With a well prepared crew and a never-give-up attitude, almost any problem in life can be solved.
That was the message Merchant Marine Capt. Richard Phillips delivered Friday to a packed conference room of corporate security specialists at The Cosmopolitan of Las Vegas.
Phillips is well known as the captain of the cargo ship the Maersk Alabama that was hijacked by Somali pirates on April 2, 2009. The five-day incident involving Phillips and his crew is portrayed in “Captain Phillips,” a recently released movie starring Tom Hanks.
“There are three major lessons I’ve learned,” Phillips said in a speech at the 2013 Information Security and Risk Management Conference. “Being the captain of a 17,000-ton ship, I’ve learned how to navigate changing seas. Also you are much stronger than you think you are, and when we choose, a dedicated team can come together and get it done.”
Phillips wrote “A Captain’s Duty,” a book about the incident where four pirates boarded and took control of the unarmed ship in the Gulf of Aden in the Arabian Sea between Yemen, on the south coast of the Arabian Peninsula, and Somalia in the Horn of Africa.
During the standoff, the ship’s crew overpowered one of the pirates. Phillips was held captive in a lifeboat after offering himself in return for the safe release of his crew. Phillips was rescued by U.S. Navy Seals, who shot and killed three of his captors, while a fourth was captured and is now serving a 31-year sentence in a federal prison in Indiana.
Phillips said another important lesson he learned from the ordeal, which can be applied to information security or any business is to “hope for the best, but plan for the worst.” He said he knew as captain of the Maersk Alabama, that it wasn’t a matter of if they were going to be attacked, but when. “We prepared for it,” Phillips said. “Onboard, you don’t want to become complacent, also known as fat, dumb and happy. I had a security drill that lasted about 10 minutes, but the meeting after the drill lasted three times as long. We made sure there was a backup safety room, doors were locked, and everyone knew the safe word.”
Phillips said somehow, when faced with adversity, “we found the strength to do what we needed to do.” He said one of the reasons he is here today was because of a dedicated crew, which took control of the ship when things got worse.
Phillips said the reason he allowed himself to be transferred to a liferaft by the Somali pirates was simple; it was his “responsibility to protect my crew, protect my ship.” He said the plan was to exchange himself for the leader of the Somali pirates, who had been captured by some of his ship’s crew.
After his 40-minute speech, Phillips fielded several pirate-related questions.
“It’s the second oldest profession we deal with,” he said dryly. “We have always faced piracy and we always will. The Maersk Alabama has been attacked seven times, always in that area … near Somalia.”
The four-day annual Information Systems Audit and Control Association conference brought together 750 attendees to a variety of industry topics, including managing key organizational risk from social media; assessing and managing information risk in an outsourced environment; and responding to cyberattacks.
“There is a lot of fear mongering in the industry now,” Google apps product strategist James Snow said. “That isn’t unusual with a new product.”
Snow hosted an hourlong seminar titled “Is Cloud Computing the End of Security and Privacy As We Know It?” His immediate answer was no.
He said most data resides on unsecured endpoints like laptops. Snow said if the data aren’t “managed centrally, it is not secure,” noting that companies spend more than $2 billion on patches annually.
Snow said what “we’ve learned from Edward Snowden is nothing is safe anymore.” Snowden, a former computer specialist with the CIA and the National Security Agency, disclosed top-secret U.S., Israeli and British government surveillance programs to the media.
Snow said Internet “security is an arms race … it is us against the government, and the government against private business.”
Contact reporter Chris Sieroty at firstname.lastname@example.org or 702-477-3893. Follow @sierotyfeatures on Twitter.