INTELLIGENCE INFORMATION HANDLING COMMITTEE MINUTES OF FOURTH MEETING, 15 JULY 1968
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP79B00314A000300070002-0
Release Decision:
RIPPUB
Original Classification:
S
Document Page Count:
5
Document Creation Date:
December 16, 2016
Document Release Date:
December 21, 2004
Sequence Number:
2
Case Number:
Publication Date:
July 17, 1966
Content Type:
MIN
File:
Attachment | Size |
---|---|
CIA-RDP79B00314A000300070002-0.pdf | 377.7 KB |
Body:
Approved For ase 2005/02/14: CIA-RDP79B00314W0300070002-0
1HC-M-4
17 July 1968
INTELLIGENCE INFORMATION HANDLING COMMIE
Minutes of Fourth Meeting, 15 July 1968
Members or Representatives Present
Chairman
DIA
CIA
NSA
State
Army
Navy
Air Force
F31
AEC
Secretary
others . Pre sent
Secret Service
(Observers)
X HC Support Staff
ID YA - 171
CIA - 63
ALT Force - 3
Navy m S
State 0 5>
ACDA 2
AEC 13
F3I c 14
NSF 4 I.
Army S
NSA o ~&
NPXC m 5L
25X
25X1
GROUP I
Excluded from automatic
downgrading and
declassificatiouo
Approved For Release 2005/02A4.C14. 9B00314A000300070002-0
Approved For Sase 2005/02/14: CIA-RDP79B00314 0300070002-0
S-E-C-R-E-T
25X1
25X1
25X1
25X1
who served as Executive Secr etarTy for C?DX39 introduced The new
Executive SecMtery and the other five meebers of the Support Stofff
who were pwasento was the only a mbar
who was absent.
L. Introduction of the XHC Su ort Stafff P1embers.
2. l3riief iina b
a. I acknowledged introduction and
granted on the size of the committee (approx ately 1135 people
were present).
b. In his prelimiircaary ccoa nts Q emphasized
that the views he would present were not those of on official
government agency,, He urged the attendees not to make operational
decisions based on this talk. The concept of remote access
camputiing was briefly introduced and cited as a major influence in
this security Investigation,,
co then presented a series of viewgraphs which
portrayed the potential security problems in a system which has
remote consoles9 a switching computer,, and a processing computer
along with standard components such as communication lines 9 files 9
software 9 etc. He ccoamr rated at stn length also on the capabilities
of the people In the network to violate the security of the systems
Inn canting on the various security violation areas and how they
are being handled9 0 suAmariized present progress by saying
that physicall9 personal9 communication9 and radiation security were
well in hand. He said that this left the areas of hardware, soft-
were, and procedures to be considered by his task force o
25X1 d, 0 then spoke of the task force he chairs and
its mission. He said that it wes tere'd to identify haredware 9
software 9 and system procedures security problems and to recommend
technical solutions. The task fforcen originally under ARPA9 is now
under the Defense Science Board, There are two panels ?o a Technical
25X1 Panel under of Case Western and a Doctrine Panel
under The former addresses what special
characteristics hardware and software should have in a computer
central. This panel was also concerned with Interface problems
between communications and termiinalls 9 and between communications
and processerso The Doctrine Panel is concerned with prrocedures9
what is the role of the security man 9 what to do in case of a
security violation and so ono
e a said that each panel at this time has
25X1
prepared a draft position paper. He emphasized that no one knows
how to handle all of the security problems In these complex systems.
Amon
/ ppro?eed poreOelease 0~5 ~4 :bC1A 7WB003 4A0003a~y ~007000 he cited
25
25X1
25X1
25X
Approved For lase 2005/02/14: CIA-RDP79B003141 0300070002-0
the cost to an agency of using such a system. Operational
degradation through using a security system was another effect
which could not be predicted. In determining the scope of the
25X1 problems to be solved, I I suggested implementing a few of
these systems and learning from experience o He stressed the need
for system adjustment and feedback to the task force on whiioh
operational decisions were effective.
f. The rol ? of the security officer in these systems
25X1 was emphasized. The
suggested that the security people
had to be trained in systems and EDP concepts. He sees the security
officer as the security monitor in such a system, hence the need
for extensive training and orientation.
