Perimetros.services

PERIMETROS  Cyber Security Operations Centre (SOC) function primary role is to support the reactive and proactive service operations, including all the activities related to event and alarm management, trouble ticketing (incident and problem management), security monitoring, with special care to the End User experience.  The SOC acts as a centralised unit dealing with security issues affecting the cyber-physical systems on or connected to a ship or fleet of ships, including those relating to cyber security. The SOC monitors the whole environment for severe events, analysing them and logging events as incidents. The SOC analysts assess the incident (end user ones and ones coming from system) or service request and, based on the criticality and priority, works against resolution or routes this to the next support level. Amongst the key functions of our SOC pivotal are the following four:

​

1. Observe, by maintaining situational awareness, i.e. understand potential, emerging and actual threats to the ship's operations. Observation includes detection of unauthorised changes to ship systems or ship data, not secure modes of operation and unauthorised access to ship assets;

2. Orient, by analysing the risk to operations from new or changed threats and determine whether proactive measures are required to reduce the risk to an acceptable level.

3. Decide what action may be appropriate either to deny further access to the ship asset or to respond to the event by identifying suitable security controls.

4. Act, by implementing the decision(s).

​

In observing the operating environment of the ship PERIMETROS SOC analysts maintain situational awareness of the general threat environment. From a cyber security perspective, this involves accessing threat intelligence information from both public and private sector sources. The SOC's main responsibilities are:

 

• Security monitoring – PERIMETROS security analysts monitor the SIEM platform for potential security incidents, and initiate the security incident response processes when necessary;

• Security incident response – a virtual team comprised of analysts and managers is formed to manage an identified security incident; led by the security manager with support from relevant technical support teams; 

• Security and risk management – the security manager is the single point of contact for security for the ship to the company ashore and liaises with stakeholders (e.g. in DPA, ISO and IT manager / director). The security manager tracks and manages security, compliance and risk;

• Security reporting – the security manager provides regular reporting of security and risk status and issues to all stakeholders;

• Security tools administration – together with SMEs (NW/Security) support security tools, including:

  • SIEM product

  • Cyber-physical security systems

  • Next gen firewalls

  • IPS

  • Endpoint Security

  • Authentication and Access Management for external users

  • Authentication and Access Management across the ship's IT/OT infrastructure

​

Some of the reports the SOC is frequently issuing to customers are: