FY 1986 RESEARCH AND DEVELOPMENT PROGRAM

Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 3egistry S-E-C-R-E-T 15 September 1983 MEMORANDtM FOR: Chief, Planning Division, O DDS&T _Iffff DDA Planning Officer SUBJEECT: FY 1986 Research and Development Program /OV_a L REFEREIE: Your Multiple Adse Memo dtd 4 Aug 83, Subject: FY 86 R&D Planning Cycle .1. The attached statements of research and development requirements for the Directorate of Administration are submitted for your review. and for forwarding to the research and development offices. 12. As you requested, we have provided fewer, broader, generic long-range requirements. For elaboration and clarification, we have included problem statements which address specific concerns within these generic topics. As in previous years, we have placed the polygraph research and development requirements in a separate category. 3. In view of the small number of generic categories submitted, we consider each category to be of Priority 1 rank. We expect multiple solution statements to be prepared for each of the generic categories. While we have tried to comply with your recommended format, we are concerned that these broad generic categories contain high and low specific priorities. To rank the generic categories against each other would undermine the possibility of needed research, should one entire generic category fail to be addressed. This approach can be used to develop a successful program only if all generic categories receive funding. 4. In order to further enhance the success of the research and development program, we encourage increased communication with the contact officers in this Directorate. We also request an updatEe on the status of the FY 1985 program. This update will help us in our review of the proposed FY 1986 program and allow our offices to identify the appropriate contacts to support the research and development projects. REGRADED UNCLASSIFIED WHEN SEPARATED FROM ATTACHMENTS Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 __'_.  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 5. We restate our interest in the Artificial Intelligence research and would like to see a proposed AI project in support of a requirement in this Directorate. 6. We look forward to the successful development of the FY 1986 research and development program. 1 - DDA Subject (w/att) - DDA Chrono (w/o att) 1 - DDA/MS Subject (w/att) 1 = DDA/MS Chrono (w/o att) Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 DIRECTORATE OF ADMINISTRATION RESEAICH AND DEVELOPMENT REQUIREMENTS o Security in the Electronic Office o Information/Communications Systems Security o Physical Security o Technical Security o Communications o General Computer Applications o Polygraph S-E-C-R-E-T Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BOl 152R001201490006-7 SECURITY IN THE ELECTRONIC OFFICE ( ONGOING ) The changes to the office environment that are creating both the "electronic office of the future" and advances in communications technology may have the greatest impact on the security threat. The electronic office explicitly includes word and data processing systems, electronic telephones and computerized branch exchanges, systems for mass storage on magnetic media, and local area networks (LAN's) that link telephones, word and data processors together. These new capabilities will certainly change how we handle intelligence information. How we protect this information can only be addressed after a thorough threat assessment. Along these same lines, advances in communications technology have the potential to change our present technical collection threat assessment. .Countermeasures to new hostile systems can only be addressed after we have taken into account what our vulnerabilities are. While technological change will create new security threats, it may offer new methodology to address both current and future threats. An all-encompassing program to investigate new technologies that have countermeasures applications against an updated threat assessment must be undertaken. Specific Topics / Projects in priority order Office Electronics Security ( ONGOING ) Destruction of Non-paper Storage Media ( ONGOING ) Advanced Telephone Systems ( ONGOING ) Office Shielding Materials ( NEW ) Low-Cost TEMPEST Technology (RESUBMISSIOiu) Device Security Profiles (014GOING) 25X1 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BOl 152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 OS TSD. Problem Number DDA Office : OS/TSD " Ot-fice Electronics Security (ongoing) Tit 11`1' (ror~:erly Office Machine Protection) Problem Descriptio ~: ip The market for new office electronic equipment is expanding so fast that it is. not possible to keep pace with the security implications of each new device that appears to save time and, money. Assuming the technological advances continue, it is extremely difficult to predict what new classes of equipment will be available-in the near future. The security implica- tions of these devices will not only include the traditional vulnerabilities, such as easy concealments, substitutions and emanations, but they-will foster new security hazards- The concept of office automation is moving ahead much faster than the security measures which need to be associated with these new machines 25X1 Time Requirement. - Security Droblems associated with currently available office machines are a serious problem already since marry sensitive areas have equipment which is not fully evaluated from a security standpoint. Similarly as ever. new equipment is developed additional study efforts will need to be undertaken promptly. 