Before internet communications took off in the early 1990s, computer security was essentially a matter of physical protection: activities like contingency planning for fire and flood, restricting the number of people who could access terminals or preventing employees from inserting floppy disks that might contain viruses into company PCs. Locks and logbooks were still pieces of hardware.
Online environments presented different challenges and required new methods of authenticating users, verifying transaction data and detecting suspect files. The practice of IT security, indeed, moved online through the introduction of managed services. This archive looks back through the transition years.
Ireland’s software industry made a significant contribution to online security through the development of encryption toolkits, firewalls and identity management applications. Much of the expertise came out of academic research and the participation of Irish organisations in European Union programmes. Other developers entered the field through their practical experience of delivering information or recording payments over the internet.
The archive begins in the early 1990s when the consulting firms that had traditionally advised data centres on how to protect their systems were eclipsed by security product companies. Some developed their own applications. Others sourced and distributed emerging types of security software. It culminates after the turn of the century, when the limitations of technologies for e-mail encryption and digital certificate management were becoming evident and an over-ambitious identity management project was trying to streamline online access to Ireland’s state services.
Online Security – Controls, Certificates and Cryptography
Interactive timeline unavailable. This is the text only version.
| 1990 | Rits launch | Dublin-based Rits was established as an information security specialist. The company described itself as the first in Ireland that was dedicated to developing IT security solutions. |
| 1990 | McAfee arrives | Systemhouse Technology introduced the McAfee range of anti-virus products to Ireland.
At this time McAfee Associates was a small specialist firm with around a dozen staff in Santa Clara, California. |
| August 1990 | Baltimore changes direction | Baltimore Technologies named Pat Cremin as managing director. Cremin had previously worked at Ericsson, where he led the development of an experimental cashless payment system.
Under his predecessor, Jim Mountjoy, Dublin-based Baltimore had focused on software development and consultancy services for telecommunications providers and European research programmes. It had also built up a sideline in cryptography, which now became its core activity. Company owner Michael Purser was a Trinity College Dublin lecturer in computer science and mathematics. Baltimore’s concentration on the mathematics behind public key cryptography reflected his research interests. |
| January 1991 | EuroKom restructures | UCD campus company EuroKom was reorganised as a self-supporting business.
EuroKom ran online conferencing and database services for participants in European research programmes under a series of short-term contracts from the European Commission. These services were previously managed by UCD Computing Ltd, a spinoff from the college’s internal IT service. The company’s new status allowed it to seek additional customers among commercial organisations, financial institutions and government agencies. EuroKom gradually evolved into a managed e-mail specialist, screening customers’ messages for viruses and other malware. |
| 1991 | Civil service awareness | The Central Information Technology Service (CITS) at the Department of Finance designated 1991 as a ‘security awareness year’ for the civil service.
The group, which had introduced a government telecommunications network in 1989, issued guidelines for risk reduction on wide area networks. CITS also released its own series of papers on computer security during the year. |
| March 1991 | Crypto-System Toolbox | Baltimore Technologies launched its Crypto-System Toolbox (CST), a system for building secure applications for tasks like electronic funds transfer, e-mail and document exchange.
The toolset offered a choice of cryptographic algorithms, including the company’s own proprietary algorithm, as well as access control and secure backup features. Baltimore marketed CST as a standalone system as well as using it to develop applications for customers. |
| April 1991 | Encrypted phone calls | Intrepid launched the Milcode secure telephone for military and government users, based on a combination of speech processing and encryption technologies. The company designed this product with assistance from all three Dublin universities and the defence forces. |
| May 1991 | Symantec facility | Symantec commenced the production of packaged software for customers outside North America at a new facility in Blanchardstown.
The company had recently entered the anti-virus product trade by acquiring Peter Norton Computing. At this time, however, its security software was just one element in a broad portfolio of applications and utilities for Windows and Macintosh computers. |
| January 1992 | Michelangelo | A PC virus that was designed to activate itself on 06 March, the birthday of Renaissance artist Michelangelo, attracted international attention, particularly when it was reported that respected computer and software manufacturers had inadvertently shipped it to their customers.
The Michelangelo virus spread via floppy disks and corrupted data on hard drives and floppy disks alike. The actual level of damage on 06 March was fairly low, but the alerts increased public awareness of virus threats in much the same way as the online virus incidents of later years. |
| March 1992 | Securing Cosine | The Cooperation for Open Systems Interconnection Networking in Europe (Cosine) project commissioned Dublin-based Baltimore Technologies to introduce, prove and operate security mechanisms for selected services. The contract was valued at €350,000 and was the latest in a series of tasks that Cosine awarded to Baltimore.
The Cosine project was a major component in the industry-led Eureka research and development programme. It focused on computer networking for the European academic and industrial research community, promoting the OSI model and specifications. |
| May 1992 | Anti Virus Service | Technology Systems Dublin launched a new subsidiary, Anti Virus Service, headed by Eamonn Gilmore. The start-up offered data protection software from three established product vendors: Symantec, Dr Solomon’s and Sophos. |
| 1992 | Dr Solomon’s debut | Dun Laoghaire-based start-up Priority Data Systems introduced Dr Solomon’s anti-virus products to Ireland.
Managing director Alec Florence founded the company to specialise in security consultancy and products for personal computer networks. |
| August 1992 | Infection level | Security software distributor Renaissance Contingency Services estimated that 90 per cent of Ireland’s top 500 companies had experienced some form of virus attack over the previous year.
