jump to navigation

Experts in Every Room and One Dunce in a Corner January 25, 2012

Posted by Chris Mark in Piracy & Maritime Security.
Tags: , , , ,
add a comment

The influx of new companies within the maritime security industry has increased competition.  In response, some companies have given in to the temptation to embellish the experience or expertise of individuals or companies in an attempt to differentiate themselves from the crowd.  It is an unfortunate reality of business.  In an effort to help shipping companies evaluate the vendors selling “today’s solution to tomorrow’s problem”, I have put together a quick paper on ‘expertise’.  Below is an excerpt of the paper you can read here:

“Introduction

The current market for maritime security and anti-piracy has resulted in the creation of a cottage industry of self-proclaimed experts speaking on the subject of anti-piracy and selling maritime security and anti-piracy services.  A review of some of these “experts’” comments and the services being promoted suggests that the expertise espoused is a rarer trait than one would be led to believe.  This paper is intended to provide information to allow prospective clients to separate the experts from those that claim expertise to capitalize on the current market for maritime security services.   For brevity’s sake, this paper will use the generic term Maritime Security to refer to both anti-piracy and maritime security services.

 Author’s Note

While knowledgeable on the subject, I do not consider myself an expert in maritime security.  I am a payment security expert and probably have expertise in a number of other areas but have not achieved a level of experience or education that would allow me to call myself an expert by any means.

Expertise Defined

To understand how to identify those with actual expertise from those who simply call themselves experts it is important to have a definition of the term ‘expert’. Webster’s dictionary provides the following definition for the noun ‘expert’:

Noun:

“…one with the special skill or knowledge representing mastery of a particular subject”

 Within the context of maritime security, expert, as a noun would be applied as follows:

“Joe is an Expert in maritime security.” 

Making this statement implies that Joe possesses a special skill or knowledge representing mastery of a particular subject.  In this case, the subject is maritime security.  The focus of this statement should be the word “mastery”.  This suggests that Joe possesses an intimate knowledge rather than a passing familiarity with the topic.

Webster’s dictionary provides the following definition for the adjective ‘expert’:

Adjective:

“…having, involving, or displaying special skill or knowledge derived from training or experience”

Within the context of maritime security the term expert, as an adjective, would be applied as follows:

“Joe’s expertise in maritime security is derived from his formal training and experience.”  

Making this statement indicates that Joe has a special skill or knowledge derived from training or experience.  Within this context, the key is “training or experience”.  Without relevant or appropriate training or experience (or both, in most cases), it is difficult to see how a person could be defined as an ‘expert’.

Consider the example of a Doctor that has passed her medical boards.  While the doctor may be a general practitioner and not considered an expert in neurosurgery, she would arguably be considered an expert in medicine relative to those who have not attended similar training or passed the medical boards.  The doctor’s expertise is qualified by training (medical school) and experience (residency), as well as quantified by passing medical school boards.  If a person were to sit at home and read anatomy and medical books they could certainly attain some level of medical knowledge but it is extremely difficult to see how a person such as the one described would be considered an ‘expert’ in medicine.

While it is not suggested that becoming an expert within the maritime security industry is similar to that of becoming a neurosurgeon, the complexity of the industry and the maritime security challenges should not be underestimated since valuable resources and human lives are at stake.  The maritime security industry is complex and the ever-changing regulatory landscape coupled with the changes the pirates’ tactics increase the complexity.  In his popular book, Outliers, Malcolm McGladry references Neurologist Daniel Levetin who says:

“The emerging pictures from such studies is that ten thousand hours of practice is required to achieve the level of mastery associated with being a world-class expert-in anything.””

You can read the full paper here.

PCI DSS and Piracy January 12, 2012

Posted by Heather Mark in PCI DSS, Piracy & Maritime Security.
Tags: , , , , , , ,
add a comment

I’ve been reading quite a bit on piracy lately. Not the adventurous, swashbuckling tales of pirates flying down the Spanish Main, but piracy in its present form. From a purely detached perspective, its an interesting exercise in cause and effect. Natural disasters, for example, have an impact on the surge in piratical acts. The Christmas Tsunami left many Somali fishing villages devastated and took the last legal means of sustenance from many families that depended fishing for their survival. As a result, they turned to piracy. Of course, that is not to say that Somali pirates are the Jean val Jean’s of their day, the thief with the heart of gold doing only what is necessary to survive.  These pirates are violent and aggressive and should not be coddled.  The interesting comparison to the PCI DSS, in my mind, derives from the impact of the crime on the industry and the global reaction to the phenomenon.

