Amit opens with a framing that most cybersecurity conversations miss entirely. Ninety percent of global trade moves by sea. Every time something is ordered online, every time a gas station charges more per gallon, every time a supermarket shelf goes empty, a ship is almost certainly part of the reason. That context matters because it explains why maritime infrastructure has become an increasingly attractive target for threat actors operating during geopolitical conflicts. Ships that were once isolated mechanical vessels are now connected digital platforms running satellite communications, automated navigation, cloud-connected operational systems, and remote diagnostics, all managed by crews of 15 to 20 people who are expert sailors, not IT professionals. That combination of high value and low IT coverage makes them, in Amit's words, a sitting duck.
The AI threat discussion takes a dimension here that most enterprise security conversations do not reach. Amit describes the challenge of deepfake voice and video calls in a maritime environment where the hierarchy functions almost like a military chain of command. If a crew member at sea receives what appears to be a video call from the company's CEO giving an instruction or redirecting the ship, the cultural expectation is compliance. That social engineering vector, powered by AI that can convincingly clone voice and appearance, is one of the most difficult threats to defend against because it exploits human deference rather than technical vulnerability. Alongside this, sophisticated polymorphic malware is now evading even advanced endpoint solutions, reinforcing why machine learning-based behavioral anomaly detection is the right tool for shipboard environments where traditional signature-based tools cannot keep pace.
Amit frames AI governance with a clarity that reflects both his dual role and his experience operating in a highly regulated, globally distributed environment. He distinguishes between the experimentation phase, which he believes is over, and the accountability phase, which has arrived. Boards and executives are no longer asking when the pilot will be ready. They are asking who is accountable for the outcome. That shift demands that CIOs and CISOs move from innovation framing to production framing, with real governance, real policies, and real human oversight baked in. He also raises a third-party AI risk dimension that deserves far more attention than it currently gets: even organizations that have not deployed AI internally are already having their data processed by AI through the vendors, insurers, legal firms, and supply chain partners they rely on every day.
Resources mentioned in this episode
Matthew Connor on LinkedIn
CyberLynx Website
Amit Basu on LinkedIn
International Seaways Inc Website
This episode is brought to you by CyberLynx.com
CyberL-Y-N-X.com.
CyberLynx is a complete technology solution provider to ensure your business has the most reliable and professional IT service.
The bottom line is we help protect you from cyber attacks, malware attacks, and the dreaded Dark Web.
Our professional support includes managed IT services, IT help desk services, cybersecurity services, data backup and recovery, and VoIP services. Our reputable and experienced team, quick response time, and hassle-free process ensures that clients are 100% satisfied.
To learn more, visit cyberlynx.com, email us at help@cyberlynx.com, or give us a call at 202-996-6600.
The Arms Race, the Energy Gap, and the Ethics of Teaching AI to Be Good with Alex Dalay - Ep 205
Why Every CISO Must Use AI Now and How to Do It Without Losing Control with Greg McCord - Ep 203
Guest: Amit Basu, CIO & CISO, International Seaways Inc.
Matthew Connor: Matthew Connor here, host of the Cyber Business Podcast. Today we're joined by Amit Basu, CIO and CISO at International Seaways. Amit, welcome to the show.
Amit Basu: Thank you, Matt, and it's my pleasure to be here.
Matthew Connor: It's a pleasure having you. Before we get too far in, a quick word from our sponsors. Hackers are getting smarter — is your security keeping up? Cyberlink sells industry-leading, AI-powered cybersecurity solutions that detect threats in real time, so you know about an attack before the damage is done, not after. Learn more at cyberlinks.com. And now back to our show.
Amit, for those who aren't familiar, can you tell us about International Seaways and your role there as CIO and CISO?
Amit Basu: Yes, of course. I'm Amit Basu, and I serve as the Chief Information Officer and Chief Information Security Officer at International Seaways. International Seaways is one of the world's largest publicly traded tanker companies, headquartered in New York City and listed on the New York Stock Exchange. It is, at its core, a maritime energy transportation company. The company owns and operates 75 large ocean-going tankers that carry crude oil and petroleum products across major shipping routes globally.
In my role as CIO and CISO, I'm responsible for the digital infrastructure and cybersecurity that supports International Seaways' operations — both onshore and across our fleet at sea. I've been doing this for quite some time, but in recent years much of my focus has been on strengthening cyber resilience across our highly distributed environment, which includes shipboard operational systems, satellite connectivity, and the broader supply chain that supports global energy logistics. Like most organizations, we're also beginning to incorporate AI into our operations, business processes, and cybersecurity practices — both to drive more efficient processes and smarter decision-making.
Matthew Connor: That's fantastic. And the timing couldn't be better for having you on. As of today, March 27th, the conflict in the Middle East has been ongoing for several weeks now. I imagine that affects you directly. Has it changed anything on the cybersecurity front?
Amit Basu: That's an extremely timely question. What we're seeing now has been building not just over the last month, but over the last several years, as we've been living through multiple geopolitical confrontations in various parts of the world.