Renaissance, which was formed in 1987 by Denis Woods and Michael Conway, supplied and supported virus scanning software from Sophos. |
| October 1992 | Disknet | Data protection software vendor Reflex Magnetics appointed Waterford-based consultant Richard Foley as its Irish agent. Disknet safeguarded computers against virus infection by monitoring the exchange of disks from one system to another. |
| April 1993 | Bulletin board | Richard Foley established the Bugblatter bulletin board system to distribute international reports of new computer viruses. The service grew out of his marketing of Reflex Magnetics’ Disknet data protection software for PC networks. |
| October 1993 | PC Review | Security software developer Rits released the first version of its PC Review product and supplied copies to Aer Rianta and AIB.
This inventory management application logged the numbers and locations of systems and software licences in organisations with large collections of PCs. |
| 1994 | PD Secure | Priority Data Systems launched its PD Secure access control and security product for PCs. The software combined visible controls, such as password protection, with owner registration and administration procedures that end users could not see. |
| 1994 | Firewalls from Galway | Digital Equipment formed an internet security product development unit at its European software centre in Galway. This group initially worked on the corporation’s firewall technology for Unix-based servers. |
| February 1995 | Teri Hatcher incident | A postgraduate student at Dublin City University uploaded pictures of American actress Teri Hatcher to the web, attracting an unprecedented volume of internet traffic and an unexpected spike in network charges.
This incident led HEAnet’s network management committee to formulate policies on user access and traffic control. Its action, in turn, alerted the wider internet community to the need for new approaches to service administration. |
| March 1995 | PC monitoring | Rits released version 2 of its PC Review monitoring application for PC software and hardware inventories.
Designed for organisations with at least 70 computers, this was the first edition of the product that was made widely available. Renaissance Contingency Services distributed PC Review in Ireland. Rits also appointed resellers in Belgium and the UK. |
| April 1995 | Inflo emerges | Co-founders David Doherty and Maurice McMullin launched Inflo Communications to distribute and support high-level messaging systems and internet gateways. These included enterprise communications products from Canadian vendor SoftArc.
The Donegal-based company subsequently developed its own software and evolved into an e-mail security specialist. |
| July 1995 | ICL’s encryption | ICL’s information technology centre in Leopardstown demonstrated new encryption software for location codes on the World Wide Web. This technology offered access controls and billing mechanisms for electronic publishing and retailing. |
| August 1995 | WW6Macro | Security specialists reported the first sighting of a virus that infected systems via document files rather than executable code. WW6Macro was also the first ever multi-platform virus, affecting multiple versions of Microsoft Windows and Apple Macintosh computers. |
| October 1995 | Internet mail checker | Integralis appointed Priority Data systems as a distributors for its MIMEsweeper. This software offered automatic checking for incoming e-mail and alerted network managers to the presence of any viruses. |
| January 1996 | PC protection | Dublin-based Rits, developer of the PC Review inventory monitoring system, introduced three complementary products: PC Logon for access control product, Private File for encryption and Drivelock Control, which provided boot protection. |
| March 1996 | Civil service firewall | Silicon Graphics’ Irish distributor Sysnet recorded its first firewall sale in conjunction with the HEAnet’s contract to provide internet connectivity to the civil service.
This project required just a single firewall server – an entry level Indy workstation running Gauntlet security software, which was originally developed by US vendor Trusted Information Systems. |
| 1996 | Local government messaging | The Local Government Computer Services Board selected EuroKom to provide managed e-mail services to all local authorities. The company subsequently developed direct relationships with individual city and council councils, offering a broad range of connectivity and secure communications options. |
| 1996 | Baltimore sold | Baltimore Technologies’ founder Michael Purser sold his network security software firm to a team financed by Dermot Desmond. Fran Rooney, who had previously worked in Quay Financial Software, became managing director.
The company’s new leaders were more focused on software products than their predecessors, concentrating on encryption and certification tools for internet communications and electronic commerce. |
| August 1996 | Priority in America | Priority Data Group opened a North American sales and support office for its PC Secure access control software in Natick, Massachusetts. The company also expected its US subsidiary to resell security products from other vendors. |
| November 1996 | Trintech integrates | Trintech Group and Microsoft announced an agreement to integrate Trintech’s PayWare payment processing software with Microsoft Merchant Server. This combination supported the authorisation and management of purchases through the internet. Bank of Ireland became the first financial institution to implement Trintech’s technology for web commerce.
Dublin-based Trintech was also working with Netscape Communications on a version of PayWare that integrated with Netscape’s SuiteSpot server software. Both of these alliances involved compliance with the Secure Electronic Transaction (SET) industry standard, which facilitated secure credit card payments over the internet. |
| January 1997 | Online banking begins | Bank of Ireland became the first bank in the country to offer secure online banking services to personal customers.
The Banking 365 On-line service used Digital Equipment’s DECmessageQ to access account information in the bank’s mainframe systems. Nested firewalls and 64-bit key encryption secured the service. |
| February 1997 | Secure web sites | Internet service provider EUnet Ireland launched a secure web site hosting service that used digital encryption to protect portions of its customers’ sites. Known as InterWeb Plus, the service encrypted the information transmitted from virtual servers to authorised viewers.
EUnet reported a high level of interest from organisations that held personnel records and credit card data. |
| February 1997 | UniCert unveiled | Baltimore Technologies announced the UniCert system for issuing and managing digital certificates that authenticated the identities of internet users. This Certification Authority software was the centrepiece of the company’s new series of security products, all built with its Crypto Systems Toolkit.
Baltimore had recently signed a major contract with the European Union to introduce a Certification Authority service throughout Europe. This service, Unitrust, was scheduled to start in July 1997. |
| March 1997 | TrustedWeb | Software and Systems Engineering Limited (SSE) launched TrustedWeb, an access rights management system for web servers.
SSE, a subsidiary of Siemens and Siemens Nixdorf, was based in Dublin and had previously specialised in developing OSI applications. TrustedWeb, which originated in an EU research project, permitted or prohibited client browsers to access servers according to the users’ roles. The system, which incorporated a 128-bit encryption algorithm, assigned access rights to groups of people rather than individuals. |
| April 1997 | MailSecure | Baltimore Technologies launched MailSecure, a product that enhanced existing e-mail packages with digital signatures and encryption for messages and attachments.
MailSecure was compatible with the emerging S/Mime standard for internet e-mail encryption and authentication and it could integrate with Baltimore’s UniCert system. |
| June 1997 | Kerna’s firewall | Kerna Communications developed a Java-based firewall as its first software product. The company, which originated in UCD’s computing services group, had previously installed and supported third party firewalls. |
| August 1997 | General Motors deal | Priority Data Systems won a deal to supply an enhanced version of its PD Secure software to General Motors offices around the world. PD Secure offered a collection of tools that controlled access to individual PCs on a corporate network.
This software rollout was part of an EDS contract to install a new selection of PC applications on 55,000 systems during the first half of 1998. General Motors awarded the contract after Priority Data added functions like directory locking, a single sign-on for PD Secure and NetWare, and the ability to lock a user account when successive log-ins failed. |
| October 1997 | UniCert ships | Baltimore Technologies shipped its UniCert Certification Authority system, providing a security framework for services like internet shopping, web banking and online trading. |
| October 1997 | TrustedMime | Software and Systems Engineering released TrustedMime, a secure internet mail product that complemented the company’s TrustedWeb access control system.
TrustedMime employed strong encryption to protect confidential messages, applying digital signatures to outgoing e-mail. |
| December 1997 | Entropy’s partners | Network integration specialist Entropy diversified into security applications by becoming the Irish distributor for vendors Check Point Software Technologies and Security Dynamics Technologies. Israeli developer Check Point offered firewalls for virtual private networks, while Massachusetts-based Security Dynamics supplied user authentication software. |
| January 1998 | SecurID in ESB | The ESB selected Security Dynamics Technologies’ SecurID system to restrict access to confidential information on its corporate network. SecurID controlled access rights through a combination of user authentication tokens and one-time passwords. |
| February 1998 | PostGem authority | PostGem announced plans to establish a national certification authority service for e-commerce in Ireland, built on Baltimore Technologies’ UniCert system. Brendan McMorrow was the project manager. |
| March 1998 | SETbuster | Delphium Technologies announced its SETbuster technology for internet commerce, offering secure credit card clearance services for web sites without the expense and registration procedures required by the card companies’ Secure Electronic Transaction (SET) standard.
The founders of Delphium previously worked together at Eirtrade Services. |
| April 1998 | Trintech-RSA partnership | Trintech agreed to license RSA Data Security’s S/PAY suite for developers of card payment applications based on the Secure Electronic Transactions (SET) communications protocol. This partnership aimed to expand the capabilities of S/PAY so that it could also support micropayments, electronic cheques and cash cards.
RSA’s parent company, Security Dynamics Technologies, undertook to invest up to $5 million in Trintech in conjunction with the agreement. |
| June 1998 | Vendors merge | Network Associates announced the acquisition of Dr Solomon’s Group. By 1998 these two vendors had come to dominate the market for virus protection software in Ireland. |
| July 1998 | AltaVista Firewall | Digital Equipment shipped the AltaVista Firewall 98, the latest internet firewall developed its centre in Galway. This release introduced the concept of ‘demilitarised zones’ on corporate intranets – isolated LANs that external users could access, subject to rules set by administrators. |
| July 1998 | PKI-Plus | Baltimore Technologies announced its PKI-Plus toolkit for software developers, enabling them to integrate Public Key Infrastructure (PKI) security functions into new and existing applications.
According to the company, customer organsations had already adopted PKI-Plus before the launch for e-commerce and enterprise applications, including secure payments, online shopping, virtual private networks, secure EDI and secure e-mail. |
| September 1998 | Digital signing ceremony | Taoiseach Bertie Ahern and US President Bill Clinton used digital signatures to sign an intergovernmental document at a ceremony in Dublin.
According to Baltimore Technologies, which supplied the enabling technology, this event was the first ever international digital signing ceremony. The two leaders used personal smart cards that contained digital certificates for authentication purposes, attaching their signatures to the document from separate computer screens. |
| October 1998 | OrbixSSL | Iona Technologies released its OrbixSSL middleware for C++ and Java developers, enabling them to add authentication, data encryption and digital signatures to new or existing applications. This product was based on secure sockets layer (SSL) encryption technology. |
| November 1998 | Priority customers | Priority Data Systems claimed more than one million users and an annual revenue stream of around £1 million for its PD Secure software. |
| December 1998 | Consus | Inflo Communications completed the development of Consus, a security gateway for internet e-mail.
Built on an encryption engine from US vendor Entegrity Solutions, this product channelled all the messages to or from an organisation through a dedicated server. Inflo promoted the system as simple to install, transparent to users and compatible with standard e-mail clients. |
| December 1998 | Zergo buys Baltimore | London-based Zergo Holdings agreed to acquire Baltimore Technologies in a transaction worth approximately $55 million. The merger was completed in less than a month. The combined organisation subsequently traded as Baltimore Technologies plc. |
| December 1998 | EuroKom buyout | The EuroKom management team of John Conroy, Seamus Conlon and Tom Wade bought the company from UCD.
Shortly afterwards EuroKom left its office on the UCD campus and opened new premises in Stillorgan. |
| January 1999 | Young Scientist | Sarah Flannery of Scoil Mhuire Gan Smal, Blarney, was named as the Esat Telecom Young Scientist of the Year for her achievements in a cryptography project.
