Market News





Assessing the threat



Information security in the marine and offshore industry



By Ken Soh, CIO, BH Global Corporation



In the past, you would download or copy a bad file, 

and your PC would be infected. Today, a PC can be 
infected silently merely through visiting a website. 

The user does not even need to click on anything in 
the website for their computer to become infected.

The community cannot stay ignorant of such 

threats anymore. To reiterate, there are few elements 
that business owners should be educated and aware of:

Firstly, today’s malware typically does not perform 
straightforward attacks like crashing your hard-disk. It 

stays silent and resident in your system, acting as the 
agent, responding to a command and control (C&C) 

systems that may reside in remote PCs even in another 
Rcountry, to easily browse your PC and siphon out files 

and information of interest. Secondly, the infection 
process is much more advanced today. You may just be

ecently, a vessel owner in Singapore decided to browsing a website, or open a document file in an email, and 

engage professional services to perform a health- because malware does not get detected easily and does not 
check on their onboard IT setup. To their dismay, it bear signatures, it may stay undetected in your PC for a long 

was discovered that the entire network and systems were time. Thirdly, and most seriously, malware today may target 
extensively laden with malware (computer viruses). With that, infra-structural operations.

it was unclear if any data leakage had happened in the past. There were reported cases that a floating oil rig was tilted; 
The entire IT system was subsequently revised, and cleaned and another was stalled for 19 days, both due to infected 

up accordingly.systems. Separately, Somali pirates today are eavesdropping on 
Malware is a computer programme typically developed by a vessel navigation information as a means to identify their 

computer hacker for bad intents such as siphoning sensitive targets. This forces many ships sailing in the piracy-prone zone 
data out of infected systems, or simply to damage systems. In to turn off their navigation systems, or to use devices to 

the past, malware usually exhibited noticeable symptoms such illegally report false location information to the global 

as the slowing down of PCs or crashing of hard-disks. Today, a navigation networks.
more advanced approach, named Advance threats entails Alongside education, it is important that appropriate 

malware that sits silently in the infected PC, acting as an agent processes and tools are put in place, whether it is in the land 
for a remote Command and Control station to steal or offices, onboard vessels or offshore sites. There is no one-size- 

manipulate information in the infected PC remotely, even from fit-all solution. The site concerned needs to be accessed by the 
another part of the globe.security specialists so that a fitting solution can be 

In the past, discovered malware were computed with recommended. Over or under-sizing of security measures 
identifiers named signatures for future identifications. This is would result in unnecessary spending or inadequate measures.

similar to the DNA of biological viruses. Unfortunately, since In view of the worsening landscapes, BH Global has been 
Advance threats are typically not discovered, they do not have researching into such areas under its subsidiary company 

known signatures and so, are harder to discover and filter out Athena Dynamics (AD). As indicated, the most effective 

by mainstream anti-virus tools and measures.measure is one that tailors to your environment and 
Advanced threats today are not just silent information requirements.

stealers, they may initiate serious and catastrophic threats that Ken Soh has been an avid info-communication practitioner in 
target infrastructures. A quick google search on ‘stuxnet’ would the industry for over two decades. As CIO of BH Global, he 

explain that. The reality today is, large infrastructures, be it in oversees the group ICT operations and technology related business 
sea, land or air, are subject to such kind of soft but potentially and market development. He is contactable at 

fatal threats unknowingly.kensoh@bhglobal.com.sg u


2014 Issue 63 
The SHIP Supplier 53