25X1 Background/R~P History/References: - Traditionally only-a few relatively simple office machines were available such as typewriters and copiers. Besides offering places for easy concealment of various types Of buys or sen sors, some have been found to produce ' Or CP.araCper ~ic_1C sigma ureS which CG`OrO===~1='-x ~...2n nt10 S can be easil Dread and, translated bacl: into p'? ain text. 0 ice o-Co---.uu:ai catlo'sls tempest testing has detected and barred such naciines from sensitive areas until they could be properly modified or cone fined. 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 Newer office machines such as word Drocessors and computer devices that use magnetic recording materials for information storage, present additional problems that have not yet been defined. The CRAFT and similar programs are attempting to consider the security problems associated with massive network systems, but have now been forced into real time, ad hoc solutions. Protection is often discussed, but if the methods of exploitation are not. kno~ti-n, it is difficult to determine what effect the protective measures will have. p25X1 Benefits/Description of Output: The primary effort should identify the classes of office equipment that may soon be developed and marketed along with the inherent security risks that each may exhibit. A study of this nature should also include the vulnerabilities to exploitation that each will offer as well as quantities of these machines that are expected to be found in sensitive areas. -This list will certainly include but not be limited to typewr copiers, word processors, and magnetic storage machines. 25X1 Once a comprehensive-list has been compiled categorical vulnerabilities by class should yield a "security profile". This information should indicate corrective action to lower the "security- pro--File" and further indicate how remaining weaknesses can be determined or detected in the field environment. The "security profile" should address the trend for having this "smart hardware" advise the custodian of tamper violations, after-hours power use, etc. Current security alarms are not appropriate for this function. 25X1 Policy/Basis Justification: The world of office machinery is quickly advancing toward the point where there will be a totally paperless society. The Dl has expresser.: a strong interest in following this trend, as it will solve the current problems of pa-o_ er document comProiFtise. However, the developing market of automated office machines does not necessarily solve the compromise problem, it merely redirects it to unexplored terr_..ory. 25X1 Sanitized Copy Approved for Release 2010/01/19 CIA-RDP85BO1152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 Problem Number -DDA OS TSD Office: OS/TSD Destruction of Non-paper Storage Mledia (New) Problem Description: M.any commercial devices and Agency unique hardware systems now contain assorted non-volatile storage schemes. RAM, ROM, EPROM, Bubble Nenory, and the total variety of magnetic storage materials have na approved method of destruction - emergency or 25X1 routine. I Time Requirement: This requirement is currently critical due to imminent deployment of data processing systems to overseas facil- Proto~type systems have been deployed and are operating. 25X1 Background/REID History/References: On degaussing of floppy and rigid discs, and various sizes of .reel tape there has been much discussion. ghat c s not been forthcoming is a declarative summary of the performance, specifications, health and safety data on an approved final or terminal destruction device for magnetic materials. 25X1 The non-volatile electronic storage components and devices that will definitely be integral com-oonents or subassemblies of systems have not been addressed. An additional concern must be a USG standard for degaussing and destruction. NSA was thought to be `h erent authority but this has not been verified to date. 25X1 7,e-efits,' escriT- ion of Output: - There should be a profile addressing the "writing" strength and density, and indicating the corresponding degausser strength and time reou l _ ed for total oeciass zflcatlon of the data. The d f rence e tween. A- dec cussing and D:, i rare-earth .magnet) ce au ssa s- ould be I?Icoh; ct"tted The Cep cits5~ he evl'' ,.. emit may be Ar- COwerec but there must be a satlsfac rv ?