Her research into algorithms that involved quaternions had originated in a work experience placement at Baltimore Technologies. |
| January 1999 | Entropy-Entrust partnership | Entrust Technologies authorised Entropy to distribute and implement its products in Ireland.
Entrust, whose headquarters were in Ottawa, was a network security spin-off from Nortel. Its core activity was the development of public key infrastructure (PKI) software for digital certificates. Entrust was thus a direct competitor to Dublin-based PKI specialist Baltimore Technologies. |
| January 1999 | Political cyber-attack | A cyber-attack on Connect Ireland’s servers forced the Dublin-based internet service provider to suspend its operations.
The politically-motivated incident centred on the .tp top level domain. Connect Ireland had registered this virtual country domain in December 1997 on behalf of an independence movement in East Timor. The registry supported this group’s campaign against the occupation of East Timor by Indonesia and the attack was immediately attributed to hackers acting for the Indonesian government. Connect Ireland logged 60 million hits on its servers in three weeks. East Timor eventually achieved independence in May 2002. |
| February 1999 | Rits-ISS partnership | Rits added adaptive network security to its services through a partnership with Internet Security Systems (ISS). This enabled the Dublin company to offer penetration testing – a formal approach to probing a computer or network system for weaknesses.
ISS had developed the SafeSuite family of products to protect corporate networks from security breaches via the internet as well as internal threats. |
| March 1999 | Danu arrives | Entrepreneurs Alex Kollontai and Andrei Chapchaev established Danu Industries in Dundalk to create and export software based on encryption algorithms from their Moscow-based company Infotecs.
The founders came to Ireland to take advantage of the country’s relatively liberal laws on cryptographic exports. Danu’s flagship product was a virtual private networking and remote access application, which encrypted data traffic at the IP layer. Former Microsoft executive Mike O’Hagan became its chief executive officer. |
| April 1999 | Melissa | The Melissa e-mail macro virus, widely described as the fastest spreading virus seen to date, generated an unprecedented level of publicity. Melissa was contained in a Microsoft Word document attached to an e-mail with the subject line ‘Here is that document you asked for. Don’t show anyone else’. |
| April 1999 | ChamberCert | The Chambers of Commerce of Ireland (CCI) licensed the Baltimore UniCert system to establish a digital certification service for member organisations. It described this system, ChamberCert, as the world’s only certification authority that would be owned and managed by a not-for-profit organisation.
CCI planned to offer registration through its network of offices across Ireland, issuing digital certificates to holders whose identity had been independently verified by their local chamber of commerce. |
| May 1999 | Flexicom Gateway | Flexicom, a Dublin-based multi-currency card payment software developer, introduced its Flexicom Gateway for secure payment processing over the web. The product was primarily targeted at banks. Flexicom also released web-enabled versions of its payment applications for credit card acquirers and merchants. |
| June 1999 | Explore/Zip | Systemhouse Technology reported that the Explore/Zip computer worm had spread into Ireland via e-mail messages and affected a number of organisations.
This worm deleted files on infected computers, then forwarded itself to other mail addresses by generating replies to existing messages in the system’s inbox. |
| August 1999 | Vordel launch | Derek O’Carroll founded Vordel to develop XML-based e-business applications. Vordel soon came to focus on enabling technologies for legally-binding business-to-business transactions. |
| September 1999 | Trust365 | VeriSign appointed Trust365 as its affiliate in Ireland, authorising the start-up company to sell its public key infrastructure and certification authority facilities as a managed service. VeriSign’s Dutch affiliate, Roccade Megaplex, supplied the enabling infrastructure.
Trust365 founder Patrick Reynolds targeted healthcare and financial services as his two main markets. |
| September 1999 | W/Secure | Baltimore Technologies announced W/Secure, an authentication and integrity software development kit for wireless internet data. This new software was an implementation of the Wireless Transaction Layer Security (WTLS), the security layer for Wireless Application Protocol (WAP).
Baltimore named Belfast-based WAP gateway developer Apion as the first customer for W/Secure. |
| September 1999 | Voicevault | Buytel, a three-year-old voice processing specialist, launched its Voicevault verification service. The Dublin company described this as ‘the world’s only entrusted third party voice service for applications such as telephone or internet banking’ and capable of delivering a voice verification result anywhere in the world in less than half a second.
Voicevault utilised ITT Industries’ Speakerkey software for voice imprint recognition. |
| October 1999 | Eircom-Viasec link-up | Donegal-based e-mail encryption specialist Inflo Communications changed its name to Viasec and announced that Eircom had acquired a 30 per cent shareholding in the firm.
In the months preceding this investment the company had opened offices in London, Munich, Boston and San Jose to sell its Consus software. Viasec thus represented itself as an international supplier of public key infrastructure applications. |
| December 1999 | Mypics | Systemhouse Technology issued a virus advisory to its customers that a ‘Y2K worm’ called Mypics was self-propagating via e-mail.
Mypics not only erased data on PCs, but also exploited computer users’ concerns about the risks that the turn-of-the-millennium date change presented for their systems. This worm misled users into thinking that their machine had a Y2K problem. |
| December 1999 | PKI Forum | Five public key infrastructure (PKI) vendors created the PKI Forum to accelerate the adoption of PKI technology for e-business applications. The new group aimed to increase customer knowledge about PKI-based security and to demonstrate standards-based interoperability among its members’ products. Baltimore Technologies, Entrust Technologies, IBM, Microsoft and RSA Security were the founding companies.
