COMPUTER SECURITY WORKING GROUP OF THE UNITED STATES INTELLIGENCE BOARD SECURITY COMMITTEE
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP89B01354R000400550027-9
Release Decision:
RIPPUB
Original Classification:
S
Document Page Count:
6
Document Creation Date:
December 27, 2016
Document Release Date:
July 22, 2013
Sequence Number:
27
Case Number:
Publication Date:
July 2, 1968
Content Type:
MEMO
File:
Attachment | Size |
---|---|
CIA-RDP89B01354R000400550027-9.pdf | 328.31 KB |
Body:
, Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
-bLx?1kd
IBSEC-CSWG-M-2
2 July 1968
COMPUTER SECURITY WORKING GROUP
OF THE
UNITED STATES INTELLIGENCE BOARD
SECURITY COMMITTEE
Minutes of Meeting Held at CIA Headquarters, Langley,
Va. , 2 July 1968
1. The second meeting of the Computer Security Working Group of
the USIB Security Committee was held on 2 July 1968 between 1330 and
1550 hours in Room 4E-64, CIA Headquarters building. In attendance
were:
Mr. Richard Kitterman, State
Mr. Thomas Eccleston, Army
Lt. Col. Richard H. Koenig, Army
Mr. Robert C. Allen, Navy
Lt. Col. Hays Bricka, Air Force
Mr. Raymond J. Brady, AEC
The security level of the meeting was announced as through Top Secret non-
codeword.
2. The minutes of the 18 June meeting were approved without
comment. Members requested, however, that in the future they be pro-
vided with two copies of the minutes.
STAT
STAT
STAT
3. Identification of CSWG Members: In order to provide better
handling of the visitor control procedures for members at future meetings
as well as to insure the clearance level of those attending the meetings, the
Chairman requested that each participating agency formally nominate a
Primary and Alternate to the CSWG. He noted that this nomination should
be accomplished through each agency's Security Committee member and that
in making the nominations, consideration should be given to the clearance
requirements of future Working Group participation. The Chairman also
emphasized the need for continuity in Working Group representation.
IGROUP 1
Excluded tram automatic
downgrading and
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
S-E-C-R-E-T
IBSEC-CSWG-M-2
2 July 1968
4. The DIA representative indicated that his organization would
like to have technical participation in the Working Group as well as
professional security representation. The Chairman reiterated his
previous understanding that technical participation would not only be
welcome but was necessary in facing the problems involved in the
Working Group effort. He pointed out, however, that technical repre-
sentatives would serve in a consultant capacity. Formal designation
of Primary and Alternate Members was requested by the next meeting.
5. IHC Briefing by The Chairman indicated
that he had contacted the staff of the Intelligence Information Handling
Committee (IHC) concerning possible attendance by Working Grou
members at the scheduled 15 July briefing of the IHC by
of the Dn the subject of computer security.
The Chairman had learned that space was limited and that those
Working Group members interested in attending the briefing should
contact their individual agency IHC representation. Each member
was furnished the identity of his IHC representatives.
6. Role of the CSWG: The Chairman opened the discussion of
the proposed roles to be served by the Working Group by restating
functions proposed by him at the first meeting, viz, providing guidance
to the Security Committee towards the identification and solution of
security problems in the ADP environment, pursuing an effort towards
the standardization of security policy in the community as it relates to
the automatic handling of information processing, and acting as a focal
point for the collection, exchange, and dissemination of information on
security problems in the ADP environment. The Chairman asked whether
members could offer additional suggestions towards defining the Working
Group's role. The Air Force member stated that he believed this role
should be
"to recommend to the Security Committee those
policies, methods, and procedures necessary to
provide adequate security protection for all ADP
operations performed by USIB member organiza-
tions and to serve to advise the Security Committee,
the IHC, and USIB members concerning new problem
areas which may arise and for which advice is sought. "
2
S-E-C-R-E-T
STAT
STAT
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
I Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
\u" S-E -C-R -E- T Le,7
IBSEC -CSWG-M-2
2 July 1968
7. The question was raised in the ensuing discussion as to how the
Working Group could effect security requirements which it determined
necessary for the protection of classified material in the .ADP environment.
The Chairman pointed out that recommended procedures could be imple-
mented in two ways:
a. through the responsibility of individual security
components within their own organizations and,
b. through the Security Committee and subsequently
through the United States Intelligence Board for community-
wide implementation.
8. At the conclusion of the discussion, the Chairman suggested
that he would
re are a draft paper
encompassing the roles of the Workin
Group as discussed in its first two meetings; after coordination with
Workin Grou members this a er would be forwarded to the.asiljzili
Committee as a su ested charter settin forth the res onsibilities o
the Working Group.
9. Enumeration of Individual Agency Computer Security Problem
Areas: As requested at the earlier meeting, members were prepared to
identify principal examples of security problem areas affecting their
separate organizations in the ADP environment. Col. Bricka listed the
following problem areas:
a. sanitization of storage media;
b, prevention of inadvertent spillage;
c. the physical and communications security problems
involved in the co-location of IDHS facilities and ADP centers;
d. the need to examine the security procedures of non-
USIB agencies, when their facilities are utilized for classified
processing.
