RESPONSE TO A HAC-REQUESTED REPORT ON SECURITY IMPLICATIONS OF EXPANDED USE OF COMPUTERS AND OFFICE AUTOMATION EQUIPMENT (DCI/ICS 86-4010 MEMO, 17 JAN 86)
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP89B01354R000200210010-6
Release Decision:
RIPPUB
Original Classification:
S
Document Page Count:
8
Document Creation Date:
December 27, 2016
Document Release Date:
July 30, 2013
Sequence Number:
10
Case Number:
Publication Date:
February 13, 1986
Content Type:
MEMO
File:
Attachment | Size |
---|---|
CIA-RDP89B01354R000200210010-6.pdf | 264.52 KB |
Body:
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
,
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08 : CIA-RDP89B01354R000200210010
ROUTING
TO:TO:
NAME AND ADDRESS
DATE
INITIALS
1
IC- FF
3
4
ACTION
DIRECT REPLY
PREPARE REPLY
APPROVAL
DISPATCH
RECOMMENDATION
COMMENT
FILE
RETURN
CONCURRENCE
INFORMATION
SIGNATURE
REMARKS:
L
FROM: NAME, ADDRESS, AND PHONE NO.
DATE
SAF/SS PENTAGON, RM 4C1052
R60213
Handle Via
CONTROL NO.
(Security Classification)
14, FEB eat
'ILOGGLD
1 2
TALENT-KEYHOLE
Channels
Access to this document will be restricted to
those approved for the following specific activities:
STAT
OA
A,
Warning Notice
Intelligence Sources and Methods Involved
NATIONAL SECURITY INFORMATION
Unauthorized Disclosure Subject to Criminal Sanctions
RE
(Security Classification)
yrAtirAirrAVAIPP"AllrAarAMTAIVIVAII
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
DISSEMINATION CONTROL ABBREVIATIONS
NOFORN- Not Releasable to Foreign Nationals
NOCONTRACT- Not Releasable to Contractors or
Contractor/Consultants
PROPIN- Caution-Proprietary Information Involved
USIBONLY- USIB Departments Only
ORCON- - Dissemination and Extraction of Information
Controlled by Originator
REL This Information has been Authorized for
Release to ...
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
,
HANDLE VIA
SECRET TALENT-KEYHOLE
CONTROL SYSTEM
(S) NATIONAL RECONNAISSANCE OFFICE
WASHINGTON, DC,
THE NRO STAFF
MEMORANDUM FOR IC STAFF
INFORMATION HANDLING COMMITTEE)
13 February 1986
CHAIRMAN, DCI INTELLIGENCE
SUBJECT: Response to a HAC-Requested Report on Security Implications of
Expanded Use of Computers and Office Automation Equipment (DCl/ICS
86-4010 Memo, 17 Jan 86)
This report outlines actions being taken by the NRO to strengthen physical and
electronic computer and automated office equipment security.
I believe from your memo you have an understanding of the risks associated
with personal computers and word processors.
The following are security measures employed to limit risks to program
information handling systems, including word processing and small computers:
a. All employees must be currently accessed and active on program
activities.
b. All employees must have received a Special Background Investigation
(SBI) less than 5 years old or are in the process of a Periodic
Reinvestigation.
c. All employees have received or are subject to a Counter-intelligence
polygraph. Those with ADP system manager/operator privileges are subject to
periodic polygraphs.
Security procedures employed to limit the risk of compromise by disloyal
employees are:
a. All systems are fully enclosed in accredited program areas. No
unencrypted links to any other system are permitted and all systems on the net
must operate at the same security level.
b. All media and runs must be marked with highest classification at time
of creation.
c. All magnetic media are treated as a program level "document"
controlled at the highest security level contained on the media. This policy
includes floppy discs, removable hard discs, Winchester technology disc
systems (when removed from carriers/drive units) and older technologies.
HANDLE VIA Classified by:
TALENT-KEYHOLE Multiple Sources
CONTROL SYSTEM
SECRET
CONTROL NO
COPY / OF
PAGE 1 OF
STAT
2
2
COPIES
PAGES
DECL: OADR
STAT
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
2
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
HANDLE VIA
SECRET TALENT-KEYHOLE
CONTROL SYSTEM
d. All transportation of computer runs and magnetic media is only
performed by sponsor approved couriers and controlled at each end.
e. All system users are assigned unique user and application passwords
,and may use unique lockwords to protect online storage from other users.
f. Selected audits of user files can be conducted by system managers and
security staff.
g. All persons granted access to facilities or computer equipment are
continually monitored by peers and supervisors for reliability concerns
(substance abuse, financial problems, emotional disorders, etc.) and those
matters referred to the security or medical staff as required.
h. We comply with DCID 1/16 (Security Policy on Intelligence Information
in Automated Systems and Networks).)
