Ship cyber security assessment
The objective of a ship cyber security assessment is to apply effective risk management practices in order to to assess and mitigate all the risks associated with ship borne threat actors. The benefits stemming from this approach are that cyber security risks will be identified, analysed prioritised and reported, enabling as a result appropriate and proportionate investment to be made in a portfolio of security controls to mitigate those risks with potentially the greatest impact.
The above process is comprised of approximately the following activities:
-
identification, inventory and evaluation of essential or sensitive assets and infrastructure (i.e. IBS, VDRs, control rooms, SATCOM etc.) considered important to protect, and the external infrastructure systems upon which they depend;
-
identification of the ship's business processes using people, assets and infrastructure, in order to assess the criticality of assets and understand any internal and external dependencies;
-
identification and assessment of risks arising from possible ship borne and otherwise threats to the assets and infrastructure, vulnerabilities and the likelihood of their occurrence, in order to establish the need for and to prioritise security controls;
-
identification, assessment, selection and prioritisation of security controls and procedural changes, based on their costs, the level of effectiveness in reducing the risk and any impact on the ship's operations; and
-
identification of the acceptability of the overall residual risk, including human factors, and weaknesses in the infrastructure, policies and procedures, based on the portfolio of security controls that have been selected.
tanker management self-assessment (tmsa3)
PERIMETROS is launching a new cyber service comprised of (people, processes and technology), the objective of which is to assist tanker operators to fully, and above all properly, implement element 7 and especially element 13 of the tanker management self assessment (TMSA) as it relates to cyber security. The Oil Companies International Maritime Forum (OCIMF) has released the initial TMSA program in 2004 as a set of best practices for tanker operators to measure and improve their safety management. The program has been revisited twice in the past and the current KPIs version is TMSA3.
In particular about cyber security, for each of the two elements 7 and 13 in TMSA3, tanker operators should undertake a self-assessment and rate themselves (their safety management systems, operations and practices) against a specific set of key performance indicators (KPIs) such as risk management, incident response, security testing and more.
Tanker operators with a valid login id can use the SIRE/TMSA web application to gauge themselves and their tanker ship or fleet and create a valid report.
what we offer
-
Ship cyber security assessment (please see above for more information about our ship cyber security risk assessment)
-
Information security governance in the bridge
-
Information security policies development - ISM compliant
-
Information security procedures development
-
Vulnerability management - passive scanning
-
Password management - manual, on premise, online, mobile
-
USB physical blocking - controllers workstations
-
Cyber response plan development
-
Anti virus and anti malware (IT)
-
Cyber-physical security systems (OT)
-
Cyber security awareness material development
-
and more......