Jim Smith

Amateur radio came first. I was licensed by the Department of Posts and Telegraphs as an amateur radio experimenter back in 1974 – the year before I went to Trinity to study engineering. I took some computer science courses there – I recall writing a traffic lights simulator in PL/1 for one project – but I concentrated mainly on electronic and electrical engineering, graduating as an engineer in 1979. Later on however, I became a pioneer in the cyber security world instead of engineering.

The ESB hired me as an engineer in 1979. I worked in the technical computing service, assisting engineers with their applications and computing infrastructure. A separate computing service provided support for accounts and billing systems. There was a magnificent split – pure animosity – between those two groups.

I was sent on various training courses, mainly about minicomputers. ESB used Data General Eclipses and Digital Equipment VAXes on the engineering side of the company. But its senior management sent out strong signals that the VAX family, which was assembled in Galway, was the right choice for most requirements. We used a VAX 11/750 for power system simulation and operation and, later on, I worked in the Stephens Court office with an 11/780 that ESB bought for design and construction work on the Moneypoint power station.

My earliest encounter with data communications was in or around 1980. We had a 300 baud acoustic coupler, built into a magnificent hardwood box, that was attached to a handset for dialling out through the telephone network. It was only used  for proof of concept purposes. We never found a serious application for it. But I remember taking it home, connecting it up and getting it to connect to our systems.

I also recall installing IBM 3274 data controllers to provide remote access to various ESB offices and sites throughout the country.

In the early 1980s there were jobs all over the place for anyone who had computing experience. I felt that I was not gaining a large enough variety of experiences in ESB at that time. So I moved to Cognotec in February 1984.

Cognotec, at that stage of its development, was like a campus company inside the CII. Brian MacCaba ran it. He had originally joined the CII as an economist, but had turned into an evangelist for videotex-based information services. When I joined, Brian was trying to get the treasury departments of the banks to make foreign exchange data available to businesses with videotex terminals.

CII bought a VAX to run the service from its offices in Kildare Street. We obtained modems from Cornel and user terminals from Philips. A company in Belgium supplied the videotex software. Tom Hardiman was the chairman of Cognotec and I recall Dermot Desmond being an early investor in the company. He seemed to spend a lot of time in our office. Cognotec’s financial accountant was Bernie Cullinan, who subsequently led Performix Technologies and SteelTrace. I was responsible for recruiting technical people.

I stayed in Cognotec for just over a year. By then the financial data service was up and running and we had paying customers. But we realised that the company would need to develop other services in order to pay its way. I had also become very aware of the limitations of videotex. The terminal screens were only 40 characters wide. People were going to want PCs instead.

By now I had become known as someone who could manage VAX systems. The National Software Centre had bought a large one, so I went to work there as the resource facility manager in March 1985. Very quickly, though, I found myself dragged into research projects. One of these was a network security project in Cost-II-ter – the European programme for co-operation in scientific and technical research.

The National Software Centre had been set up by the IDA. It was led by Brian Dugan, who was headhunted from Standard and Poor’s in New York. The original concept for the company was that it could raise development standards in the software industry. The centre would get involved in pre-competitive research through European programmes like Esprit and Race, then bring in software companies as contractors. What actually happened was that academics joined the programmes in order to get funding. It soon became obvious to me that the centre was going nowhere. In December 1986 I went back to ESB and worked in their IT department and in their telecommunications function for the next few years.

I had, however, been impressed by the Cost-II-ter projects. One of these introduced ’the CIA trio’ – the core concept that information security must safeguard against breaches of confidentiality, breaches of integrity and breaches of availability. None of the National Software Centre’s clients had ever told us that they were concerned about these issues. A few years later, though, a group of Irish chief executives began to discuss the potential vulnerabilities in computer networks. The systems in their companies had moved away from batch processing and into online transactions. The CEOs had noticed that sensitive data was passing through their networks.

Jim Smith in 1989. Photograph by Frank Fennell Photography on behalf of ESB

Apart from the two big banks, however, no organisations in Ireland had set up an information security function. In August 1989 ESB advertised internally for a computer security manager. The new role was deliberately kept separate from the computer department – bridging the divisions between its IBM and Digital Equipment systems and the rival technical and commercial services. Six or seven people applied for the job. I was appointed in November 1989. I was still just 31 years old.

Throughout the early 1990s my responsibility was to create an embryonic cyber security function for ESB. At that time people were more aware of internal threats, such as the alteration of files, than of the risks from external sources. ESB was, however, an early adopter of technologies like firewalls and anti-virus toolkits.

While I was in the National Software Centre I had seen the EuroKom service and what Simon Kenyon was doing with the UUCP gateway for Unix users. I also knew Mike Nowlan and Cormac Callanan through DECUS. Not long after I was appointed, I took out a subscription to the online service they provided to the Irish Unix Users Group. I could use it for e-mail and to access Usenet groups that discussed security. When Mike and Cormac started IEunet I became an early customer of its internet service.

Because there was no way to access IEunet through the ESB computer networks, I got a phone line to my desk and connected through a dial-up modem. I was also able to dial in from home. It was not long before I started helping other people in ESB to do the same thing, mainly so that they could access technical news groups. All of the demand was bottom-up. Using the internet was a personal thing. Individual tech heads knew about it and wanted to get into the new technology. It would be many years before internet usage and infrastructure became a specific budget item and thus came to the attention of senior management.

We had internal e-mail in ESB through the Digital All-in-1 office information system. But anyone who wanted external mail in the early 1990s had to ask for approval from the IT Security function and their Head of Department. We did not get too many people looking for it initially. The company did not allow everyone to have access until some time in the mid-1990s. I remember making sure that we reserved the esb.ie and esbi.ie domain names, but I was not involved in any decisions about developing a web site.

By 1995 internet and web security were live issues. There was a huge emphasis on combating viruses and a lot of talk about encryption. I was dealing with the London-based European Security Forum and with security product vendors like Dr Solomon’s and the Peter Norton Computing Group inside Symantec. ESB was also an early adopter of Websense’s internet usage monitoring software.

The job description for the information security manager did not change much over the years. I remained in that role until 2011 and I finally left ESB in November 2012. But I have stayed active in amateur radio to this day and also keep a close eye on the cyber security and data privacy world.

Last edit: October 2015

 © Jim Smith 2015