Nine month later the PKI Forum had grown to more than 80 member organisations. |
| January 2000 | Post.Trust | An Post transferred responsibility for its digital certificates initiative to Post Consult International, following the sale of its PostGem subsidiary to Esat Telecom. The project to design a certification authority service continued under the name Post.Trust. |
| January 2000 | Telepathy | Baltimore Technologies launched Baltimore Telepathy, a security framework for mobile commerce. This new product family included encryption for WAP sessions, a security gateway from a mobile phone to a web server and a WAP version of the UniCert system for digital certificate management. |
| January 2000 | Baltimore buys CyberTrust | Baltimore Technologies announced a $150 million agreement to acquire CyberTrust, a subsidiary of GTE Corporation. Massachusetts-based CyberTrust developed certificate authority systems and ran hosted services in the US and Japan. |
| February 2000 | Copperfasten | A group of engineers who had previously developed firewall products for Digital Equipment and Compaq set up Menlo Park Technologies in Galway. Its first product, Copperfasten, combined XML technology with public key infrastructure tools in a content security system for web sites. |
| March 2000 | Secure e-business centre | Siemens designated its Irish subsidiary, SSE, as a global centre of competence for secure e-business. This positioned the company to expand its research and development capabilities in areas like biometrics, smart cards and wireless internet technologies. |
| March 2000 | Team400 migrates | EuroKom inherited the Team400 customer base, following a decision by Trinity Technology Group to phase out its managed e-mail service. Team400 had about 50 corporate users.
Like EuroKom, Team400 had offered on-the-fly virus scanning of its customers’ messages. |
| March 2000 | Vordel acquires Delphium | Dublin-based Vordel announced the acquisition of secure e-commerce firm Delphium Technologies and named Delphium’s managing director Mark O’Neill as its new technical director. |
| April 2000 | Fulcrum Distribution | Entropy announced the transfer of its product distribution business into a separate company, Fulcrum Distribution, led by Martijn Vrugteman. The new organisation focused on IT security, acting as the Irish representative of vendors such as Check Point Software Technologies, Content Technologies, Stonesoft and Websense. |
| April 2000 | Security breaches | A survey of network security practices in Ireland’s top 500 companies by Rits IT Consultants found that just over half had experienced some form of security breach from external sources.
Most of these incidents involved virus infections, but ten per cent of the respondents reported unauthorised access attempts. |
| May 2000 | Iloveyou | The ‘Iloveyou’ internet worm, a derivative of Melissa, spread rapidly in the firm of an e-mail attachment.
Iloveyou – also known as VBS.LoveLetter.A –targeted systems running Microsoft Windows with Windows Scripting Host enabled. It thus hit hardest in organisations that had standardised on Microsoft web browsers and mail clients and, indeed, was disseminated in Ireland via messages from Microsoft’s business partners. |
| May 2000 | Public services broker | The government mandated a new agency, Reach, to build a ‘public services broker’ – an enabling infrastructure for secure electronic access to the full range of public services.
The conceptual model for this initiative envisaged a single web site that would integrate users’ access to multiple services, sharing data across those services when appropriate. Reach, a cross departmental team of civil servants based inside the Department of Social and Family Affairs, assumed responsibility for making the ‘broker’ a reality. |
| May 2000 | Hush HQ | Hush Communications moved its global headquarters from the US to Dublin. The company had launched Hushmail, a free encrypted managed e-mail service, in May 1999. It gradually added premium and industry-specific features for paying customers.
Hush, which held a US patent for its key pair management technology, subsequently transferred its head office to Vancouver. |
| 2000 | Protection for bank | Bank of Ireland awarded a contract to Systemhouse Technology to implement and support an enterprise-wide virus prevention policy. The project was based on Symantec products and the bank obtained a licence for up to 25,000 nodes of the vendor’s Norton AntiVirus software. |
| July 2000 | Secure government services | Baltimore Technologies and Andersen Consulting announced a strategic alliance to deliver electronic government services around the world. This partnership followed the companies’ collaboration in Ireland on a secure internet-based tax return application for the Revenue Commissioners. |
| August 2000 | Online security management | Priority Data Group unveiled plans to enter the managed services business in early 2001. The company intended to provide online anti-virus and intrusion monitoring services based on Network Associates products. |
| September 2000 | Layered security | Start-up Trust5 announced a unique ‘layered security mechanism’ for authenticating payments through the internet and mobile networks. The company employed voice verification security from Buytel, which became one of its shareholders, to identify the holders of credit cards, passwords or PIN numbers.
Trust5’s founders, including chief executive Paul O’Grady, previously worked at the Dublin office of ABN Amro Bank. |
| September 2000 | Vordel CEO | E-business transaction specialist Vordel named former Siemens executive David Ryan as its new chief executive officer. |
| September 2000 | Baltimore buys MimeSweeper | Baltimore Technologies announced an agreement to acquire Content Technologies (formerly Integralis), the developer of the MimeSweeper range of content security software. The value of this all-share transaction was approximately $992 million. |
| October 2000 | Firewall appliances | Systemhouse Technology launched WatchGuard’s firewall appliances in Ireland. These plug-and-play internet security products catered for organisations of all sizes, including smaller firms without in-house security specialists. |
| November 2000 | Hilton contract | Baker Communications won a large firewall configuration and management contract for the Hilton International hotel chain, following a pilot implementation in the Caribbean. The initial contract covered 110 locations around the world.
