COMMUNITY-WIDE, COMPUTER-ASSISTED COMPARTMENTATION CONTROL SYSTEM
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP85-00966R000100050013-7
Release Decision:
RIPPUB
Original Classification:
K
Document Page Count:
15
Document Creation Date:
December 12, 2016
Document Release Date:
December 27, 2001
Sequence Number:
13
Case Number:
Publication Date:
July 28, 1975
Content Type:
MF
File:
Attachment | Size |
---|---|
CIA-RDP85-00966R000100050013-7.pdf | 519 KB |
Body:
Approved For Release 2002/01/11: CIA-RDP85-00966R0001 0074
VITO
28 July 1975
MEMORANDUM FOR: Chairman, Security Committee, USIB
SUBJECT Community-wide, Computer-assisted
Compartmentatipn Control System
1. The attached Report is considered to be worth
serious consideration as a step toward relieving the many
problems connected with an ever growing appetite for com-
partmented information and the control thereof.
2. Experiences over the past year have shown that
those of us with no computer expertise have actually slowed
the process of creating this Report. If the decision of the
Security Committee and USIB is to build this system, I
strongly urge you to recommend that the Project Manager be
a person with a strong computer background.
STATINTL
__________________________
Cha rmanP.ON o rking Group
ce c/ssc
Apj~re4e' 1f r)elease 2002/01/11 : CIA-RDP85-00966R000100050013-7
28 Jule 1975
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
MEMORANDUM FOR: Chairman, Security Committee
UI3JECT Working Group Report
Computer-Assisted Compartmentation
Control System
The working group tasked. to develop requirements of a
cost-effective computer-assisted compartmentation control
system, having completed its assignment in accordance with
USII3 D-9.5/16, 30 October 1974 and your instructions of
November. 1974, herewith submits its report.
Respectfully
STATINTL
Approved For R
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
SECURITY COMMITTEE
Requirements for a
Community-Wide, Computer -Assisted
Compartmentation Control System
(July 1975)
Security Committee Task XI- I
Attachment:
Supporting Facts and Observations
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Resort of the Working Groteof the USIB Security Committee
on Requirements fora Comr unit -Wide, Computer-Assisted
Compartmentation Control Systemm
1. Introduction
This report was prepared by a Working Group of the Security
Committee of USIB with representation from CIA, Chairman, DIA,
Army, Navy, Air Force, NSA, State and ERDA. The FBI and
Treasury declined participation although they expressed interest
in the study.
The report satisfies requirement of a task by the Security
Committee in November 1974 to conduct a study of the intelligence
community's requirements and devise a concept for a viable cost-
effective procedure to assist in control of compartmented accesses.
The Working Group first assembled requirenlent~s of the
community members and then submitted a statement of needs to
system design personnel in CIA and DIA for independent feasibility
and cost studies. The Working Group examined DIA and CIA
proposals and selected a DIA design which the Working Group calls
the "Community- Wide, Computer -Assisted Compartmentation Control
System" (4C).
2. Discussion
A. The recommended 4C system consists of a dedicated
mini-computer containing a central data base of intelligence community
access approvals. The proposed system would be developed in two
phases: the first phase provides on-line-remote update and retrieval
capabilities within Washington area headquarters offices only; the
second phase permits an on-line expansion throughout the United
States. Once implemented, the system would allow participating
activities direct access to sensitive compartmented information (SCI)
access approvals for most intelligence community personnel in a
timely and efficient manner.
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
(1) Benefits from the recommended 4C system as opposed
to maintaining existing separate systems within the intelligence
community include:
a) Improvement of overall efficiency through
uniformity of approach for security handling within
the intelligence community.
b) Cost advantages result which are unattainable
using existing individual system to achieve the 4C objectives.
c) Significant reductions in the volume of clearance
certification message traffic inter- and intra-participating
organizations.
d) Continuous rather than limited incumbent and
billet access verification by Special Security Officer (SSO)
facilities.
e) Elimination of need for permanent certifications
among participating services and agencies.
f) Significant time savings for outlying Special
Security Officer sites supporting major headquarters and
subordinate elements having high volume in personnel and
billet access requirements.
g) Elimination. of need to contact multiple sources
for individual billet access approvals.
(2) Specifically, the recommended system:
a) Meets the basic objectives as set forth by the
Chairman, Security Committee, which are:
1 Permit rapid verification of current (and
future) SCI access approvals of individuals by any
intelligence community organization participating
in the system;
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
2 Provide access control and accounting
mechanism for intelligence "bigot" lists and
"bigoted" programs/projects;
3 Eliminate individual SCI access control
systems within participating organizations.
b) In pursuance of the above objectives, the recommended
4C system provides the following capabilities:
1 Offers participants an on-line query
capability using cathode-ray tube terminals (CRT)
and remote batch terminals (RBT).