10. The undersigned outlined the following as examples of current
problem areas in CIA:
a. multi-level problem, i. e. the "simultaneous" operation
of the time-sharing system through remote terminals at different
security levels;
3
S-E-C-R-E-T
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
S-E-C-R-E-T
IBSEC-CSWG-M-2
2 July 1968
b. the security problems involved in the installation and
operation of remote devices, including physical protect, access
control, and procedural safeguards;
c. emanations;
d. identification, dissemination control, and "down-
grading" of storage media;
e. internal processing problems, such as the security
identification of stored data and the development of procedures
to retain the "need to know" principle in the current era of mass
storage.
11. The DIA representatives indicated that they were not prepared
to submit a list of problem areas at the instant meeting; they indicated
that a security evaluation of the ANSWERS Project was being made and
that it was anticipated that the results of this evaluation would provide
an identification of problem areas in the DIA environment. They stated
hopefully preliminary identification of such areas would be available by
the next meeting.
12. of NSA indicated that the security element of
that agency was just getting into the computer field and that for this
reason it was difficult for him. to define comprehensively problems in
the computer environment as they pertain to his organization. He
mentioned, however, that many of the problems stated by Col. Bricka
and the undersigned were present in NSA operations. also
noted that the R&D element of NSA has been involved in computer security
efforts.
13. Mr. Brady of AEC indicated that two significant problem -
areas existed in the computer operations of his organization. One re-
lated to the simultaneous utilization of computer systems at both the
classified and unclassified level; this related to the security of remote
stations. A second problem area in AEC operations was the security
of the store and forward switch at the Sandia Corporation.
14. Mr. Allen of Navy pointed up the multi-level problem from a
somewhat different standpoint, noting the desirability in "debugging"
operations of obtaining a core dump; since the system to which he was
referring is utilized at various security levels, often the programmer
4
S-E-C-R-E-T
STAT
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
tJ
v '
IBSEC-CSWG-M-2
2 July 1968
requesting the core dump is not cleared for access to all material
resident in memory. Mr. Allen also mentioned the problems caused
by the utilization of "substitute" maintenance personnel for handling
system failures during non-duty hours, when such personnel have a
lower clearance than that ordinarily required to service the equipment.
15. Col. Koenig, speaking for the Army, accented the problems
of file and software integrity and the introduction of unclassified
terminals on classified systems. Commenting on Mr. Brady's and
Col. Koenig's reference to this procedure of allowing unclassified
and classified operations to utilize the same time-sharing system,
the Chairman noted the dangers of spillage and possible penetration
of the classified portion of the system from the unclassified terminal.
16. In order to form the basis for a comprehensive picture of
the computer problems facing the community, the Chairman requested
that each participant prepare in writing for the next meeting problem
areas in the ADP environment as they relate to their separate agencies.
It is anticipated that a composite enumeration of these problem areas,
their scope and priority can then be prepared.
17. Identification of Current Computer Security Regulations:
Time did not permit during the instant meeting a prolonged discussion
of what regulatory issuances exist in the community in the area of
computer security. Col. Koenig provided copies of Army issuances
in this regard and suggested that a bibliography of such regulations
be prepared by the Working Group. The Chairman requested that
individual members, if possible, provide him with copies of such
regulations, instructions, etc. , so that they may be made available
to the group as a whole.
18. Need for Standardized Computer Tape Labeling Procedures:
The Chairman pointed out that during the previous two weeks, he had
been requested on behalf of COMIREX to conduct a survey of what
procedures are currently utilized by the community for the labeling
of computer tapes, particularly as they are transmitted from one
organization to another in the government. He pointed out that the
lack of standards for identifying tapes often caused such tapes to be-
come lost, misplaced, or unidentifiable. Four areas of identification
for such tapes were noted:
a. Security classification and dissemination controls;
5
S-E-C-R-E-T
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9
? ? " - - - .K - -
IBSEC-CSWG-M-2
2 July 1968
b. Subject or topical matter;
c. Technical characteristics;
d. Identification of originator and/or user.
Col. Koenig indicated his belief that a draft standard for tape labeling
had been disseminated for coordination in the government sometime
during the past year. The Chairman noted that the Bureau of Standards
had suggested certain criteria for standardization of tape labels during
1967, but that to his knowledge, they had not been promulgated. Sub-
sequently, Col. Koenig contacted the undersigned to relate that this
proposed NBS tape labeling standard applied to internal labels. It was
anticipated that the topic of labeling standards would be pursued at a
subsequent meeting with a view towards considering the feasibility of a
joint Security Committee/MC effort to establish basic labeling criteria
for computer tapes in the intelligence community. However, further
discussion was deferred.
19. The Chairman solicited the interest of Working Group members
in an occasional briefing on community efforts in the ADP field as they may
create or compound community computer security problems. He sug-
gested that Chairman of the COINS Committee provide STAT
a briefing on that project and its security problems at the next meeting. All
exhibited interest in such a briefing, and arrangements are being made for
to address the Working Group. STAT
20. The next meeting of the CSWG will be held on 16 July 1968 at
1330 hours in Room 4E-64, CIA Headquarters building.
IBSEC/CSWG, Chairman
6
S-E-Ct-R-E-T
Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550027-9