NATIONAL POLICY ON TELECOMMUNICATIONS AND AUTOMATED INFORMATION SYSTEMS SECURITY - ACTION MEMORANDUM
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP87B01034R000700080012-8
Release Decision:
RIPPUB
Original Classification:
K
Document Page Count:
6
Document Creation Date:
December 21, 2016
Document Release Date:
March 17, 2008
Sequence Number:
12
Case Number:
Publication Date:
April 10, 1984
Content Type:
MF
File:
Attachment | Size |
---|---|
CIA-RDP87B01034R000700080012-8.pdf | 262.51 KB |
Body:
Approved For Release 2008/03/17: CIA-RDP87B01034R000700080012-8
NSC REVIEW COMPLETE
TAB
DIA review(s) completed.
Approved For Release 2008/03/17: CIA-RDP87B01034R000700080012-8
Approved For Release 2008/03/17: CIA-RDP87BO1034R000700080012-8
DEFENSE INTELLIGENCE AGENCY
WASHINGTON. D.G. 20301
10 APR ]984
SUBJECT: National Policy on Telecommunications and Automated
Information Systems Security - ACTION MEMORANDUM
I am writing to you as your Senior Intelligence Advisor to assist in your
review of the final draft National Security Decision Directive (NSDD) on a
National Policy for Telecommunications and Automated Information Systems
Security to replace the current PD/NSC-24, Telecommunications Protection
Policy, dated 16 November 1977. The final draft NSDD contains important
policy issues that will significantly impact the Intelligence Community
and military operations in the decades ahead. Accordingly, the initial
draft sparked considerable controversy and varied positions within DoD and
the Intelligence Community. I have now learned that the final draft NSDD
has been released to you for comment by 16 April 1984, and that it
contains very little change from the initial draft.
Given the importance of this directive, I urge your consideration of the
various positions that have been developed on the matter. Briefly
summarized they are:
- Joint Chiefs of Staff: The Joint Chiefs of Staff strongly
supported the conceptual approach of integrating Telecommunications and
Automated Information Systems Security, but had strong reservations in
some areas. To highlight the principal areas of concern, they proposed
revision of the membership of the National Telecommunications and
Information Systems Security Committee to include adding the Director, DIA
and Commandant of the Marine Corps to this important policy body. They
nonconcurred with national funding by NSA for consolidated
telecommunications and computer,security programs. The JCS concurred with
designating NSA as the national manager, but restricted the scope of its
authority and responsibilities to require coordination with operating
agencies in developing security standards, restricted NSA's authority to
examine and monitor automated information systems in other Services and
agencies without prior approval, and proposed that current directives
pertaining to certification and accreditation of automated information
systems remain in effect. Lastly, NSA authority to enter into agreement
with foreign governments with regard to telecommunications and computer
security was restricted to a technical liaison role.. With the exception
of the addition of the Commandant of the Marine Corps to the National
Committee, all other proposed revisions were excluded from the final
draft.
NSC review
completed
U-14,142/RSE-4
MEMORANDUM FOR THE SECRETARY OF DEFENSE
- Deputy Under Secretary for Policy: General Stilwell has.taken the
position that the pace and extent of centralization of management and
policymaking proposed in the NSDD are premature. In brief', DUSD(P) has
proposed a phased approach to gradual integration of Telecommunications
and Automated Information Systems Security -- to include two-separate
Approved For Release 2008/03/17: CIA-RDP87BOl034R000700080012-8
Approved For Release 2008/03/17: CIA-RDP87B01034R000700080012-8
committees under the Steering, Group; deferral for study of the need for
the establishment of an executive agent and national manager for combined
telecommunications and computer security programs; and deletion of the
proposal in the NSDD for a consolidated national program/budget.- In
addition, DUSD(P) proposed that the Director, DIA and Commandant of the
Marine Corps be added as members of the two national committees,_but
opposed combining the two committees pending further evaluation and
completion of the internal DoD comprehensive computer security program
review-that you initiated in January 1984. Again, essentially none of
these concerns were addressed in the final draft.