^G~'.'21 en ~. capability that is indepencent of host power. 25X1 25X1 25X1 c. L Sanitized Copy Approved for Release 2010/01/19: rCIA-RDP85B01152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 dominant. concern. ccnC t,S e verification capability is essential for both data storage scenarios. It, is preferred that he degatissing/destruction/verification nave routine use snot T the emergency use so that situational stress ~tiill not be a ch-s,is vi The electronic component memories will likely be di.sbursed,throughoutcr and orsasshor a ort notice emergencd be considered inaccessible destruction event. A scheme for purging these devices, possibly a recommendation on their location within a given -.ro PC~Pntlal_ ~~ 25X1 Policy Basis/d'-=stification: The Office of Security is charged with providing terminal t for the classifiedraterial destruction eetiipment appropl 25X1 at all Agency facilities. Contact : Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 Next 4 Page(s) In Document Denied 25X1 Iq 25X1 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BOl 152R001201490006-7 OFFICE: OC TITLE: Device Security Profiles PROBLEM DESCRIPTION: Data terminal and III system populations are growing and, consequently, the physical and communications security overhead to protect them is increasing. The proliferation of these devices/ systems to domestic sites (Agency and contractor) and. overseas posts places new demands on our traditional security approaches. It is becoming increasingly difficult and expensive to establish and maintain adequate security (physical and COMSEC) profiles for these systems. -- Parent room. renovations and alarm systems are costly. Maintenance and periodic inspections will remain a . resource burden. A new, innovative approach to provide and ensure adequate physical security for our IH devices/systems during and after normal duty hours is required. Methods to reduce the risk of tampering need to be developed along with methods that can alert a user that his or her system has been tampered with. We also need methods that will permit us to use IH devices securely in a signal flooded environment. -- Current methodology to test for compromising emanations requires highly skilled, scarce engineering and tech- nical talent and is very time-consuming.' New measure-, ment and analysis techniques are needed for use in the field and the engineering laboratory. Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BOl 152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 Ii4EOR1ATION/COMMUf4ICATIONNNS SYSTEMS SECURITY .(ONGOING) Research to improve information systems security must lead. to effective protection of data: (1) as it is being processed on a system or device, (Z) as it is stored on a variety of media, and (3) as it is being transferred electrically within. ne tcyorks . There must be irprovmer_ts in the sanitization of storage media that have contained classified information_ More secure data. processor designs should be a: goal- ? And., the prevention or detection. of tampering with systeB hardware - should.be. inproved? The user interface -to the system should be e m prov t-"-- authentication of, users ar_d th i e ermined ' t'a . ~ conpartinentation of date. Candidate Topics or Projects in prior Fty order. Sam; t i,atT oand. destruction of data storage media (ONGOING ) Tamper detecti on for office ADP equipment ( ONGOING ) Data base encryption ( ONGOING) User out enticaLion ( ONGOING ) Develop?-_A-_t or a device to detect and. prevent the Unauthorized. transmission of data. ( ONGOING ) Computer firmware verification (ONGOING),, 3e;ecomim.in ca cns Security (ONGOINIG) Deve.op er:t oF secure netlor?ks (ONGOING) Con taca'- 25X1 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 Problem Number: Office: OS/ISSG Title: Sanitization and Destruction of Data Storage Media Problem Description: The Information Systems Security Group (ISSG) has given top priority to research leading to ways to deal.. with erasure of data from memory devices and the ultimate destruction of the devices when the need exists. These twin problems, sanitization_ and destruction, have been of concern for a long time, but they have been treated separately. This problem statement generalizes the requirement to eliminate stored data. ISSG believes that appropriate research into-the physical processes of data storage will lead to methods and ' devices that are effective in sanitizing various storage/memory devices. This category of research-is expected to continue in order to respond to new developments. Magnetic disks. are examples of evolutionary design. Each new process or material will need to be considered. Higher coercivity materials cannot necessarily be erased magnetically by the same processes used on present disks. Plated disks, thin