Few would envy the responsibilities of Patrick Slesinger, the director and CIO of the Hong Kong-based Wallem Group: A long-standing shipping
concern involved in ship management, capital partnership broking and
Wallem currently has 308 ships under management, including 100 oil
tankers, chemical tankers, gas tankers, bulk carriers, containerships,
general cargo ships, reefers, car carriers and passenger ships; a
total of 52 million tonnes.
The group employs about 7,000 people ashore and at sea. There are
6,000 people working on Wallem-managed ships and another 600 employed
in nearly 50 Wallem offices in 18 countries around the world.
"There're enough problems controlling and managing IT infrastructure
when you know precisely where it is," said Slesinger, "let alone when
it is constantly moving at sea."
Complex security issues
IT security issues for Wallem on the ocean waves were made difficult
because each vessel was a moving office with multiple systems and LANs
and crews were regularly rotated.
The group also had a high level of shore-based extranet-based systems
for staff and clients, a wide range of PKI (Public Key Infrastructure)
enabled applications and was also involved with many joint ventures,
some with minority shareholdings.
"Data security is a big problem because all of these mobile offices
contain a lot of corporate and commercial information. A ship manager
is the same as the facilities manager in IT, looking after other
people's hardware and operating it."
He said that the vessels added a whole new dimension to IT management,
not being connected to the Internet and not being physically easy to
reach if on-site support was required.
"Shipping is probably the last industry in the world that is still
dealing with decoupled clients because we don't have 'always-on'
connections, so we have to be good at data base synchronisation and
replication, because it's going over satellites, via Inmarsat,"
Some Wallem vessels did have VSAT (Very Small Aperture Terminal),
which was always on, but the majority are Inmarsat-enabled, where
Wallem paid by the minute or by the bytes. VSAT refers to receive-only
or receive-transmit terminals installed at dispersed sites connecting
to a central hub via satellite, using small diameter antenna dishes.
SingTel maritime initiative
In the area of maritime communications, Singtel launched, in June this
year, what they called "Asia Pacific's first and only integrated
global IP Wide Area Network (WAN) solution", providing business
communications in remote areas via seamless and secure IP technology.
SingTel's solution is a synergy of IP-VPN and satellite technologies
that married four communication services – BGAN (Broadband Global Area
Network) for mobile connectivity, satellite IP for land-based remote
communications, maritime VSAT for maritime communications and
ConnectPlus IP-VPN for other global business locations.
SingTel's executive vice president of business, Bill Chang, said that
the service would benefit businesses in sectors like financial
services, oil and gas, military and medical with a mix of requirements
like risk mitigation, communications with remote sites, as well as
high bandwidth and mobility.
"Companies that conduct businesses worldwide can enjoy a one-stop
multi-platform service from SingTel to connect their regional offices
in remote or offshore areas," Chang said.
Looking to the near future, Inmarsat's FleetBroadband service was
developing, with the third next generation satellite to be launched in
March 2008, paving the way for the full global launch of the high
speed satellite communications system.
Slesinger said that this had the potential to change a lot and
enabling technologies, such as that provided by Blue Ocean Wireless
(BOW), which is GSM on vessels, are also developing.
"My greatest fear, quite frankly, is that with all this technology,
people are going to become lazy," he said. "I worry that they'll start
shoving data just because it's easier than having to work out how to
do it efficiently. They might say they can fit it in their budget so
they'll just have the whole lot. Without proper thought they could
actually create a whole class of different problems trying to keep all
this stuff in synch."
Handling competing customers
To add to the complexity of the Wallem IT empire, Slesinger said they
sometimes looked after competing customers going after the same cargo.
"We need to make sure that we segregate IT using Chinese walls to make
sure one principal doesn't get ahold of information which could be of
commercial value to another," he said.
Wallem also suffered from the normal virus issues and this was made
more difficult as most vessels at sea were not connected to the
"There are very few vendors still providing downloadable or emailable
virus pattern updates. We have had denial-of-service type attacks and
have to deal with lost or stolen devices containing data."
As with many large and diverse organisations, the security of mobile
computing was an issue for the Wallem group.
"We've got superintendents going out to the vessels. They're taking
laptops with them, blackberries and thumb drives with information on
them. That can be an issue," Slesinger said.
Crew calling system
About a year ago, Wallem introduced a crew calling system to help
retain mariners and to meet their demand for web and e-mail
"Everyone's got a card with a unique e-mail ID which they can use on
board the vessel or ashore," Slesinger said.
"All e-mails are free but they cannot send or receive any attachments
whatsoever. When they go ashore they can log into the website where
the e-mails and attachments are. They can also text bi-directionally
at the same cost as voice calls."
The first level of security, he says, was "to ensure that other
parties do not know how you secure your systems and data."
"I am sorry but we do not discuss which products we use," he said. "We
have invested in a new directory system to consolidate all user and
other objects in one place globally. This aids in administration and
accountability. We are in the process of upgrading our inhouse written
Permissions Management System to tie in with the new directory system.
Wallem has IT policy documents which cover the use of Group owned and
outside systems, as well as accountability for use of IDs and
"With regard to wireless security, our key systems use PKI to ensure
security and non-repudiation," Slesinger said.
Insider security breaches
He cited a recent Analysis of IT Security and the Workforce (April
2007) which found that, among companies who have experienced a
security breach, nearly a quarter reported an insider security breach
in the last 12 months.
More than 75 per cent of the respondents allowed data access for
remote and mobile employees, but only 32 per cent had implemented
security awareness training for those workers and only 10 per cent had
plans to implement training.
The survey found that 88 per cent of the respondents believed that the
number of major security breaches have been reduced since they
implemented awareness training for remote and mobile workers.
This seafaring CIO said that with data security, the greatest focus
had to be a cultural one. He recommends creating a security culture,
and warns against relying on technology to make you secure.
"There are ever decreasing circles you can fall into with buying
security software and devices etcetera," he said. "Ultimately, if the
end user doesn't understand the value of the data that he is working
with, they will not treat it with sufficient respect. But, if you say
everything is ultra top secret, then everything becomes of no value.
"You have to make sure that people understand classifications of data,
not only from the perspective of the cost of loss, but from the cost
of exposure. To recreate the data may cost nothing, but the disclosure
of your operating figures or your cargo well may spell the end of the
Involve and educate users
Slesinger has the following advice for fellow CIOs:
"Involve and educate the users of the systems and data on the impact
of security lapses.Purely trying to police users is futile if they do
not understand why policies and practices are there in the first
place. In short, 'IT security is there to protect your job and bonus!'
would be a good way of putting it."
He believes that IT needs a seat at the boardroom to ensure the best
business value and the group has a good structure.
"We need to work together as a team and we're very lucky that the
executive committee is made up of the CEO, CFO, myself, managing
directors of the ship management port agency, ship broking and capital
partners," Slesinger said. "I couldn't do my job without sitting at
the board table.
"More than 30 per cent of my job is strategy and the pure IT side of
it is less than 30 per cent day to day, working with very skilled
© Fairfax Business Media
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.