Impact of the Crime

Piracy is a crime that has an impact on all consumers. Higher insurance rates, security contingents, longer routes and therefore higher fuel costs, and similar circumstances that result from piracy mean higher prices for consumers.  Any costs that cannot (or will not) be absorbed by the manufacturer or the shipping company are passed on to the consumer. Similarly, data thieves have very definitely left their mark on the consumer. Those of us involved in the electronic payment industry recognize better than most the increased cost structure that has resulted from trying to achieve and maintain compliance with the PCI DSS and the countless data security, data breach notification and consumer privacy laws at play in the United States. Ongoing compliance and security monitoring, evaluating the threat landscape and the cost of validating compliance can quickly add up for companies.  Organizations that are already seeing their margins get squeezed are required to spend additional resources on security and compliance to ensure the safety of consumers’ data. Those costs can sometimes be passed along to the consumer.

Global Reaction

Data security and piracy were both issues that “flew under the radar” until high-profile instances brought them to the public awareness. In the world of transoceanic shipping, the issues that brought awareness were a couple of kidnappings for ransom and the hijacking of the Maersk Alabama. It’s important to note, however, that even before these incidents, the shipping industry and governments worldwide were working on standards and regulations that would mitigate the problem. The reaction from the industry should sound very familiar to veterans of the PCI DSS compliance world – “The standards are too prescriptive.”  “The standards were written by people that don’t
really understand the issues.”  “How are you going to ensure that everyone is complying with these standards?’ “The cost of complying with the standards are too burdensome for small companies.” These concerns should resonate with payment security professionals. The same questions and concerns are often raised about the PCI DSS.

For the payment industry, the events that really brought public awareness were a couple of high-profile data breaches at well-known retailers. The question really is, though, “What is the alternative?”  If neither industry had done anything to address these growing issues, the constituents in the industry would have raised the alarm about the apparent lack of concern from the powers that be.  The catch-22 of the creation and enforcement of the standards is that even though these standards achieve their objective of raising industry awareness and attempting to mitigate the risk of adverse events, the companies that suffer piracy attacks or data breaches are still often cast as the villian (as opposed to the victim) in the scenario.

What’s the Answer?

That is the crux of the matter – are the issues of data security and high seas piracy “solvable?” There are a variety of issues that drive the increase in both crimes.  Economic stability, the ability of governments to project their authority into these areas, jurisdictional cooperation and other factors drive the growth of both types of crimes.

While I cannot confidently address permanent solutions to either problem, I can suggest a shift in perspective. In the realm of data security and payment security, practitioners often attempt to solve the problem by layering more and more technology in front of the sensitive data.  Tokenization is one example of how a shift in perspective can provide alternative solutions. Extracting value from the data makes significantly less attractive to thieves. So instead of asking, “How can we keep thieves from accessing the data?” one might ask “What can be done in the transaction processing chain to render the data unusable to thieves?” We are currently retro-fitting security onto a system that has been in place for fifty years. If we were to remove any preconcieved notions of what a payment infrastructure should look like, what would we design?

UK House of Commons Report: “Piracy off the coast of Somalia” January 7, 2012

Posted by Chris Mark in Laws and Leglslation, Piracy & Maritime Security.
Tags: , , , , , , , ,
add a comment

The UK’s House of Commons Foreign Affairs Committee (FAC) published a report this week titled “Piracy off the coast of Somalia”.  You can read the report here. The 72-page report set out the findings of the FAC enquiry into the efforts of the Foreign and Commonwealth Office (FCO) and the UK Government to combat the increasing levels of piracy off Somalia.

Tackling the use PASGs, the report concluded that “the evidence in support of the use of armed guards is compelling” (emphasis added) but that the “Government must provide clearer direction on what is permissible and what is not”.

The report also said that the risk to pirates of encountering serious consequences is still too low to outweigh the lucrative rewards, and simply returning suspected pirates to their boats or their land provides little long-term deterrence.

US Navy Rescues 13 Iranians from Somali Pirates January 6, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security.
Tags: , , , , , , ,
add a comment

In a move that illustrates the brotherhood of the sea and the disdain for piracy wherever it may be, the US rescued 13 Iranian sailors who had been kidnapped by Somali Pirates.  According to MSNBC, a helicopter from the USS John C. Stennis, responding to a distress call from a merchant ship under attack, chased the pirates to their “mother ship”.  The mothership was an Iranian flagged dhow that had been hijacked earlier.  A counterpiracy team from the USS Kidd then boarded the mothership where they found 15 armed pirates and the 13 Iranian crewmen. The pirates were taken into custody and the Iranians were released in their dhow.  Interestingly, the USS John C. Stennis is the same carrier that Iran had threatened to never allow back into the Persian Gulf.   It is a good day that the Iranian sailors are headed back to their families.

Italian Tanker Hijacked off Oman December 28, 2011

Posted by Chris Mark in Industry News, Piracy & Maritime Security.
Tags: , , , , , , ,
add a comment

An Italian tanker carrying caustic soda was hijacked early Tuesday near Oman.  The ship was carrying 18 people including 6 Italians, 5 Ukrainians, and 7 Indians.   The ship, which wasn’t named, is owned by Manarvi.