films and perpendicular recordi-ng will require new sanitization techniques that are based on specific research and testing. Time Requirements: There is an immediate need to determine the effectiveness of sanitization methods that are used on today's media., Continuing research will be required for new media. Background: Storage media for data processing routinely require sanitization and reuse and some types must be subjected to destruction under conditions ranging from routine to emergency. Some of the media that are based on present technology are: semiconductor memory and buffers, magnetic storage devices, and optical disks and strips. Developing technologies are likely to add new devices. Magnetic storage devices exist in a family that is represented primarily by rigid and flexible disks, bubble memories, rewriteable magneto-optical disks, ferrite cores, and tapes. Remanenceir. magnetic disks that have ostensibly been erased is a present concern. 25X1 LOA1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 Benefits: A measure of effectiveness will be established for sanitization methods. There will be greater assurance that media do not retain latent data that could be exploited by a hostile intelligence service. Policy: DCID 1/16. Contact: Off. Desi;nator/Location: C/ISSG/OS, Telephone: 25X1 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 ~-`  r: . Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 Problem Wuriber Off ice: OS/ISSG Title: Tam Der Proof Detection Design for Computer Peripheral Devices e.g., WANG OIS 250 System New Problem Description: Wang 0I$ 250 system hardware is being placed. in domestic ands overseas locations as part of the CRAFT program. - Although the CPUs will norms ly be placed in vaulted-and alarmed areas, peri- pheral devices (e g. printers and terminals) will be -'scattered :_ bjective in designing a tamper proof the o throughout worms areas.: " ._ . device is to. reduce the -risk of. hardware nompromise in hostile rovide t wi171 ff p or environatexta.. -Successful cepletion of this e an additional option -to the- current ?reuirement for volutric.:. alarms .in overseas facilities, with vost savings. The developed device'should not interfere with normal functions or Cause- endor t be d v --no service, pt?oblems. Further, this device shoul dependent,. but should be mul ti-functional. .Time. Requirement: _Ia Since the first C:IA. overseas instal tion- of the Wag_.OIS ~ ror er t ~ - p amp 250 system is expected in January 1 ;83,. s ~^Qde3 _- ibl e. device should be developed as soon as poss Background Qnts ADP peripheral devices are an-- ^ . mainteace. yL ,",;;Y devices for alarms at some overseas locations, which would result in cost savings. it may be advisable to use both tamper proof devices and volumetric alarm at some overseas. locations. Me tamper proof devices would be an excellent backup to the volumetric alarm system in high threat areas. T- 3e ossible'to substitute tamper proof z housing the periphral devices. Thl. w=1. r -t ~.. 7 ..woaa LA7~A in Luc y - - devices" is i.nstal? ation of volumetric. alarms in the work-. areas - 3 t in a si ;ai d ~ a b large quantities of data which could be captured. Y c ~.II .-. , :In. hostile ex attractive target for other. intelligence _?ser-vices because-- of :the 7 - t~hni Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152RO01201490006-7 225X1  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 Policy: DCID 1/16. Contact- 4 Off. Designator/Location: C/ISSG/OS, Telephone: 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 Iq Next 2 Page(s) In Document Denied 25X1 25X1 25X1 25X125X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 Problem Number: Office: OS/ISSG. Title: Computer Firmware Verification Problem Description: A major area of concern is the integrity of electronic components used in the computer systems and networks of the Agency. Any compromise of system firmware can nullify any protection provided by software security utilities. The advent of Large Scale Integrated (LSI) circuits and Very Large Scale Integrated (VLSI) circuits have permitted powerful computer systems to be concentrated in single printed boards. Methods must be developed to verify the integrity of firmware prior to bringing up classified Agency systems, after maintenance activities-, and after the installation of new or replacement components. The methods must be capable, of identifying unauthorized alteration (i.e., bugs, implants) of circuit components. Time Requirements: This vulnerability potentially exists now and adequate means of verifying firmware must be developed as soon as possible. Background: LSI and VLSI technologies have facilitated the spread of powerful distributed computer systems and network. These technologies could also. provide for the verification of the physical separation of the respective levels of multilevel systems- Firmware verification will increase Office