Baker used Lucent Technologies’ VPN Firewall Brick to secure the network, establishing a network management hub at a WorldCom facility in London and controlling it remotely from its office in Dublin. |
| November 2000 | TopSec Authoriser | SSE unveiled TopSec Authoriser, a secure user authorisation system for the internet or private intranets. This product added privilege management capabilities to a public key infrastructure, so that organisations could specify which applications and information should be accessible to an individual user. |
| December 2000 | Baltimore-Macalla agreement | Baltimore Technologies teamed with two-year-old Dublin firm Macalla Software to provide security for mobile e-commerce. Macalla licensed Baltimore’s KeyTools Pro software for developers and added public key infrastructure capabilities to its Mobility framework for mobile commerce applications. |
| January 2001 | EuroKom management | Seamus Conlon took charge of secure e-mail service provider EuroKom following the death of former managing director John Conroy.
The company now claimed around 300 customers and was piloting a mobile version of its secure messaging service. |
| February 2001 | Danu departs | Danu Industries closed its development unit in Dundalk. CEO Michael O’Hagan left the company and its sales and marketing unit moved to Britain. |
| February 2001 | Viasec closes | Software developer Viasec shut down with loss of 50 jobs and was placed into liquidation. The company’s collapse coincided with a decision by Eircom to abandon a number of its internet-related investments. |
| April 2001 | Mobility SafeGuard | Mobile commerce framework supplier Macalla Software claimed that its newest product plugged a security gap in the Wireless Application Protocol (WAP). Macalla’s Mobility SafeGuard protected data that momentarily decrypted and re-encrypted before it was transmitted through a wireless gateway. The company promoted this technology among WAP users in the financial services industry. |
| April 2001 | Wireless encryption | Vordel claimed a world-first secure communications option for mobile networks when it announced a version of its TalkXML product suite for devices running the Windows CE wireless operating system. This enabled users to sign and encrypt sensitive information for transmission over a GSM network.
The mobile edition of TalkXML incorporated digital certificate technology from Baltimore Technologies. |
| May 2001 | OpenPGP Alliance | Dublin-based Hush Communications became one of the founding members of the OpenPGP Alliance.
This international industry group aimed to promote the OpenPGP encryption standard for online communications. It offered technical compatibility testing across encrypted e-mail systems and planned to extend the OpenPGP format to protect applications other than e-mail. |
| June 2001 | Proof of concept | The Reach Agency selected KPMG Consulting to build a proof-of-concept version of the proposed public services broker. |
| July 2001 | Directive deadline | 19 July was the target date for implementing EU Directive 99/93, which established a legal framework for electronic signatures in the European Union. This directive specified minimal requirements for digital certificates, certification service providers, signature creation and verification devices. Most EU member states met the implementation deadline. |
| August 2001 | Baltimore restructures | Baltimore Technologies announced a restructuring and cost reduction programme that included the transfer of its content security business into a separate business unit. The move came less than a year after the company had created this unit by buying Content Technologies. |
| September 2001 | Espion | Colman Morrissey, Jim Lehane and Colm Murphy established intrusion detection software specialist Espion in Dun Laoghaire.
The company focused initially on product distribution through resellers, but later moved into training and consulting services for internet security. |
| September 2001 | Payments partnership | Two Irish software firms announced an alliance to create a payment authorisation system for mobile commerce transactions.
This partnership would integrate Trust5’s T5 Securepay technology, which used voice identification to verify online payments, with Network365’s mZone Secure Digital Wallet for payments via mobile devices. The companies described the combination as ‘the first end-to-end total security solution’ for transferring money to and from mobile phones. Trust5 subsequently specialised in mobile application development. |
| January 2002 | Priority reorganised | Unit 4 Agresso, an international computer services group headquartered in the Netherlands, injected working capital into Priority Data Group. This agreement made provision for Unit 4 Agresso to acquire the company at a future date.
Founder Alec Florence left Priority Data and Pat O’Connor became its CEO. The new management ended the company’s development activity and the final support agreements for its PD Secure product expired on the last day of 2001. |
| January 2002 | Baltimore divests | Baltimore Technologies accepted a $30 million offer from Clearswift Corporation to purchase its Content Technologies subsidiary. |
| February 2002 | VordelSecure | Vordel released its VordelSecure security framework for web services, which subjected all XML-based enterprise communications to a rigorous set of credential checks. The platform also generated a digitally signed audit trail for administrators.
The company subsequently teamed with HP, Intel and Microsoft to market VordelSecure to financial institutions. |
| February 2002 | SSE acquired | Guardeonic Solutions, a Munich-based security software firm, took over Siemens’ SSE subsidiary and its online security products. |
| March 2002 | Acecedes | Robert Baker launched Acecedes, a new venture that planned to build and operate virtual private networks using Avaya’s VPN gateways and Lucent’s VPN Firewall Brick. |
| April 2002 | Reachservices.ie | The Reachservices.ie web site went live, offering a single gateway to online government services. Registered users could enter core personal details for automatic insertion into forms for different government departments and agencies.
This site was produced by KPMG Consulting as a proof-of-concept project in preparation for the public services broker. It was now evident that the development of the broker itself would take much longer than originally planned. |
| April 2002 | Honeynet | Three companies – Deloitte & Touche, Espion and Inflow – launched the Irish Honeynet project, which aimed to quantify the extent to which hackers were attempting to break into the internet infrastructure in Ireland.
The partners created a non-functioning web site management system without any domain name, then installed sensors to detect any intrusion attempts. This Honeynet recorded 334 attacks in its first month of operation. |
| May 2002 | Blanchardstown base | Symantec Security Response moved its European operations from the Netherlands to its parent corporation’s facility in Blanchardstown. The organisation had previously been known as the Symantec AntiVirus Research Center.