One thing I want to make clear for everyone: roughly 90% of all global trade moves by sea. Every time you order something online, turn on the heat in your home, or buy something from a store, in almost every case a ship made that possible. There are nearly 100,000 maritime vessels around the world, and until something goes wrong, most people never think about them. But whenever there is a global tension — whether geopolitical conflict, severe weather, or a disruption in the Suez Canal — maritime trade gets affected, and suddenly there's a sticker shock. Gas prices double. Supermarket shelves carry higher price tags. That's directly attributable to ships not reaching port and goods not arriving.
Historically, those disruptions were caused by physical threats — wars, weather, mechanical failures. But ships today are no longer just mechanical vehicles. They are networked digital platforms. They depend on satellite communications, automated navigation, remote diagnostics of on-board machinery, and cloud-connected operational systems. They are no longer isolated environments — they're connected to corporate networks, port systems, logistics platforms, and third-party suppliers. That interconnectedness brings enormous capability, but it also makes these ships a potentially lucrative target for cyber threats.
And here's the compounding challenge: even though I'm describing all of this digital complexity, a large ocean-going tanker is typically crewed by only 15 to 20 people who are highly specialized in operating the ship. They are not IT professionals, let alone cybersecurity experts. For a bad actor, that's a very attractive target. In a geopolitical confrontation in a strategic area like the Strait of Hormuz — where roughly 30% of the world's oil passes through — it may actually be simpler to try to disable a ship's navigational equipment, compromise its satellite communications, or spoof its GPS than to deploy a physical military effort. Cyber becomes an asymmetric tool.
So to directly answer your question: yes, cyber threats to shipping have been increasing year after year. But what we're seeing now, building from the Middle East confrontation last year to the situation this past month, is operating at a significantly heightened level.
Matthew Connor: That's quite a challenge. And I'm assuming you're also starting to leverage AI to help fight back on that front?
Amit Basu: That's a very interesting question. We are living in the age of AI, and every company is trying to extract value from it. At the same time, this is a transformational technology that is still maturing, and it comes with real risks alongside the opportunities — the risk of data being exposed to the wrong parties, the risk of AI producing biased or incorrect decisions, and the very human fear factor that comes with any major change.
Like any well-governed organization, we're working to establish strong AI governance before we leap in. We don't want to adopt AI aggressively and then suffer a catastrophic outcome because the technology didn't behave as expected. We need solid guardrails, sound governance practices, and meaningful human oversight.
So we're doing both in parallel: on one hand, we are innovating — exploring how AI can help us detect threats faster, perform behavioral anomaly detection, and catch more sophisticated malware. On the other hand, we're applying some discipline — making sure those things are well-tested, well-governed, and supported by clear policy. The bad actors have no such constraints. They are using AI to its fullest extent right now, attacking organizations ruthlessly — not just maritime companies, but everyone.
The sophistication of today's phishing attacks and social engineering in the AI era is remarkable. We are seeing deepfake video calls and cloned voice calls that impersonate the CEO, directing employees to take specific actions. Who would refuse a video call from their own CEO? And now apply that scenario to a ship in the middle of the ocean, where the culture is almost military in its hierarchy. If the crew receives a call appearing to be from the company's CEO directing them to reroute the vessel, they will most likely comply. That's a deeply concerning attack vector.
And then there is the malware challenge. Today's most advanced malware can evade even the best antivirus and endpoint detection solutions. We need a new generation of tools to catch it. AI is not something we can ignore — we have to use it to counter AI-based attacks. But I'll always add a grain of salt: we must be responsible and deliberate in how we adopt it.
Matthew Connor: I couldn't agree more. There are so many new products out there that are simply LLMs bolted onto existing security tools and marketed as "AI-powered." That actually introduces more problems than it solves — data governance issues, prompt injection vulnerabilities, and so on. I think machine learning is really filling the gap right now, between traditional security tools and where LLMs are eventually heading. Products that use machine learning well — building behavioral baselines, detecting anomalies without the attack surface of a large language model — those are where the real near-term security value lies. Where do you see machine learning playing a role specifically for International Seaways?
Amit Basu: I'll give you a concrete example from our environment. Our ships carry no IT staff on board, and yet they now have a significant mix of IT systems and OT systems. We also allow crew members to bring personal devices that connect to the same internet pipe — Starlink now, which provides substantial bandwidth. So the risk surface is significant. If a sophisticated piece of malware finds its way onto a vessel, I may not know about it for weeks, or even months — traditional endpoint tools may not catch it.
What machine learning does particularly well in this context is install itself on the vessel network, observe traffic over time, and establish a behavioral baseline — both east-west traffic within the ship's network and north-south traffic going to and from the outside. Once that baseline is established over a few months, it monitors in real time. Any anomalous traffic triggers an immediate alert to our shore-side team, who can then remotely log in and assess whether it's a false positive or a real incident. This is exactly the use case you described — the machine learning is continuously learning what "normal" looks like for that specific vessel, so it can recognize when something doesn't fit that pattern and act on it before significant damage is done. It's one of the best applications of network behavior analysis in our industry.
