Friends reunited

Powered by SC Magazine
 

Former members of the Royal Air Force hold senior IT security roles at many important UK organisations. Ron Condon meets the ‘Rafia’

British Prime Ministers always used to come from Harrow or Eton, while senior civil servants are traditionally Oxbridge-educated. But when it comes to the higher echelons of IT security in the UK, it seems you just can't move for people who got their training in the Royal Air Force.

Whether you look in banks or building societies, government establishments, retail or even the record industry, the chances are you'll meet people in senior roles who learned about security in the service of their country in the RAF. So what is it that created this unofficial network of people that some have jokingly dubbed 'The Rafia'?

SC Magazine got a chance to find out when Martin Smith, head of The Security Company in Bedfordshire (and a former squadron leader), offered to gather some of his old acquaintances together for a reunion lunch, and to discuss their early experiences. And so on 14 October, we all met up at Smith's offices for the first Rafia Lunch (complete with menu bearing the image of Marlon Brando in his role in The Godfather).

The former servicemen were soon explaining what it was about their RAF days that had equipped them for high office out in the commercial world.

Steve Jackman, now head of security risk for Barclays Bank, summed it up for many: "In the RAF, you have to make decisions quickly and I think that is appreciated in the commercial world. You also learn to talk to people at all levels, from senior officers, down to the clerks and the office cleaner," he said.

"The RAF required a great deal of pragmatism and, because IT security was new, a lot of negotiation and awareness, all of which gave a good grounding for developing in the profession."

Many of them were involved in determining the early IT security policies and procedures that the RAF initially developed for its own purposes, and then fed out to the other services. And, like Smith, most of them had been employed in the Provost arm of the RAF, a combined force covering police and counter-intelligence duties.

In the days before the Berlin Wall came down in 1989, most of the activity was directed against the Soviet Bloc and potential military espionage. And with the introduction of desktop computers and networks to handle information, the force needed to develop standards fast to manage computer security.

Several of those present played a large part in those early developments. Bill Mitchell, now head of IT security awareness at BAA, recalled: "With standalone desktop systems, we realised we needed to put security around them, and designed our own courses, which became Compusec 1 and 2."

Part of the challenge, as he discovered, was in convincing people they should treat computer data with the same care and respect as paper files. This was thrown into sharp relief when in 1991 an RAF officer lost a laptop containing the full battle plans for the first Gulf War.

Mitchell took part in the investigation, which ended happily when the culprit – a self-confessed "patriotic thief" – returned it. On another occasion, Mitchell investigated a senior officer who had left a PDA with masses of sensitive data on it in a plane when he was travelling. "It was an uphill struggle, but enjoyable," he recalled.

At the time, the RAF was following the Orange Book, the standard for trusted systems developed by the US Department of Defense. Smith and a team took charge of developing it for British use.

They had to make a lot of it up as they went along, he admits, and in 1988 he got a few people together for lunch at RAF Brampton to discuss the idea of creating some new standards. "The people who wrote BS7799 were at that lunch – such as David Lacey, who was then at Shell," he recalls. The meeting produced some of the ideas that he and others went on to develop for the introduction of computer networks and office automation. "We were turning the theoretical Orange Book into something that was not only operational, but also affordable," he said. "We were right there at the beginning, and much of the stuff we do today, I believe, comes from that work in the mid to late 80s. I don't think any of us at the time knew what was going on. We were just taking the process and procedures we'd had for decades for the written word and translating it to the electronic world."

Also on the team was Bill Pepper, now director of security risk management for CSC, who reckons the RAF prepared him and others well for the commercial world. "We got a breadth of experience, and in the culture of the RAF security was second-nature," he said. "The trouble is that many IT security people don't understand the broader issues."

Furthermore, IT security in the RAF continued to develop during the 90s, ahead of many of its commercial counterparts. According to Terry Cairns, who now heads physical security at Vodafone. "In the late 90s, there was a move away from strict risk avoidance towards risk management," he said. "Instead of having a set of procedures for each activity, as we'd had before, we switched to a matrix of threats and risks."

The skills he picked up transferred well to the commercial world, he says, and are appreciated by senior management. "We can explain the risks and manage costs much better," he said.

No wonder then that those sitting around the table had found senior posts in the police, Rolls-Royce, Cable & Wireless, Johnson Matthey, Barclays, Next, the NHS, BAe, Boeing, Prudential and UBS. But what about the future? Is the RAF still producing well-rounded people to fit into commercial roles?

"You have to remember," explained Mike McLaughlin, director of security for Rolls-Royce, "that in 1992, the RAF had around 120,000 people in it. The force is now down to 50,000."

Nevertheless, most of those present said that they would look favourably on applications from ex-RAF people for IT security roles. Indeed, some already had CVs of those on the point of leaving the force. It looks as if the Rafia will continue to exert an influence in IT security.

And they might need to book a larger room for next year's lunch. n

Copyright © SC Magazine, US edition


Friends reunited
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1514

Vote