The Blanchardstown group replicated an infrastructure at Symantec’s base in Santa Monica, California, equipping it to undertake proactive research, analyse suspicious code, publish virus definitions and provide security advice to customer organisations. |
| June 2002 | Encrypted e-mail | EuroKom launched CryptAll, a hosted service for encrypting its customers’ e-mail. Users could exchange secure messages with other CryptAll users through the same interface as their non-encrypted e-mail.
The enabling technology came from a Dublin-based development company, also named CryptAll, in which EuroKom later bought a minority shareholding. |
| July 2002 | Kranos Security Technologies | Terry Wymer founded Kranos Security Technologies, a developer of workflow applications that used encrypted communications and digital signature technology. Its first product, BrokerMate, provided secure document management for banking and insurance brokers. |
| July 2002 | Sentryst | IT security software specialist Fulcrum Distribution changed its name to Sentryst following its merger with the UK arm of Entropy, its former parent. |
| August 2002 | DaonEngine | Identity management software developer Daon announced its DaonEngine platform for physical and digital security. The system provided a full infrastructure for recording and verifying user identities, including support for biometric authentication techniques.
Founded three years earlier in Dublin, Daon was headed by Oliver Tattan, a former chief executive of the Irish Trade Board and VHI. |
| August 2002 | Pixalert | Dublin-based BioObservation Systems named Dave McLoughlin as its new CEO. He joined the three-year-old company from SX3, where he was business development manager.
BioObservation Systems developed software that monitored all the visual content in all the applications on a desktop computer and alerted administrators if it detected any image with the characteristics of a pornographic picture. This content identification technology was the foundation of its Pixalert product suite and the company later changed its name to Pixalert. |
| September 2002 | Certificates in decline | Post Consult International scaled down its Post.Trust digital certificates management service, shedding staff but continuing to provide customer support. This development illustrated the declining interest in public key infrastructure technology, particularly for e-commerce services. |
| December 2002 | Priority acquired | Unit 4 Agresso completed its acquisition of Priority Data Group. |
1990-94: Obscure cryptographers
Ireland held the presidency of the Council of the European Union during the first half of 1990. As part of its preparations for this role the Department of Foreign Affairs purchased cryptography software from a specialist, low profile company based in Dublin’s Fitzwilliam Square. Its technology was mathematically complex and difficult to pull apart, even by other encryption experts. It would thus enable diplomats to safeguard the confidentiality of their EU-related communications. As a department official remarked to the company’s owner, ‘In your line of business obscurity is an asset.’
That company, Baltimore Technologies, was far from obscure in later years.
In 1990 Baltimore had already established a reputation in certain corners of European data networking and telecommunications, mainly for its software development and consulting activities. After a split in its management ranks, however, the company focused more narrowly on network security issues. Public key cryptography and stream encryptors were its core competences. Baltimore was closely linked with academic research in these fields and its owner, Michael Purser, had for many years combined the roles of entrepreneur and college lecturer. His priority now, however, was to channel the company’s expertise into commercial products.
Cryptography is essentially a matter of modular arithmetic and mathematical tricks. It employs ever larger integers to prevent ever faster computers from discovering the secret keys that have encrypted files. By the early 1990s such keys supported various types of digital signature that could protect and validate messages passing around a network. These digital signatures required a trusted certification authority (CA) service to authenticate user identities. CAs represented a product opportunity for Baltimore Technologies.
The company proposed a demonstration project to the European Commission, secured official support and set up a pilot CA in Dublin. This allowed it to analyse the effectiveness of encrypted messaging over the Euronet network, tracking communications among research institutes in several countries. After the study Baltimore won a small number of cryptography assignments from governments and banks around Europe.
Electronic transfers of confidential material from diverse computing equipment in diverse organisations to diverse locations were still unusual. Data security policies and procedures for large computer installations had evolved steadily since the 1960s, but most practitioners had continued to focus on the protection of physical computers, physical storage media and the physical environment in which they were housed.
The biggest computer centres maintained elaborate contingency plans, including special relocation arrangements with Telecom Eireann, and could move their operations into ready-to-run facilities in the event of an emergency. Some had introduced security policies for online transaction processing, using products such as IBM’s Resource Access Control Facility. Smaller organisations tightened their rules on data back-up and invested in off-site file storage.
Auditing the risks inside a computer installation was commonly associated with auditing an organisation’s financial records. IT security specialists were often based inside large accountancy practices. Few businesses had in-house expertise in this area, apart from the larger mainframe users. These included the major banks and the ESB, which had recently appointed its first information security manager.
These pre-internet methods and norms were ill-suited to the new challenges.
1995-99: Catching the worms
Until the middle of the decade it was the personal computer, not the internet, that was generally seen as the weakest link in the data security chain. PCs were easy to move and difficult to police. Passwords were seldom as confidential as they ought to be and all too often forgotten. Floppy disks with private information were casually taken out of the workplace and floppy disks with virus infections were casually brought into it.
Most of the security software development in Ireland, therefore, centred on PC administration. Products such as Priority Data Systems’ PD Secure and Rits’ PC Review reflected the priorities of the day.
When commercial internet access began to take off in the early 1990s the service providers seldom spoke about security. Most of their time was spent dealing with availability and performance issues. By the middle of the decade, though, the internet companies and their customers had become aware of two broad categories of risk.
The first arrived with the World Wide Web. Web servers loosened the established barriers between private computer networks and the outside world, posing new challenges for IT administrators. The web required them to introduce more restrictions on information access. More urgently, its potential impact on the performance of systems and network equipment demanded their attention.
Superman’s girlfriend was behind the first scare. In early 1995 the HEAnet academic network service experienced a disruptive – and disturbingly expensive – surge of traffic to a web server in Dublin City University. That machine contained a photograph of Teri Hatcher, who played Lois Lane in a US television series, wrapped in a Superman cape. This was the most frequently downloaded image on the internet at the time.
