BCS Information Security Specialist Group Celebrates its 40th anniversary

At a packed event at BCS’ London office, the Information Security Specialist Group marked its 40th year of success with a celebratory afternoon themed around cyber security’s past, present and future.

The interactive and vibrant gathering saw past ISSG chairs, committee members, special guests and BCS staff exchange memories, insights and opinions. Enjoyable and bright, the guests and speakers also offered robust technical insights about how key security lessons learned yesterday hold just as true today.

‘Security is unique,’ said ISSG Chairman Steve Sands CITP MBCS. ‘It touches every part of IT. The ISSG is the largest of the Specialist Groups at BCS. That seems right – and it should be bigger. We have around 3000 members, or, 5% of the total BCS membership.’

Continuing, he said: ‘Certainly, technology was different 40 years ago but the core principles that underpin Information and Cyber Security haven’t really changed.’

The early days

The ISSG was founded in 1983, a year before BCS received its Royal Charter, and was originally called the BCS Computer Security Specialist Group. However, and perhaps a sign of the times, the group’s creators David Lindsay and Phil Phillips found that a specialist group focusing on computer security was initially a hard sell.

They persevered, achieved the then British Computer Society’s buy-in and grew the group to one that, during the 1990s, became an increasingly influential voice in the quickly emerging computer security industry.

Today, cyber security is a booming global business in which the ISSG continues to be an audible and impartial voice, and the specialist group is often quoted by national news organisations looking for timely and trustworthy comments on breaking security stories.

Summing up the group’s timeless focus, Steve told the audience: ‘We’re about education, awareness, professional standards and professional development – helping ISSG members with that professional challenge of doing the job and being as good as they can.’

A critical place in society

‘For me, security is the foundation of IT,’ BCS CEO Rashik Parmar told the audience. ‘Without security, you can’t use IT – we can’t be safe... If I think about how security looked in 1983, about where we were when [the ISSG] started, IT security was very different. We wouldn’t have dreamt of the vulnerabilities we see today and how critical national infrastructure is dependent on IT security… How nation states can use computers to influence political agendas – how states can wage war [digitally].’

Offering his thanks to the group’s past and present volunteers, Rashik said: ‘The work this group does is foundational. I can see the group here being critical to IT for a long time to come.’

Old but still new

‘I started in computing in 1962,’ said Phil Phillips, the group’s second chair and an IT professional who — at the time — worked under the shroud of government secrecy (there are aspects of his work then that he is still unable to talk about). ‘In the 60s and 70s, computer security was easy. Computers were too big to steal, they didn’t talk to anything else and their rooms were built of solid concrete blocks, often forty feet underground. Nobody caused any security problems, only the odd spy.’

In computing’s earlier days, Phil explained, computer security was defined as being all about confidentiality, integrity and availability (CIA). Indeed, this was the definition included in the group’s 1983 written constitution which, along with a trove of historical documents, Phil assembled for guests to explore.

Far from being forgotten, these three words still resonate with security practitioners today. They are known as the CIA triad – an information security model designed to protect sensitive information from loss or damage.

‘Back then, confidentiality was the important thing,’ Phil explained. ‘We didn’t worry too much about integrity or availability. The only serious players in the security business – at the time – were Her Majesty’s Government and banks, which were gradually growing to feed ATMs. There wasn’t much security about — not much was being done.’

Solving the future

Turning his eyes to the future, and agreeing with Rashik’s observations about IT’s ubiquity and criticality in society, Phil offered his own conclusion: ‘I think there’s a growing threat, one which we need to be aware of. That’s the cross-fertilisation of AI and quantum computing. Quantum might still be germinating but, it will come.’

Looking to the future too, BCS President Gillian Arnold FBCS said: ‘I think it’s important that we focus on bringing young people into the industry. So, I’m going to offer two challenges: bring in the youth and bring in young women. We’re missing 500,000 women in tech. 57% of companies are saying, “we can’t find the skills”... There are 500,000 people who need to be made excited about technology.’

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

Continuing, she explained: ‘I recently visited the Lovelace Colloquium, which is organised by BCS Women. We saw two hundred young women, undergraduates and PhD students... They listened to women talk about their careers in IT – about how exciting, amazing, unbelievable and driven these careers have been. We need to enthuse young people in the same way.’

Picking up Gillian’s challenge, Microsoft’s Chief Security Advisor, Sarah Armstrong-Smith FBCS delivered the event’s keynote — a talk called Back to The Future. In the session, which will soon be available to watch online, she explores technology’s recent past and uses it to explain the present and future of security.

Panel discussions

During a series of panel discussions, ISSG members offered their considered views on key IT security trends and topics. The discussions were broad, but key themes did emerge. Firstly, speakers called for children, from a very young age, to be taught about digital privacy in schools. They also emphasised the importance of teaching the fundamental building blocks of computing, which BCS embraces through its work with the Computing at Schools (CAS) network and its contribution to national education policy.

The IT industry’s relentless pace of change was another key theme. Here, ISSG members acknowledged that AI will prove to be a tool that can help security practitioners make sense of the data tidal wave that modern networks produce. But even with AI at their side, professionals still need time to think and reflect.

‘Security needs critical thinking, ‘ said Tim Williams. ‘We need critical thinking about humanity’s relationship with technology. Yes, we can use the technology... But, being in information security is all about understanding the human-technology relationship.’