In regard to resource short falls or problem areas, we identify the following:
a. Because the greatest vulnerability is human personnel failure, we need
support for 100% polygraphing.
b. State of the art systems are growing much faster than security staffs
or technical security evaluation. Thus, we must continually address the
demands on program/engineering staffs to bring new and developing systems on
board before full security impact can be assessed. For example, we need to
explore safeguards for software when multi-level compartments are within the
computer.
c. With budget cuts, additional efforts will rely primarily on
administrative and procedural controls.
d. Qualified personnel with background in ADP and computer security are
scarce and in high demand both in industry and government.
e. We are exploring the technical solution of marking transportable media
with magnetic labels that could be detected when illegally removed from a
secure facility.
Questions regarding this response should be directed to Capt
HANDLE VIA
TALENT-KEYHOLE
CONTROL SYSTEM
CAPT, USN
Deputy for Policy and
Security
SECRET
CONTROL NO
COPY_L_OFaCOPIES
PAGE2OP 2 PAGES
25X1
25X1
25X1
STAT
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6ppr
/Mr Air /OW AMPF AW.Adir Air .F Air
ROUTING
TO:
NAME AND ADDRESS
DATE
INITIALS
1
IC STAFF
2
3
4
ACTION
DIRECT REPLY
PREPARE REPLY
APPROVAL
DISPATCH
RECOMMENDATION
COMMENT
FILE
RETURN
CONCURRENCE
INFORMATION
SIGNATURE
REMARKS:
FROM: NAME, ADDRESS, AND PHONE NO.
DATE
SAF SS PENTAD% RM S
: ? s
Handle Via
SECRET
(Security Classification)
t
FEB 1986
CONTROL NO
COPY
TALENT-KEYHOLE
Channels
1
Access to this document will be restricted to
those approved for the following specific activities:
Warning Notice
Intelligence Sources and Methods Involved
NATIONAL SECURITY INFORMATION
Unauthorized Disclosure Subject to Criminal Sanctions
IIIIIIIIIIIIIIII1111
OF
2
STAT
SECRET
(Security Classification)
OAPPFAIVAIVArArAdrilrAVAPPPAgrAir
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
DISSEMINATION CONTROL ABBREVIATIONS
NOFORN- Not Releasable to Foreign Nationals
NOCONTRACT- Not Releasable to Contractors or
Contractor/Consultants
PROPIN- Caution-Proprietary Information Involved
USIBONLY- USIB Departments Only
ORCON-' Dissemination and Extraction of Information
Controlled by Originator
REL This Information has been Authorized for
Release to ...
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6
THE NRO STAFF
HANDLE VIA
SECRET
(S) NATIONAL RECONNAISSANCE OFFICE
WASHINGTON, D.C.
26 February 1986
CONTROL SYSTEM
MEMORANDUM FOR THE IC STAFF CHAIRMAN, DCI INTELLIGENCE STAT
INFORMATION HANDLING COMMITTEE)
SUBJECT: Response to a HAC-Requested Report on Security Implications of
Expanded Use of Computers and Office Automation Equipment (DCl/ICS
86-4010 Memo, 17 Jan 1986)
REFERENCE: NRO Staff Memo, Same Subject, 13 Feb 1986,
This report provides additional information concerning the numbers of past and
future use of personal computers and word processors by our organization.
With 1985 considered as the current year, in the past three years we used 16
personal computers and word processors. We project to use in the next three
years 569 personal computers and word processors. These systems are or will
process intelligence information.
Questions regarding this response should be directed to Cap
HANDLE VIA Classified by:
TALENT-KEYHOLE Multiple Sources
CONTROL SYSTEM
Deputy Director
for Policy and Security
? SECRET
DECL: OADR
CONTROL NO
COPY 1
PAGE 1 OF 1 PAGES
STAT
25X1
25X1
25X1
OF 2 COPIES
STAT
Declassified in Part - Sanitized Copy Approved for Release 2014/01/08: CIA-RDP89B01354R000200210010-6