The Teri Hatcher incident became the catalyst for HEAnet, and the individual universities that used its service, to revise their network access policies and to invest in firewalls. Suitable products were just starting to appear.
Galway was one of the places where firewalls were designed. In 1994 Digital Equipment had established a development unit there for internet security products. This group focused on firewalls and subsequently created products for Digital’s AltaVista family. Meanwhile, the PC management software companies started to extend the capabilities of their applications by adding new controls on network access.
The second risk surfaced was when internet e-mail superseded the floppy disk as the most common vehicle for computer viruses.
Internet malware had been around for years. Indeed, it began to generate publicity when the internet was still confined to research community and to the US. Back in November 1988 the Morris worm alerted network administrators to the way that a computer could be infected multiple times by malicious code, slowing down its performance and eventually making it unusable.
While computer worms upset machine performance, viruses could attach themselves to software applications and then corrupted users’ files. Before the rise of the internet, viruses spread through the exchange of floppy disks, the distribution of shareware or bulletin board systems. Starting in 1999 with the Melissa macro virus, malware authors took to distributing their handiwork via e-mail attachments. Each incident that grabbed public attention, often through alarmist news reports, boosted the demand for anti-virus software. Most, though not all, of these products addressed vulnerabilities in Microsoft’s operating systems and messaging applications.
The trade in security applications accelerated as the 1990s drew to a close. The prevalence of macro viruses and the vigilance required to catch new worms were not the only security problems facing information systems managers. There were also risks associated with the rapidly approaching year 2000 – and especially with older applications that might not work properly on the first day of the new millennium. Any code that identified years with just two digits was suspect. User authentication for commercial transactions was an additional concern. So was cyber-crime. And cyber-espionage became a reality with a politically motivated attack on the servers operated by Dublin service provider Connect Ireland. The company had assisted the independence movement in East Timor to promote its cause via the internet.
By the end of the decade internet security was established as a distinct sector of the technology products trade and as a distinct skills category for IT personnel. A supply chain of distributors, resellers, consultants and support services was now in place. Companies like Entropy, Priority Data Systems, Renaissance Contingency Services, Rits and Systemhouse Technology carried accreditations from international vendors that had also grown and thrived on the back of the internet.
A few security specialists in Ireland were already offering managed services.
2000-02: Reality check
In November 2000 the Hilton International hotel chain awarded a worldwide network security contract to Baker Communications. Its staff in Dublin would use Lucent’s VPN Firewall Brick technology to configure and manage firewalls on Hilton premises in 110 locations around the globe. The company already provided centrally managed internet security to around a dozen private networks in Ireland.
The way to deliver protection for computers in the new millennium would be through the internet. Baker Communications was not alone in embracing this model.
EuroKom had built up a customer base for protected e-mail services and was supporting all of the country’s local authorities and several government departments. Hush Communications made encryption a core function of a managed e-mail service. Buytel launched Voicevault, a verification service that identified people by their voice over the internet or the telephone. Voicevault was designed for worldwide availability, using interconnected and mirrored systems in different locations to identify a speaker anywhere in less than half a second.
By now, however, Baltimore Technologies was Ireland’s digital security giant. The company had grown rapidly since a change of ownership in 1996. This came about after the firm landed a contract with a bank in Geneva. The bank introduced it to Dermot Desmond, a Dublin-based financier who had funded a succession of software product ventures. He proceeded to invest in Baltimore and assembled a new team to market its CA technology in the guise of a product called UniCert.
The company’s strategy now assumed that digital signatures were about to become ubiquitous on the internet and that any developer which dominated the market for the enabling technologies would reap massive rewards. It therefore acquired rival products and firms with complementary capabilities, hoping to propel itself to the top of the trade.
Baltimore Technologies reported annual revenues for 2000 of $110 million, much of which was generated by recently acquired businesses. In early 2001 the company employed 1,200 people in 38 cities around the world. It also announced net losses for the year of $138 million. Those figures were a sign of the times. Baltimore had reached the peak of a boom-to-bust trajectory that other internet technology vendors followed in those years. The downslide that followed was a harsh reality check. By the middle of 2001 it had started to shed personnel and was seeking buyers for some of its business units. In 2003 it completed a divestment programme by selling off its core technology for certification authorities.
Other companies that majored in encryption, digital signatures or identity management saw their fortunes decline as well.
Dublin-based Software and Systems Engineering (SSE) was part of Siemens. The company had focused on online access rights after it discovered that its previous speciality in OSI applications development was no longer viable. In 2000 Siemens repositioned SSE as a global centre of competence for secure e-business. Less than two years later, though, it offloaded the operation to a security software firm in Munich.
Danu Industries, which built applications based on encryption algorithms from a sister company in Moscow, shut down in 2001. So did Viasec, a Donegal e-mail encryption company that had opened offices in London, Munich, Boston and San Jose to sell public key infrastructure applications.
The most ambitious online identity management initiative of these years was not a commercial venture. It aimed instead to create a common access route over the internet into the services run by government departments and state agencies. This ‘public services broker’ concept also envisaged secure data sharing across multiple services.
In 2000 the government entrusted this project to a new agency called Reach. It soon became evident that the development of the broker would take much longer than originally planned. Reach scaled down the project’s operational objectives and technical complexity accordingly. In 2007 a Special Report by the Comptroller and Auditor General found that only a small number of services had actually used the public services broker.
The turn-of-the-millennium carnival of internet-based empire building had come to a halt. The future belonged to modest, sustainable online security ventures and projects rather than big-spending dealmakers who wanted to rule the world.
Last edit: June 2016
© Newsmail 2016