DIRECTOR OF CENTRAL INTELLIGENCE SECURITY COMMITTEE COMPUTER SECURITY SUBCOMMITTEE

Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 24 September 1981 DCISF;C-CSS-M139 1. The One Hundred and Thirty-Ninth meeting of tY~e Computer Security Subcommittee was held on 15 September 1:81 at McLean, VA. The meeting was convened at 0930, and attending were: DIRECTOR OF CENTRAL INTELLIGENCE SECURITY COMMITTEE COMPUTER SECURITY SUBCOMMITTEE Executive Secretary CIA Mr. Mr. Mr. Mr. James Studer, Army Lynn McNulty, Dept. of State Robert Robert Ronald NSA Graytock, Dept. of Justice Wingfield, Dept. of Energy M~ Lancing, Navy SECOM Mr. Robert Storck, FBI Mr. Edward Springer, Los Alamos Nat'l Labs (D~~E) Mr. David Bailey, Los Alamos Nat'l Labs (DoE) 2. The minutes of the previous meeting were reviewed. There were no comments, and thus they were approved as written. 3. Mr. Wingfield (DoE) introduced Messrs. By and Springer from the Los Alamos National Laboratories, where DoE has re~~ently established a centralized computer security group for the Department. a. Mr. Springer started with a general overview of DoE responsibilities and capabilities, showing how the Los Alamos Labs fit into the overall DoE structure. He then discussed the establishment of the Computer Security Technical Center for DoE at the Los Alamos Labs, which is specifically geared toward addressing the Department's computer security problems. He went on to discuss some of the specific techniques being applied presently, such as DES-type devices for the protection of "unclassified-but-sensitive" traffic, and for file encryption functions. In response to a question on the relative amount of SI processing required by DoE;, it became clear that there was very little such processing, and the requirement that does presently exist can be satisfied via periods processing. b. Mr. Bailey then spoke of a~everal specific programs which were being pursued at the laboratories. He stated that the bulk of their work related to "secure operating systems" was being performed in close cooperation with NSA. It was generally agreed that, since such a small percentage of the DoE processing is SI, they should continue to maintain their primary contact with the DoD community, mainly through the recently formed DoD Computer Security Center at NSA. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 c. The basic thrust of the presentation was t~ apprise the CSS of the existence and capabilities of the. DoE Computer Security Center, and offer to participate in, and support, community technical programs (R&D, studies, etc) which are aimed at computer security problems of mutual interest. Consequently, the Los Alamos Labs would like to be considered as a qualified candidate on appropriate technical tasks that the CSS wishes to fund. 4. The CSS next discussed the various proposals which had been submitted for spending the money OK) which has been provided by the SECOri. Each of the proposals which had been submitted were reviewed and discussed. One of the proposals involved the evaluation of the TEMPEST threat to ADP systems. This was rejected by the chairman as being outside the "jurisdication" of the CSS, falling more properly to the SCOCE (Special Committee On Compromising Emanations). There was some discussion on this point, with some of the membership expressing their concern with TEMPEST as a valid ADP system problem. The chairman offered to draft a letter to the SECOM expressing the membE:rship's concern with TEMPEST problems exhibited by ADP systems. 5. The chairman asked the members to review each of the proposals and express their preference for the tasks to be funded.. The most popular proposal was that the develop a technology forecast, to pi redict/evaluate ...a...,..~. . technolo i al trends which ~gu1d.,,.,~au~....,an.,.ef~e.G.~-~,.,~~~.1t.~F.setur~-~o1QSY~ .~..~.~.~...,..-......-..,..._-.-...~...~~ Other an_d tlly,s...held.,,_,5~...LR1~t~VY._,decide the. proffer , d,~~t,~.9n~s._..fo~...~.&D proposals chosen as reasonable candidates for CSS funding were those relating to a survey of word processing systems and their security-related capabilities (it, w,~s...,a1s~17..recommended`that ,the newly-created DoD Computer Security Center ,~~~ ..~ be tasked for this prodect), and a threat'~sEudy. ~~,t ,rig ~~~ r 1 ~;. 1 fw ~.4 6. The chairman asked that final votes and any further suggestions be phoned to him by the 2nd week of October 1981. Copies of the proposals which have been submitted to date are Enclosed. Questions on any of the proposals should be directed to the originating organization. 7. The next meeting was set for Tuesday, 20 Octot~er 1981, at 0930, at The primary item of discussion will be the policy statement for the revision to DCLD 1/16. 7 Encls: 1. Proposal, Subj: Proposals for Funds Submitted by Computer Security Subcommittee Members, dtd 1 Sep 81 2. Proposed Contract, Subj: Computer Network Security $100K, undtd 3. Proposed Contract $50K, undtd 4. Proposed Contract R&D Magnetic Media Control Using Technical Means $75K, undtd Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 5. Dept of Army Ltr, DAMI-AM, Subj: Recommendations for Employment of SECOM Funds Allocated to CSS, dtd 8 Sep 81 6. Proposed Contract, Subj: Computer Network Security, $100K, undtd 7. Dept of Energy Ltr, dtd 17 Sep 81, and Encls thereto Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070041-4 I Sip 181 SUBJECT: Proposals for Funds Subrr'tted by Computer Security Subcon>nrittee (~tembe rs ' T0: Chairman, DCI Security Ccf~mi ttc~e Following are proposais for fur:'s as subrr:itted by membership: CIA 1. Compile a listing of essential ~ngreciients of the cr~rrent/ongoing net~rork studies in cor~puter security. COST: ~45K 2. Identify the security elements that are required in a total (multi-level) netti~rork. COST: X90-100K 1. Baseline Computer Security Technology; Forecast. bihere the technology is and ~~rhere it is going; trends; +rrhat should we pursue? COST: $50K 2. Subcommittee participation at selected Computer Security Conferenc s/'~lorF:sho{~s . COST: ~SUK DIA 1. Individual Identii'ication;r^,uth~ntication Prepare a technical evaluation of individual identification capabilities. Reliable, efficient, and cost effective individual identification is required for access control for physical areas, local and remote host computers, and automated nett~rorhs. Industry is providin; anumber of capabilities most of which have identifiable dQficierrcies; a nur:,ber of government efforts are under way to develop access control capabilities. A technical study is needed to report/evaluate the current stag of the technology. COST: ~IIOK F,:C. ~t ~1L'F,>a Ui~C:Lf1S ~'i3L:~ i'PA..',.t1'~~~, F'1.U;~i E~~:;I:rJSUT;.F:~Si. Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 '~ I~ !,1 t s ~ ~" 2. Data Classification and Control P~larkinc~s Develop a marking system with the capability to identify data classification and restrictive handling controls for intelligence information stored, processed, or extracted by automated systems and net.~?rorks. ~ Definitive access control and dissemination laheling capabilities are necessary rri th devel opraent of - Common Data Bases - Delegated Production - Integrated Data Base - Automated Pdetworks COST: $200K 3. Penetration Exercise Assemble audio surveillance hardware and develop/execute a penetration/ collection scenario. ' COST: $150K If any of the above proposals are determined to have merit, the subconunitte~ will provide additional details. Attached as enclosures are additional proposals for your consideration as submitted by the FBI and DOE. ur;cl_ns ,T ,-,~T Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Proposed Contract COMPUTER NETWORK SECURITY $1 OOK I. Introduction Of all the issues involving ADP security, network security is the most complex. This is because network security spans all facets of security. For example, physical security, personnel security, communications security, TEMPEST security, and computer software security are all important considerations of network security. The distributed nature of networks further complicates issues involving physical and communication security. All the problems and technical issues involved with the security of a single computer is present in a network and is essentially multiplied by the number of computers (i.e., network nodes) in the network. In particular, the issue of multilevel security is greatly complicated in a network. The combination of the distributed nature of networks and packet switching technology (i.e., the multi-path distribution of packet composition/decomposition) makes total multilevel security a very difficult goal to achieve. Computer network security issues can be divided up into two areas of concern: a. communications security b. nodal security II. Proposed Contract Amount - $100K - "Think piece," original study on security requirements for Network Architecture which would examine: nodes communication lines (Bus, fibre optics, etc.) This study should not be directly basE~d on existing developments or biased by past efforts. However, contractors should be aware of past e:Eforts in this area. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Questions to be addressed a. Centralized vs decentralized security? b. Type of security technology which would be most applicable in centralized systems or decentralized systems? Should address 1. What capabilities should the networked system have to be secure from standard modes of security compromise, e.g., tapping, penetration, etc.? If encryption is broken what steps need be taken as envisioned by the contractor to eliminate or minimize damage to network? 2. How will the contra~~tor ensure compartmentation of data when nodes are connected to a network which has different levels of classified data? Givens - Must conform to security requirements of multicompartmented mode (DCID 1/16 and. OMB A-71) - multi-CPU's - hundred of users - multi-geographic locations - encryption systems - something that is practicable and doable now Products - lleliverables 1. Security requirements (system, ph}~sical, procedural) for NODES. 2. Security requirements for front-ertd processor (if centralized). 3. Security requirements for communication links (Bus, fibre optics, etc.). ISSG/OS/CIA Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Proposed Contract $SOK I. Objective Survey existing technical literature, in and out of Intelligence Community, on computer network security architecture and detail specific finding:>. These findings will be used as a platform to launch a comprehensive study in developing needed system security mechanisms for networked systems now being developed within the Intelligence Community. Contractor will be asked to detail any .~i s in existing network architecture to date which may c~i~ for additional studies. II. Products - Paper summarizing methodology to date :in handling security in "networked systems" processing multilevel classified data for the Intelligence Community. 