Matthew Connor: That's a perfect illustration of AI in the right place, doing the right thing. It reminds me of the self-driving car analogy — a few years ago it was scary and erratic. Now it's more like a capable teenage driver: you trust it, but you're still watching. The technology is clearly on a trajectory to be better than human reflexes and judgment in that domain. I think we're in a similar position with AI in security.
Amit Basu: I actually had the experience of riding in one of the newer autonomous vehicles recently. Quite decent, overall — though I noticed it had apparently learned some aggressive New York City driving habits. It was cutting lanes and accelerating past slower cars in ways I don't think were part of the original training data. It had picked those behaviors up from local traffic patterns. That's a fascinating and slightly unnerving example of emergent learning.
Matthew Connor: We take a Tesla when we drive up to New York from DC, and it's remarkable to watch it navigate Manhattan. The progress in just the last couple of years is extraordinary. And I think you're right — the AI tools we have today, compared to 2023, are already on a similar trajectory. It's like having a trusted assistant at your side. I genuinely can't imagine my workday without it now. When it's right, it's spectacular — it saves hours of work in minutes. We use it to run tabletop exercises with clients, and then it transcribes everything and produces the full after-action report. Work that used to take hours is done beautifully in minutes.
I'm also genuinely excited about what's coming from a protective standpoint. Think about something as simple as AI running locally on a phone and quietly listening to a call — flagging to an elderly person that what they're hearing sounds like a scam, without sending any data anywhere. Given how much money is lost annually to elder fraud through social engineering, that kind of quietly protective, privacy-preserving AI could be enormously valuable.
Amit Basu: Absolutely. And I think the point about beneficial AI use cases extends to every area of life. Your example is a great one. Wherever you look, there's a meaningful use case where AI can make things better — protecting vulnerable people, improving health outcomes, accelerating scientific discovery.
On the job displacement question that comes up so often: I think about what happened when personal computers arrived. Yes, entire job categories disappeared — typist pools, certain clerical roles. But new categories emerged that hadn't existed before: data analysts, systems administrators, database architects. AI will follow a similar pattern. We're already seeing the emergence of the prompt engineer — a role that simply didn't exist two years ago. Software developers are evolving into software reviewers — they're no longer writing every line of code, they're reviewing and guiding the output. I'm not entirely sure where that path leads in ten years, but I believe new roles will emerge that we simply can't envision yet.
The key is adaptability. The common saying I keep hearing is: "AI may not take your job, but someone who knows AI will." That's exactly right. Whatever your role, understanding how AI can enhance it is no longer optional — it's becoming as fundamental as knowing how to use a personal computer was thirty to forty years ago.
Matthew Connor: That is great advice for anyone who's worried about what's coming. And it's the right mindset. I think about my own daughters — one is in computer science, and even for me, the short-term path seems clear but the long-term gets murky. For parents of ten-year-olds, nobody can predict what the world looks like when they graduate. It's genuinely unprecedented.
Amit Basu: It is very difficult to predict. And I'd add that there's a real risk right now in the rush mentality — the feeling that if you don't get into AI today, you'll be left behind forever, which is causing people to move recklessly. We need to apply some discipline and do it the right way. AI as a foundational technology has been in research since the 1950s — this is a 75-year-old field that has finally reached a stage where it can be applied to everyday life. The underlying technology is sound. What defines our success is how thoughtfully and responsibly we use it from here.
And yes, there will be companies that slap ".ai" on everything and call it a day. But the serious applications — in healthcare, genomics, logistics, security — those will genuinely change what it means to be human. Someone recently made the statement that AI may ultimately have a greater impact on human civilization than fire and electricity. That's an extraordinary claim, but it may not be wrong. Curing cancer, mapping the genome, extending human lifespan — these are plausible outcomes in our lifetimes.
Matthew Connor: I think that will prove to be true. It's a huge statement, but so was electricity when it was new. As for the creativity and arts side — I agree with you that human creativity combined with AI will be something remarkable. The cost of visual effects in film will plummet and the quality will soar. And the artisan — the watchmaker, the painter, the sculptor — will be more valued, not less, because the human hand behind the work becomes the point. I want to see an 80-year-old Tom Cruise hanging off a plane. I don't want to see the AI version.
Amit Basu: Exactly. And there's a wonderful analogy I heard from a student at New York University that I think captures the relationship perfectly: if human intelligence is the sun, then artificial intelligence is the moon. Without the sun, there is no moon. Human intelligence created artificial intelligence. Let's not forget that.
Matthew Connor: That is a perfect analogy. Amit, I can't thank you enough for coming on the show today. This has been a fantastic conversation. Before we go, can you tell everyone where they can find out more about you and International Seaways?
Amit Basu: Absolutely. International Seaways is a public company listed on the New York Stock Exchange under the ticker symbol INSW, so you can find plenty of information about the company through public financial resources or directly at our website: www.intlseas.com. And you can find me on LinkedIn — I'm quite active there and genuinely enjoy connecting and collaborating with people. Search for Amit Basu at International Seaways and I'll be happy to connect and continue the conversation.
Matt, this was an absolute pleasure. We covered so much ground and I think we're really aligned on most of it. Thank you for having me.
Matthew Connor: It was an absolute pleasure. Until next time.