- Director of Central Intelligence : The DCI also nonconcurred in
the draft N DD over concerns about the erosion of the DCI authorities for
developing computer security policies and standards for systems processing
compartmented intelligence information and establishing policy and
accreditation for intelligence systems. These policies and accreditation
authorities are further delegated to the Director, DIA for all DoD non-
cryptologic systems. We are not aware of the specific revisions proposed
by the DCI, but are advised that the final draft NSDD further exacerbates
the situation by deleting responsibilities for DCI coordination with the
activities established under the NSDD concerning unique requirements
pertaining to the protection of intelligence sources and methods.
- Deputy Under Secretary of Defense (C31): Dr. Latham has supported
the NSDD and recommended that the Director, NSA exercise independent
national roles for COMSEC and computer security programs under SecDef
executive agency.
Under the current Secretary of Defense and DCI policy, the Director, DIA,
is responsible for the dissemination of all-source intelligence, including
the processing and dissemination of intelligence through computers, to all
echelons of military command. -I am also responsible for implementing
security policy for the handling and dissemination of military
intelligence, including the processing of compartmented intelligence on
non-cryptologic computer systems throughout DoD. Promulgation of the
NSDD, in the final draft form,~would substantially alter this policy
framework and create a new computer security management structure without
an effective system of checks and balances to ensure the security risks
are balanced with the requirements for military operations. Given the
growing threat and potential vulnerabilities of our computer systems, I
support development and implementation of strong security measures and
major R&D initiatives, particularly those underway at NSA. While
improvements in computer security must be afforded high priority, we must
ensure that stringent computer standards are developed considering the
requirements for dissemination of all-source intelligence to users at
every echelon and consistent with available technology and our ability to
implement computer security improvements. The technology and expertise in
the computer security arena are not as advanced as in the communications
security area.
Approved For Release 2008/03/17: CIA-RDP87BOl034R000700080012-8
Approved For Release 2008/03/17: CIA-RDP87BO1034R000700080012-8
As the manager of the General Defense Intelligence Program (GDIP), one of
the major components of the National Foreign Intelligence Program, I am
further concerned about balancing the affordability of computer security
initiatives with other improvements in overall DoD intelligence .
capabilities. Based on estimates in the FY 1985 budget, we have learned
that developing new computer security techniques and retrofittin} existing
systems are extremely costly. It is important that the Director, DIA, as
the GRIP program manager, the intelligence officer of the Joint-Staff, and
your senior military intelligence advisor continue to participate in
balancing these priorities rather than assigning an independent activity
the authority to develop a consolidated communications and computer
security budget without regard to overall military intelligence
priorities.
I strongly recommend that you not concur in the final draft NSDD until the
OSD staff, the JCS, the DCI and other members of the National Security
Community can collectively agree on its key policy provisions and
implementation.
Coordination within OSD is not required.
JAMES A. WILLIAMS
Lieutenant Geaer4 U. S. Army
Director
CJCS
Prepared by Mr. L.T. Busic, x22000
Approved For Release 2008/03/17: CIA-RDP87BOl034R000700080012-8
Approved For Release 2008/03/17: CIA-RDP87BO1034R000700080012-8
2.
s,
Initials
Date
44
A12AP
I9
131: 4
a
Ion
File
Note and Return
roval
For Clearance
Per Conversation
Requested
s
For Correction
Prepare Reply
clate
ir,
For Your Information
See Me
ment
Investigate
Signature
Coordination
Justify
/-d-,-)'7 15~~ -- v---~ A-57~1`5e
Ga D~f '5F~". cif /3 act
DO NOT use this form as a RECORD of approvals, concurrences, disposals,
clearances, and similar actions
OPTIONAL FORM 41 (Rev. 7-76)
rnseribed by GSA
Approved For Release 2008/03/17: CIA-RDP87BO1034R000700080012-8
Approved For Release 2008/03/17: CIA-RDP87B01034R000700080012-8
OFFICE OF THE DIRECTOR l`Jfipk. lPd' f
A--h I'd ,~
SUBJECT:
'
~7 p
Office of Security
0,C 2:
P~2;/ y ' 4w l ow c /T ,r,,o
~~c~~ mac. ~ ''~'~'~~r~ T ?~.~' .~,7'- ~:. L. ,
rr -- -"c r 4^L C" T-/tT ly 1/1/6 (r,)lC '
z rS ( .0-~r,01=l e i
(' l o p
? , o'", y, $ r- / Jusr ~oN'T -v, /riyE
0 ,E Fv,Esrwpq,&Yr 7P
Approved For Release 2008/03/17: CIA-RDP87B01034R000700080012-8