go In ca a ntiang on the s stem design which will be
set forth by the task force, an
sold that it will be
sufficiently general for all federal egencies with the need for
such a -apabilitya It will not be tailored to DX, CX, or any
other ccmponerata As a consequence the system suggested by the
Task Force must be adopted to that set of problems faced by the
implementing agancya He also sussed that the system must be
maintainable. In order to avoid the cost, clearance problems,,
inconvenience, and iincom stability of developing system software
25X1 at each iinstalllation9 II said that the task force proposed
to supply procedures (at the SECRET level or lower) which will be
.particularized by the using agency to suit its needs,
25X1
25X1
25X1
25X1
ho A second ma j ors role for the security man 25X
said, would be the establishment of parameters which9 when combined
with these general procedures, would result in the requisite
security software. He emphasized that the security officer must
be the watch dog in the system9 coping with violations and deciding
the extent of a breach in security,
io then spoke of an area which was not within
the purview o his task. force, ioe,, the administrative problems
in establishing mutually acceptable procedures and regulations,
He feels that standardization coil! l be the inevitable outcome of
setting common procedures for security in EDP systems, In this
context9 he stressed the danger in agencies adopting official
positions too early In the establishment of regulations since they
may have great difficulty in retreating from these positions as time
and experience provided better insight.
j. then called for questions. The first question
posed the problem o seduritty on consoles in uncleared space,
in answering this question, spoke at length on
the problem of privacy versus security. After a week?s deliberation
at S~ or a 0~ ~~14cP - 7 1 0~ ~ `16 2t art
25X1
25X1
25X1
S-E-C-R-E-T
Approved For
se 2005/02/14: CIA-RDP79B00314 0300070002-0
PW -4-
could not solve the problem of protecting the security of data in
a remote access system against deliberate acts of penetration.
Therefore his Task Force assumed that consoles, hardware, and so
on are located in a non-hostile environment. Otherwise, he
confessed, the goals of his Task Force are not achievable with
today?s technological developments;
The second question addressed the problem of setting up a
remote console room which would be used by many system users, It was
asked who had done work in this area,
indicated that System Development Corporation was
doing some work in this area with ADEPT-50. Also DLA has ideas
on file access control for ANSRS o He suggested that initial
systems should have security protection which is a bit too strong;
lie feels that redundancy checks are desirable until experience
dictates otherwise, in support of this he pointed out that users
are never quite sure when hardware or software is completely free
of errors which have been there since the system was built.
Another questioner probed the problem of how much extra
protection can be tolerated,
The fourth question also addressed security at consoles.
felt that the question related to personal security.
He went on to point out that it may be desirable to establish
different security controls depending on whether the console user
is simply searching files or whether the user may also develop
programs on that console to manipulate files. He pointed out that
debugging programs may violate security safeguards quite accidentally.
The fifth question was about industry's role.
said that to date, lhdustry had not participated In
Task Force deliberPatiions0 He feels- however, that industry will
soon be faced with requirements and so should be aware of what
the Task Force was rPecommendi ngo So far as he is concerned, no
mmber of industry is capable of supplying a secure system at this tin
The sixth question related to commercial interests,
25X1 indicated that the procedures involved In running
separate systems is uneconomical and so defense contractors are
interested. He went on to say that government got into the picture
r regarding the design of secure systems at about the right time;
The seventh questioner expressed a need to fix on procedures
and security standards now,
25X1
I Isaid that his Task Force Is attempting to provide
guidance to system developers In a similar position, e.g., ADEPT-50
and the AF Satellite Control Facility-at Sunnyvale.
Approved For Release 2044 *RDP79B00314A000300070002-0
Approved For se 2005/02/14: CIA-RDP791300314 0300070002-0
S-H-C-R.E
S
The eighth question was about dlstributi
papers,
be decided Thursday (18 JaLy)d He, said that he would be happy
to hear from people, concerned with th6 problem but did not wish
to. hear from those interested in portinaythg an official position
of their parent agehcjio
The ninth questioner asked if the technical panel was
designing a monitor.
indicated that distribution of position papers, will
said that he had not read the current draft from
the technical. pahelo He feels that the panel will establish
perforrxsnce driteria for the monitor at a general level. Detailed
specifications may come- from a reconstituted panel. Howev;'er s he
wo al_d prefer that to l installations handle the del:ailsa Hardware
d a ls, h?wever, will probably be handled by vendors.
The last question related to conflicting procedures regarding
the sanitizing of disc surfaces*
answer was that he had heard that triple writing
of random streams constituted a secure erase of the disc surface?
.However, there was disagreement on this..
This concluded the meeting. (A tape recording of the meeting
is available in the IIC Support Staff office, Room 2E49, Hgsa) o
25X1
S.E-.C-R-E-T
Secretary
Approved For Release 2005/02/14: CIA-RDP79B00314A000300070002-0