Implementation Guide for Cyber Security on Vessels 1.0
In conjunction with our member carriers, DCSA has published the DCSA Implementation Guide for Cyber Security on Vessels for the global container shipping industry. The purpose of the guide is to facilitate vessel readiness for the IMO Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems, set to take effect in January of 2021*.
The best practices outlined in the DCSA guide provide all shipping companies with a common language and a manageable, task-based approach for meeting the IMO’s January 2021 implementation timeframe. The target audience is cyber security leads who will be responsible for fleet-wide cyber security on-board vessels. It is intended to complement existing ship Safety Management Systems (SMS) by providing additional guidance on cyber-related aspects, including:
- Information Technology (IT) such as computers, electronic manuals, networks. and applications.
- Operational Technology (OT) such as engine control, ECDIS, on-board measurement and control systems, PLCs and remote support for engines.
All enterprise IT that isn’t physically located on-board a vessel is out of scope for this document.
The ambition is that carriers will implement the DCSA guide fleet-wide whether at sea, moored or berthed. The guide aligns with the BIMCO and NIST (US National Institute of Standards and Technology) frameworks, rather than any applicable flag legislation or specific principles. As a guideline, it does not set out specific technical or configuration standards for vessel systems, but instead provides a management framework to help promote good practice.
Download the DCSA Implementation Guide for Cyber Security on Vessels for free below to learn best practices for helping designated crew members mitigate the risk of cyber incidents, or contain damage (fail safe) and recover in the event of an attack.
*Compliance with IMO Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems is required no later than the first annual verification of the company’s Document of Compliance after 1st January 2021.