'the existing methodology in private industry which might be feasible? - Gaps which still need to be addressed? III. Potential Contractors - SDC - MITRE - Network Analysis Corporation - Van Dyke Associates ISSG/OS/CIA Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Proposed Contract R&D Magnetic Media Control Using Technic~il Means $75K. A method is needed for detecting and preventing the unauthorized removal of all portable magnetic storage media from Intelligence Community facilities. The approach should be towards the development of a special type of magnetic media which? has something in its composition which can be detected by sensors strategically placed at building exits. The detectable substance would not be removable, transparent to users and not impair the normal utilization of magnetic media. An alternate but less desirable solution would be the development of a device which can be attached to or recorded/written into magnetic media which can be detected by a sensor. The types of portable. magnetic media include computer tapes, floppy disks, and cassettes. (U) This is a current problem presently being addressed through management and administrative procedures neither of which properly addresses the problem. Increasing use of floppy disks in word processing systems and the new family of computer terminals will make the problem worse in the future. (U) There are presently no known technical means of detecting the surreptitious removal of magnetic media from a controlled area. It appears that the solution to this problem requires new research efforts. (U) In a sense, the prevention of unauthorized removal of magnetic media is more acute than the hardcopy document control problem. Many documents can be recorded onto a single floppy disk, cassette or magnetic tape. It is highly desirable from the Intelligence Community viewpoint to be able to prevent unauthorized removal of magnetic media. (U) Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070041-4 DEPARTMENT OF THE ARMY OFFICE OF THE ASSISTANT CHIEF OF 8TAFF FOR INTELLIGENCE WASHINGTON. D.C. 20110 8 SEP 1881 SUBJECT: Recommendations for Employment of SECOM Funds Allocated to CSS Mr. Len Busic Chairman, Computer Security Subcommittee SECOM, NFIB 1, The purpose of this letter is to comply with your request for a list of recommended projects to be funded by the Computer Security Subcom- mittee (CSS)o It is our firm belief that CSS funds should be allocated only to those projects which will produce an identifiable, tangible pro- duct which will have broad Intelligence Community use, Further, appli- cations supported by DIA and the military services should have universal value in military intelligence functionso 2. The most critical requirement facing the entire Intelligence Community (IC) today is the need to Redefine and Restructure the Security and Protection Attributes Which Support the Automated Handling and Communi- cation of Intelligence Information. The multitude of classif ications, codewords, caveats, control and dissemination restrictions present in the IC today have introduced great complexity into the processing and trans- mission of vital intelligenceo The proliferation of intelligence systems and current planning for their future interface demands careful, judi- cious study of this problem and development of a workable, practical, hierarchic structure of standard security and protection attributes which can be implemented in the automated information handling world. I am currently working on the first draft of a much more detailed paper on this subject and will provide it to you when completedo In the meantime, I feel very strongly that the subcommittee should identify and support this project. Because there is already some interest in solution of this problem in the Data Standards Panel of the Intelligence Information handling Committee, NFIB, it could be made a joint project with that group, 3. Next in priority is the need for abroad, definitive study of The Threats Against Intelligence Automationo Such a study might well b e an outgrowth of the compilation activity which DIA RSE-4 now has underway Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 8 SEP 1981 DAMI AM SUBJECT: Recommendations for Employment of SECOM Funds Allocated to CSS with the Military Intelligence Reserve unit in Texas. If content dictates, this product should be produced in two versions; one hopefully at the SECRET collateral level for broad, general dissemination, and a second at the TOP SECRET SCI level for more restricted IC dissemination. Command- and management-level attention and interest must be gained and maintained through provision of well-written expositions on the serious threats against automated systems. 4. As an ancillary to The Threats Against Intelligence Automation there should be produced, as a separate document if necessary, a serious, lay- man language Compromising Emanation Threat Study. Decision-authorities in Army and the other services are confronted on a daily basis with the requirement to approve or disapprove the design of automated systems at both the tactical and strategic levels which must incorporate protection against compromising emanations. The credibility of this EMSEC require- ment is not now well established, except in the electronic engineer- oriented language of NACSEM 5100. There is a demand for a definitive, detailed, explanatory threat and countermeasure document which can be read, understood and applied by managerial personnel without the need for engineer interpretation. Production of this study should be a joint effort with the Subcommittee on Compromising Emanations (SCOCE). S. There is also a strong requirement for an authoritative Automation Security Dictionary defining all the terms and criteria to be applied in clear, precise language. A precedent e~:ists in United States Communica- tions Security Board (USCSB 2-17) "Glossary of Communications Security and Emanations Security Terms," October 197G. 6. Lastly, a requ it anent exists for the development and promulgation of an IC guidance document on the application of Risk Analysis Criteria, Procedures, and Techniques for Automation and Communication Systems in the Intelligence Community. 7. I will be happy to elaborate on any of the above recommendations at your request. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Proposed Contract COMPUTER NETWORK SECURITY $1 OOK I. Introduction Of all the issues involving ADP security, network security is the most complex. This is because network security spans all facets of security. For example, physical security, personnel security, communications security, TEMPEST security, and computer software security are all important considerations of network security. The distributed nature of networks further complicates issues involving physical and communication security. All the problems and technical issues involved with the security of a single computer is present in a network and is essentially multiplied by the number of computers (i.e., network nodes) in the network. In particular, the issue of multilevel security is greatly complicated in a network. The combination of the distributed nature of networks and packet switching technology (i.e., the multi-path distribution of packet composition/decomposition) makes total multilevel security a very difficult goal to achieve. Computer network security issues can be divided up into two areas of concern: a. communications security b. nodal security II. Proposed Contract Amount - $100K - "Think piece," original study on security requirements for Network Architecture which would exam'Lne: - nodes - communication lines (Bus, fibre opt:Ccs, etc.) This study should not be directly based on existing developments or biased by past efforts. However, contractors should be aware of past efforts in this area. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Questions to be addressed a. Centralized vs decentralized security? b. Type of security technology which would be most applicable in centralized systems or decentralized systems? Should address 1. What capabilities should the networked system have to be secure from standard modes of security compromise, e.g., tapping, penetration, etc.? If encryption is broken what steps need be taken as envisioned by the contractor to eliminate or minimize damage to network? 2. How will the contractor ensure compartmentation of data when nodes are connected to a network which has different levels of classified data? Givens - Must conform to security 'requirements of multicompartmented mode (DCID 1/16 and OMB A-71) - multi-CPU's - hundred of users - multi-geographic locations - encryption systems - something that is practicable and doable now Products - lleliverables 1. Security requirements (system, physical, procedural) for NODES. 2. Security requirements for front-er.~d processor (if centralized). 3. Security requirements for communication links (Bus, fibre optics, etc.). ISSG/OS/CIA Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Department of Energy Washington, D.C. 20545 Mr. Len T. Busic Defense Intelligence Agency Attn: RSE-4 Washington, DC 20301 SEP 17 1981 Dear Mr. Busic: Enclosed for your review are three computer security projects proposed for funding by the Computer Security Subcommittee. These projects were selected following the discussion at the subcommittee meeting on September 15. Additionally, I am enclosing a copy of the briefing material as you requested. Please accept my appreciation for the courtesy and attention shown to Dave Bailey and Ed Springer of the Department of Energy Computer Security Technical Center. Bob Wingfield of ...y staff indicated that the session was of benefit to the Department of Energy and I trust it was of value to you and the subcommittee members as well. Robert A."0'Brien cc w/Proposed Projects: Computer Security Subcommittee Members Chief, Operations~ec~i ty Branch Division of Security Office of Safeguards and Security Defense Programs Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Computer Security Subcommittee Proposed Project Computer Security Technology Forecast 75 K Objective: To prepare a baseline technological assessment of the protection of information in computer systems and computer networks;. The assessment of the current state of the technology will be accompanied by a forecast out- lining problems and possible solutions which will be encountered during the - ---- next 5 years. The assessment will 6e usefufi-to security officers in select- i~ng security controls for systems under their control. The assessment will also be useful in guiding the selection of research and development tasks to fill the gaps in current protection capabifiitie~ and in solving the new problems which arise. The assessment and forecast shou'Id be updated approxi- mately once every 2 years. Product: A report containing an assessment of the currE~nt state of protection tech~ogy and a forecast covering the next 5 years. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Computer Security Subcommittee Proposed Project Secure Operating Systems 100 K Objective: Evaluate the Honeywell Secure Communications Processor (SCOMP) and demonstrate its utility as a secure network front end processor in a data base management application. A SCOPIP system will be installed at Los Alamos for system evaluation and software development and will then be reinstated at another location such as Oak Ridge for prototype use as a data base front end fcr users with differing levels of clearance and need- to-know. The Department of Energy software would be adapted to an SCI application specified by the subcommittee and installed on an existing SCOMP system as directed by the subcommittee. Product: An installed SCOMP demonstration system. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4 Computer Security Subcommittee Proposed Project Secure Office Workstation 125 F: Objective: Build a prototype workstation capable of providing need-to-know protection for information in the environment in which 'the information is normally handled. The workstation_should not re_quire_extensive sanitization before it can be left unattende3~. '1"EM1sEST wiTT 6e considered in the system design, but will-not be included in the prototype workstation. Product: Implementation of a prototype workstation demonstrating the needed protection techniques. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070041-4