A Dutch nonprofit has published new guidance to help cargo ships repulse cyber-attacks.
The document was designed to facilitate vessel readiness for the IMO (International Maritime Organization) Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems.
Produced in conjunction with nine of the organization’s member carriers, the guide outlines best practices for ocean carriers and provides shipping companies around the world with a common language with which to discuss the cyber-threats faced by their industry.
DCSA’s new guide breaks down the implementation of an effective cybersecurity strategy into five key areas: Identify, Protect, Detect, Respond, Recover.
Rather than a one-size-fits-all approach, advice is tailored to the company’s level of cyber-maturity and explanations and recommendations are written in non-technical language to make the document user-friendly.
Thomas Bagge, DCSA CEO, said there was a need for shipping to raise its level of cybersecurity preparedness up to that of other industries that have already taken steps to secure themselves.
“As shipping catches up with other industries such as banking and telco in terms of digitization, the need for cyber risk management becomes an imperative,” said Bagge.
He went on to explain how the economic importance of shipping made the industry a prime target for threat actors.
Bagge said: “Due to the global economic dependence on shipping and the complex interconnectedness of shipping logistics, cyber-attacks such as malware, denial of service, and system hacks can not only disrupt one carrier’s revenue stream, they can have a significant impact on the global economy.”
While advice on cybersecurity differs from country to country and from government to government, the DCSA tasks itself with providing objective guidance that doesn’t favor a particular business or nation.
Bagge explained: “As a neutral digital standards organization, DCSA is uniquely positioned to help vessel owners mitigate the increasing risk of cyberattack on their ships, and in turn, on the industry at large.”
Head of maritime safety and security for the Baltic and International Maritime Council Jakob Larsen said the new guidance “provides a thorough and refreshing deep dive into the challenge of how to implement cyber risk management in a shipowner company.”
Source: Infosecurity Magazine