Menu
Menu
The seafaring CIO

The seafaring CIO

Most CIOs of large companies justifiably think they have a pretty tough job maintaining IT security, but at least their infrastructure isn't floating in salt water.

Few would envy the responsibilities of Patrick Slesinger, the director and CIO of the Hong Kong-based Wallem Group: A long-standing shipping

concern involved in ship management, capital partnership broking and

maritime IT.

Wallem currently has 308 ships under management, including 100 oil

tankers, chemical tankers, gas tankers, bulk carriers, containerships,

general cargo ships, reefers, car carriers and passenger ships; a

total of 52 million tonnes.

The group employs about 7,000 people ashore and at sea. There are

6,000 people working on Wallem-managed ships and another 600 employed

in nearly 50 Wallem offices in 18 countries around the world.

"There're enough problems controlling and managing IT infrastructure

when you know precisely where it is," said Slesinger, "let alone when

it is constantly moving at sea."

Complex security issues

IT security issues for Wallem on the ocean waves were made difficult

because each vessel was a moving office with multiple systems and LANs

and crews were regularly rotated.

The group also had a high level of shore-based extranet-based systems

for staff and clients, a wide range of PKI (Public Key Infrastructure)

enabled applications and was also involved with many joint ventures,

some with minority shareholdings.

"Data security is a big problem because all of these mobile offices

contain a lot of corporate and commercial information. A ship manager

is the same as the facilities manager in IT, looking after other

people's hardware and operating it."

He said that the vessels added a whole new dimension to IT management,

not being connected to the Internet and not being physically easy to

reach if on-site support was required.

"Shipping is probably the last industry in the world that is still

dealing with decoupled clients because we don't have 'always-on'

connections, so we have to be good at data base synchronisation and

replication, because it's going over satellites, via Inmarsat,"

Slesinger said.

Some Wallem vessels did have VSAT (Very Small Aperture Terminal),

which was always on, but the majority are Inmarsat-enabled, where

Wallem paid by the minute or by the bytes. VSAT refers to receive-only

or receive-transmit terminals installed at dispersed sites connecting

to a central hub via satellite, using small diameter antenna dishes.

SingTel maritime initiative

In the area of maritime communications, Singtel launched, in June this

year, what they called "Asia Pacific's first and only integrated

global IP Wide Area Network (WAN) solution", providing business

communications in remote areas via seamless and secure IP technology.

SingTel's solution is a synergy of IP-VPN and satellite technologies

that married four communication services – BGAN (Broadband Global Area

Network) for mobile connectivity, satellite IP for land-based remote

communications, maritime VSAT for maritime communications and

ConnectPlus IP-VPN for other global business locations.

SingTel's executive vice president of business, Bill Chang, said that

the service would benefit businesses in sectors like financial

services, oil and gas, military and medical with a mix of requirements

like risk mitigation, communications with remote sites, as well as

high bandwidth and mobility.

"Companies that conduct businesses worldwide can enjoy a one-stop

multi-platform service from SingTel to connect their regional offices

in remote or offshore areas," Chang said.

Looking to the near future, Inmarsat's FleetBroadband service was

developing, with the third next generation satellite to be launched in

March 2008, paving the way for the full global launch of the high

speed satellite communications system.

Slesinger said that this had the potential to change a lot and

enabling technologies, such as that provided by Blue Ocean Wireless

(BOW), which is GSM on vessels, are also developing.

"My greatest fear, quite frankly, is that with all this technology,

people are going to become lazy," he said. "I worry that they'll start

shoving data just because it's easier than having to work out how to

do it efficiently. They might say they can fit it in their budget so

they'll just have the whole lot. Without proper thought they could

actually create a whole class of different problems trying to keep all

this stuff in synch."

Handling competing customers

To add to the complexity of the Wallem IT empire, Slesinger said they

sometimes looked after competing customers going after the same cargo.

"We need to make sure that we segregate IT using Chinese walls to make

sure one principal doesn't get ahold of information which could be of

commercial value to another," he said.

Wallem also suffered from the normal virus issues and this was made

more difficult as most vessels at sea were not connected to the

internet.

"There are very few vendors still providing downloadable or emailable

virus pattern updates. We have had denial-of-service type attacks and

have to deal with lost or stolen devices containing data."

As with many large and diverse organisations, the security of mobile

computing was an issue for the Wallem group.

"We've got superintendents going out to the vessels. They're taking

laptops with them, blackberries and thumb drives with information on

them. That can be an issue," Slesinger said.

Crew calling system

About a year ago, Wallem introduced a crew calling system to help

retain mariners and to meet their demand for web and e-mail

communications.

"Everyone's got a card with a unique e-mail ID which they can use on

board the vessel or ashore," Slesinger said.

"All e-mails are free but they cannot send or receive any attachments

whatsoever. When they go ashore they can log into the website where

the e-mails and attachments are. They can also text bi-directionally

at the same cost as voice calls."

The first level of security, he says, was "to ensure that other

parties do not know how you secure your systems and data."

"I am sorry but we do not discuss which products we use," he said. "We

have invested in a new directory system to consolidate all user and

other objects in one place globally. This aids in administration and

accountability. We are in the process of upgrading our inhouse written

Permissions Management System to tie in with the new directory system.

Wallem has IT policy documents which cover the use of Group owned and

outside systems, as well as accountability for use of IDs and

passwords.

"With regard to wireless security, our key systems use PKI to ensure

security and non-repudiation," Slesinger said.

Insider security breaches

He cited a recent Analysis of IT Security and the Workforce (April

2007) which found that, among companies who have experienced a

security breach, nearly a quarter reported an insider security breach

in the last 12 months.

More than 75 per cent of the respondents allowed data access for

remote and mobile employees, but only 32 per cent had implemented

security awareness training for those workers and only 10 per cent had

plans to implement training.

The survey found that 88 per cent of the respondents believed that the

number of major security breaches have been reduced since they

implemented awareness training for remote and mobile workers.

This seafaring CIO said that with data security, the greatest focus

had to be a cultural one. He recommends creating a security culture,

and warns against relying on technology to make you secure.

"There are ever decreasing circles you can fall into with buying

security software and devices etcetera," he said. "Ultimately, if the

end user doesn't understand the value of the data that he is working

with, they will not treat it with sufficient respect. But, if you say

everything is ultra top secret, then everything becomes of no value.

"You have to make sure that people understand classifications of data,

not only from the perspective of the cost of loss, but from the cost

of exposure. To recreate the data may cost nothing, but the disclosure

of your operating figures or your cargo well may spell the end of the

business."

Involve and educate users

Slesinger has the following advice for fellow CIOs:

"Involve and educate the users of the systems and data on the impact

of security lapses.Purely trying to police users is futile if they do

not understand why policies and practices are there in the first

place. In short, 'IT security is there to protect your job and bonus!'

would be a good way of putting it."

He believes that IT needs a seat at the boardroom to ensure the best

business value and the group has a good structure.

"We need to work together as a team and we're very lucky that the

executive committee is made up of the CEO, CFO, myself, managing

directors of the ship management port agency, ship broking and capital

partners," Slesinger said. "I couldn't do my job without sitting at

the board table.

"More than 30 per cent of my job is strategy and the pure IT side of

it is less than 30 per cent day to day, working with very skilled

individuals."

© Fairfax Business Media

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Error: Please check your email address.

Tags security

Show Comments

Market Place