2 Meets the common requirements of all
member organizations for control and management
of SCI access, and the DoD SCI billet structure.
3 Provides a "suppression" capability that
will conceal, at the option of the inputting organization,
the access authorizations and/or the existence of an
individual's record from other participants.
4 Offers features for controlling the access
of contractors, foreign personnel and others for
whom "need to know" or release authority must be
established prior to each access certification.
5 Can be expanded throughout the United
States and eventually overseas, if desired. (See
Attachment, paragraph 1)
6 Provides an on-line and hatch update
capability from remote locations and a complete
audit trail to permit trace of all record changes
to initiating organization.
7 Offers a record of access queries to the
system.
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
B. A system designed in accordance with the 4C -User
Requirements Design Concept is technically feasible using either a
large scale computer or a mini-computer. The recommended mini-
computer system offers more advantages than the large-scale computer
system-(See Attachment, paragraph. 2).
C. Estimated costs of a system are outlined below. Costs
cited are based on dedicated secure communications lines. Any
existing secure communication links which can be used will reduce
implementation costs. Detailed cost estimates for the below described
mini-computer alternatives were derived from the DIA feasibility
study.
(1) Minimal System
STATINTL
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
STATINTL
D. The 4C system is highly cost sensitive to the. requirement
that it be encrypted. The rationale for this requirement is discussed
in Attachment, paragraph 3.
E. Time to fully implement the system within the Washington
area is estimated to be 18 to 30 months from time of USIB approval.
The longer period considers the normal times required for require-
ments analysis, system design., interagency coordination, bid request
preparation/publication, vendor response preparation, vendor selection
and contract award, softwa.re development/equipment receipt and test,
and system testing and training. The shorter estimate assumes extra-
ordinary measures can be taken to compress the schedule. These
might include: commitment of additional in-house systems analysis
and design personnel, appointment of agency representatives with
* R4C indicates that members of the intelligence community were
interviewed to determine what equipment each agency would like to
STATINTL have in their terminals to do an adequate job. The exact breakdown
of ecui ment suggested by each member was then priced to arrive at
figure.
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
plenary acquisition authority, and expeditious provision of necessary
funding. It also assumes procurement of KG-13 crypto devices from
existing stockpiles or diversion of KG-34 devices (lead time is about
two years) from other projects or programs. The relatively long
period to achieve operational status within only the Washington area
is a disadvantage that would accompany the development of nearly
any automated on-line system embracing the requirements of
multiple organizations and requiring the procurement of hardware,
particularly the cryptographic devices.
F. Achievement of the objectives set forth by the Security
Committee for creation of a community-wide system by linking
together the existing systems of intelligence community members
was not considered cost-effective or feasible. A discussion of this
alternative is in Attachment, paragraph 4.
G. Savings might be derived through implementation of the
4C System (Attachment, paragraph 5).
3. Conclusions
A. The 4C System proposal satisfies the tasking requirements
of the Security Committee.
B. The 4C System would be cost-effective in consideration
of an increase in security, savings to be achieved through elimination
of separate systems, and capability to handle growth rate.
C. The approximate initial costs of the R4C System with
preferred terminals would be (with a possible variance
of plus 20% to minus 100% for implementation within the Washington
area headquarters sites. Approximately one-half of this amount
would be devoted to the purchase of desired terminal equipment for
intelligence community organizations a.nd one-half to equipment
procurement and software design for the central facility.
STATINTL
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
4. Recommendations
A. That the Security Committee propose adoption of the
R4C User Requirements Design Concept as an intelligence community
requirement.
B. That, in order for the system to operate as envisioned,
at least one terminal be placed in the headquarters of each intelligence
community member at the onset of the program.
C. That CIA serve as the executive agent for the system..
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R0001OROT'T(T13I-MENT
SUPPORTING FACTS AND OBSERVATIONS
OF THE WORKING GROUP
Dedicated Communications Line Costs
These costs are not system sensitive within the Washington area
and may not be so within CONUS. However, at the point of overseas
expansion of the system they will certainly become so. At that time
the feasibility of linking overseas terminals through then existing.
switching systems should be addressed.
2. Ana_Iysis of Relative Merits of Large Scale and Mini-Conputer
in the Implementation of the 4C Sjstem
A. Large Scale Computer:
(1) Advantages
a) A one-third part of a large scale computer is
tentatively available at CIA Headquarters for the
application. Cost would be approximately $3, 000/month
for rental of peripheral devices. ($36, 000/year or
$288, 000 for 8 years, )
b) CIA software (GIM) and software knowledge
and expertise would expedite system development by
an estimated ten months.
