloaded from the DCSA website. The guide aligns with existing BIMCO and NIST (US National Institute of Standards and Technology) cyber risk management frameworks, enabling shipowners to effectively incorporate cyber risk management into their existing Safety Management Systems (SMS). The DCSA guide gives shipowners the tools they need to help designated technical crew members mitigate the risk of cyber attack, or contain damage (fail safe) and recover in the event of an attack.

“As shipping catches up with other industries such as banking and telco in terms of digitisation, the need for cyber risk management becomes an imperative,” said Thomas Bagge, CEO, DCSA. “Due to the global economic dependence on shipping and the complex interconnectedness of shipping logistics, cyber attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy. As a neutral digital standards organisation, DCSA is uniquely positioned to help vessel owners mitigate the increasing risk of cyberattack on their ships, and in turn, on the industry at large.”

The DCSA cybersecurity implementation guide breaks down the BIMCO framework into themes and maps these themes to the controls that underpin the NIST functional elements: Identify, Protect, Detect, Respond, Recover. DCSA provides non-technical explanations and specific actions to be taken to address each NIST element in accordance with a company’s level of cyber maturity within each BIMCO theme. Following DCSA guidance will provide vessel owners with a catalogue of cyber security safeguards aligned with each vulnerability identified during risk assessment, together with notes explaining any residual risk.

Jakob Larsen, head of maritime safety & security for BIMCO said, “The DCSA implementation guidance provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a shipowner company. Initially thought of as a tool for container carriers, the guidance can also inspire the thinking in other shipping sectors as well as the ongoing update of the major shipping associations’ benchmark document ‘Guidelines on Cyber Risk Management Onboard Ships’.”

Newsletter

Digital Ship magazine provides the latest information about maritime satellite communications technology, software systems, navigation technology, computer networks, data management and TMSA. It is published ten times a year.

 

Address:
Digital Ship Ltd
Digital Ship - Digital Energy Journal
39-41 North Road
London
N7 9DP
United Kingdom

Copyright © 2019 Digital Ship Ltd. All rights reserved           Cookie Policy         Privacy Policy