- Few would envy the responsibilities of Patrick Slesinger, the director and CIO of the Hong Kong-based Wallem Group which is involved in ship management, capital partnership broking and maritime IT.

Wallem currently has 308 ships under management, including 100 oil tankers, chemical tankers, gas tankers, bulk carriers, containerships, general cargo ships, reefers, car carriers and passenger ships; a total of 52 million tons.

The group employs about 7,000 people ashore and at sea. There are 6,000 people working on Wallem-managed ships and another 600 employed in nearly 50 Wallem offices in 18 countries around the world.

"There're enough problems controlling and managing IT infrastructure when you know precisely where it is," said Slesinger, "let alone when it is constantly moving at sea."

Complex security issues

IT security issues for Wallem on the ocean waves were made difficult because each vessel was a moving office with multiple systems and LANs and crews were regularly rotated.

The group also had a high level of shore-based extranet-based systems for staff and clients, a wide range of PKI (Public Key Infrastructure) enabled applications and was also involved with many joint ventures, some with minority shareholdings.

"Data security is a big problem because all of these mobile offices contain a lot of corporate and commercial information. A ship manager is the same as the facilities manager in IT, looking after other people's hardware and operating it."

He said that the vessels added a whole new dimension to IT management, not being connected to the Internet and not being physically easy to reach if on-site support was required.

"Shipping is probably the last industry in the world that is still dealing with decoupled clients because we don't have 'always-on' connections, so we have to be good at data base synchronization and replication, because it's going over satellites, via Inmarsat," Slesinger said.

Some Wallem vessels did have VSAT (Very Small Aperture Terminal), which was always on, but the majority are Inmarsat-enabled, where Wallem paid by the minute or by the bytes. VSAT refers to receive-only or receive-transmit terminals installed at dispersed sites connecting to a central hub via satellite, using small diameter antenna dishes.

SingTel maritime initiative

In the area of maritime communications, Singtel launched, in June this year, what they called "Asia Pacific's first and only integrated global IP Wide Area Network (WAN) solution", providing business communications in remote areas via seamless and secure IP technology.

SingTel's solution is a synergy of IP-VPN and satellite technologies that married four communication services -- BGAN (Broadband Global Area Network) for mobile connectivity, satellite IP for land-based remote communications, maritime VSAT for maritime communications and ConnectPlus IP-VPN for other global business locations.

SingTel's executive vice president of business, Bill Chang, said that the service would benefit businesses in sectors like financial services, oil and gas, military and medical with a mix of requirements like risk mitigation, communications with remote sites, as well as high bandwidth and mobility.

"Companies that conduct businesses worldwide can enjoy a one-stop multi-platform service from SingTel to connect their regional offices in remote or offshore areas," Chang said.

Looking to the near future, Inmarsat's FleetBroadband service was developing, with the third next generation satellite to be launched in March 2008, paving the way for the full global launch of the high speed satellite communications system.

Slesinger said that this had the potential to change a lot and enabling technologies, such as that provided by Blue Ocean Wireless (BOW), which is GSM on vessels, are also developing.

"My greatest fear, quite frankly, is that with all this technology, people are going to become lazy," he said. "I worry that they'll start shoving data just because it's easier than having to work out how to do it efficiently. They might say they can fit it in their budget so they'll just have the whole lot. Without proper thought they could actually create a whole class of different problems trying to keep all this stuff in synch."

Handling competing customers

To add to the complexity of the Wallem IT empire, Slesinger said they sometimes looked after competing customers going after the same cargo.

"We need to make sure that we segregate IT using Chinese walls to make sure one principal doesn't get ahold of information which could be of commercial value to another," he said.

Wallem also suffered from the normal virus issues and this was made more difficult as most vessels at sea were not connected to the Internet.

"There are very few vendors still providing downloadable or emailable virus pattern updates. We have had denial-of-service type attacks and have to deal with lost or stolen devices containing data."

As with many large and diverse organizations, the security of mobile computing was an issue for the Wallem group.

"We've got superintendents going out to the vessels. They're taking laptops with them, blackberries and thumb drives with information on them. That can be an issue," Slesinger said.

Crew calling system

About a year ago, Wallem introduced a crew calling system to help retain mariners and to meet their demand for web and e-mail communications.

"Everyone's got a card with a unique e-mail ID which they can use on board the vessel or ashore," Slesinger said.

"All e-mails are free but they cannot send or receive any attachments whatsoever. When they go ashore they can log into the website where the e-mails and attachments are. They can also text bi-directionally at the same cost as voice calls."

The first level of security, he says, was "to ensure that other parties do not know how you secure your systems and data."

"I am sorry but we do not discuss which products we use," he said. "We have invested in a new directory system to consolidate all user and other objects in one place globally. This aids in administration and accountability. We are in the process of upgrading our in-house written Permissions Management System to tie in with the new directory system.

Wallem has IT policy documents which cover the use of Group owned and outside systems, as well as accountability for use of IDs and passwords.

"With regard to wireless security, our key systems use PKI to ensure security and non-repudiation," Slesinger said.

Insider security breaches

He cited a recent Analysis of IT Security and the Workforce (April 2007) which found that, among companies who have experienced a security breach, nearly a quarter reported an insider security breach in the last 12 months.

More than 75 per cent of the respondents allowed data access for remote and mobile employees, but only 32 per cent had implemented security awareness training for those workers and only 10 per cent had plans to implement training.

The survey found that 88 per cent of the respondents believed that the number of major security breaches have been reduced since they implemented awareness training for remote and mobile workers.

This seafaring CIO said that with data security, the greatest focus had to be a cultural one. He recommends creating a security culture, and warns against relying on technology to make you secure.

"There are ever decreasing circles you can fall into with buying security software and devices etcetera," he said. "Ultimately, if the end user doesn't understand the value of the data that he is working with, they will not treat it with sufficient respect. But, if you say everything is ultra top secret, then everything becomes of no value.

"You have to make sure that people understand classifications of data, not only from the perspective of the cost of loss, but from the cost of exposure. To recreate the data may cost nothing, but the disclosure of your operating figures or your cargo well may spell the end of the business."

Involve and educate users

Slesinger has the following advice for fellow CIOs:

"Involve and educate the users of the systems and data on the impact of security lapses.Purely trying to police users is futile if they do not understand why policies and practices are there in the first place. In short, 'IT security is there to protect your job and bonus!' would be a good way of putting it."

He believes that IT needs a seat at the boardroom to ensure the best business value and the group has a good structure.

"We need to work together as a team and we're very lucky that the executive committee is made up of the CEO, CFO, myself, managing directors of the ship management port agency, ship broking and capital partners," Slesinger said. "I couldn't do my job without sitting at the board table.

"More than 30 per cent of my job is strategy and the pure IT side of it is less than 30 per cent day to day, working with very skilled individuals."