(2) Disadvantages
a) Available (GIM) software cannot provide both
a "suppression" capability and a capability at remote
terminals for programming of output products.
b) "Spillage" of file data possible due to mixing
of 4C System with other non-related applications
possessing their own sets of terminals.
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
c) Backup capability is unknown. It would
require commitment of additional CIA hardware or
at least assignment of a precedence to 4C sufficient
to permit it to displace other applications on other
hardware. (This requirement represents some as
yet undefined commitment of additional resources.)
d) Expansion potential is uncertain. Other
systems sharing the computer will compete for
available capacity as each system expands. Once
the'large scale computer is saturated, there is no
capability for adding small increments of capacity.
B. Mini-Computer
(1) Advantages
a) Security maximized by not mixing file with
other applications having separate terminals.
b) Backup capability achieved through use of
two mini-computers, a dual processor. Both contribute
to normal operations; however, if one fails the system
response is degraded, but it does not cease to function.
Under normal conditions one mini-computer (processor)
would support on-line query operations, and the other
would support batch operations.
c) Capacity of system can be readily expanded
when operations dictate this step by purchase and
installation of an additional mini-computer and disks.
d) The administrative problems of competing
priorities with non-related systems sharing the large
scale computer are avoided.
e) A "suppression" capability is possible
without the sacrifice of any terminal. programming
capability.
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
(2) Disadvantages
a) Greater initial outlay of funds required.
The $226, 707 required for the mini-computer hardware
at the central site would exceed the rental charges
associated with the CIA large-scale computer until
approximately five years of operations.
b) Software preparation will take more time
due to the lack of an off-the-shelf or a government-
owned existing system that will completely fulfill
system requirement. If the "suppression" capability
remains a firm requirement, the time disadvantage
of the mini-computer disappears as does software
cost disadvantage (up to $200, 000 for mini, something
less for large scale).
(1) Time required to procure any additional peripheral
equipment needed for the central system; encryption devices,
and terminal equipment for remote sites would presumably be
the same as for procurement of the mini-computer hardware;
i. e. , time for full implementation would not be appreciably
shorter than for the mini-computer alternative.
(2) The mini-computer alternative for implementation
of the 4C concept would produce a superior system, for about
the same amount of money and time than the large-scale
computer alternative would require.
3. Reasons for System Encryption
Classification of the systern at a level of CONFIDENTIAL is
in accord with current community usage for extensive collections of
security access data.
A. Encryption will prevent undetected, unauthorized
introduction via line taps of spurious responses to terminal queries
and will prevent modification of the data base via similar means.
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
B. It will prevent intercept of batch products; e. g. , large
access rosters that would aid a hostile spotting and assessment
effort or DoD SCI billet rosters from which significant order of
battle information could be derived.
4. Modification of Existing Sv teni_s to Attain "Bigot" List Control
and Rapid Access Verification Capability
After examination and discussion with qualified data processing
systems personnel, this course of action was discarded by the Working
Group. It would require as much or more effort in software develop-
ment than would the development of an entirely new system. It would
take about as' long to complete. Major software modifications would
be required for the systems supporting each agency /department.
Report and conversion programs would be needed to channel. data to
a central system, presumably a modified CIA SPECLE or SPECLE II.
No economies of scale or volume would be achieved in such a "patch
work" system, and if future modifications became necessary their
cost could be multiplied by the number of different existing subsystems
in the network. Such a "system" would suffer from the deficiencies
that exist within each of the component systems in timeliness of
input, data accuracy and, to some degree, information available.
Time required for full implementation would likely equal that for
the 4C concept.
5. Summary of AreasFrom Which Savings May be Derived Through
Implementation of the 4C System
Current system operating costs are difficult to specify since
most operate on a time-sharing basis using in-house computers. For
most participants it is reasonable to assume that computer time devoted
to security support applications will be significantly reduced by the
transfer of operations to the 4C System. Due to the unique require-
ments of certain participants, they will continue using their existing
systems, thus, somewhat reducing the potential for savings. No
direct security personnel cost reductions can be predicted. Difficult
to specify but certain cost savings will be achieved through reduction
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
Approved For Release 2002/01/11 : CIA-RDP85-00966R000100050013-7
of access certification message traffic, reduction in the number of
times which identical information is input to different data bases,
decreases in time lost due to visitors awaiting access verification,
and savings in security processing.
Approved For Release 2002/01/11 C -RDP85-00966R000100050013-7