of Security confidence in trusted computer systems. Policy: _ DCID 1/16 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BOl 152R001201490006-7 OFFICE: OC TITLE: Telecommunications Security PROBLEM DESCRIPTION: Comprehensive software and firmware design and main- tenance techniques are needed to prevent unauthorized access to networks and terminals and to detect unauthorized modifi- cations. COISEC profiles of new communications systems are often determined after procurement. This leads to costly changes to software or firmware and delays in systems deployment. Solution to this problem would radically reduce costs of software changes and eliminate delays in system deployment. Low cost techniques for end-to-end encryption warrant particular consideration. COidTACT: - 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BOl 152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 Problem Number: Office: OS/ISSG Title: Development of Secure Networks (New) Problem Description: With the proliferation of major Intelligence Community networks and Agency Local Area Networks (LAN) the potential, for accidental misuse and purposeful abuse of computer services are increased. Clearance and need-to-know security issues are .exacerbated with the connecting of various systems and net- works.. In order to provide sufficiently secure networks, the following research-and development efforts are recommended: 1. Development of Secure Gateways: Gateway systems of r varying size-and complexity will be required at nodes on Intelligence Community networks to serve as security control monitors. The requirements for a network gateway must be defined.. At a minimum, the gateways must provide network. access control, data and service authorization checking, flow control, and auditing. The design specifications for a gateway must be provided for a packet. switched environment. 2. Development of Security. Filters. for Local Area Networks: Similar to gateways, security filters provide a checking mechanism that authorizes access between subjects (i.e., users) and objects (i.e., data files) in LANS. The security filter should contain a data base rules access list which mediates all access to system resources on LANS.' The design specification should be compatible with Ethernet-type networks and other planned LANS in the Agency. 3. ISO 'Mode-1 Development: The International Standards Organization has developed a seven layered Open Systems Inter- connection -(OSI) model for communications protocols in computer networks. The OSI is now an informal standard and provides guidance to computer vendors and network designees. Research is needed to determined at which levels security features (e.g.,access control) should be incorporated into the seven layer model. - - Time Requirements: The development of secure networks. will become increas- ingly more significant as projects such as the NPIC Development Program and Mercury progress. Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152 R001201490006-7 -- >-- ---  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 Background: Computer network design projects are now underway and involve increased involvement of Agency computer systems. Policy: DCID 1/16, OMB Circular A-71 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7 ~b.s a'A t~.s PHYSICAL SECURITY ( ONGOING ) The physical protection of Agency facilities, personnel and material is achieved through maintenance of "concentric rings of defense." Every layer of physical security must be based on a well established need and implemented with the highest regard for the user. A major concern that does not appear to have an immediate comprehensive solution is the prevention of unauthorized removal of classified material. from Agency facilities. The problem is far-reaching :in that the material may be paper(original or a copy), film or magnetic media. Another physical security issue is pouch protection. Even though acceptable systems are available now, the possibility of compromise of these systems dictates that backup systems be developed for future use. Candidate' Topics or Projects in priority order Secure Pouch ( ONGOING ) Document Control / Protection ( ONGOING ) Physical Security General Support C ONGOING ) 25X1 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85B01152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 Iq Next 1 Page(s) In Document Denied 25X1 25X1 Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7  Sanitized Copy Approved for Release 2010/01/19: CIA-RDP85BO1152R001201490006-7 i'rOD1er ?Nursber DD-11 OS e . 1 SD P01ng Prcbier Description. are needed a ~ C_ es ~s_ retie=c_ sup or: of phN'sica_ securit 2-C'' ams. LZ"cliia~iOrc o `OT7! PG7'C.G.L s)rs,-e`1 s Gre also it~~~=: G 17. ~1t: i. _?.: .G. L C'' L - L F - G rea tliremeA} .. . -Lm This is a needed ongoing J2 CI.4.,1.012_T?C!?/R past Drogrars have included a i~,arl.e t survey cC COi. 1 al'a~_ ._ 1 docu? eft, : a