INFORMATION SYSTEMS BOARD

Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 INFORMATION SYSTEMS BOARD Thursday, 15 January 1987 1400 - 1530 Place: 7D64 HQ Agenda 25X1 I. Briefing by Director, DCI COMPUSEC Project on "The Security Threat to Intelligence Community ADP Systems" II. Approval of Information Technology Policy (attached) Next Meeting: Monday, 2 February 1987 1400 - 1530, Rm 7D64 HQ Topic: FY 89-90 New ADP and Communications Initiatives CONFII IAL Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 UNCLASSIFIED Statement of the Information Systems Board on the Information Technology Strategy for CIA At an offsite conference in November, the Information Systems Board -- chaired by the Executive Director with the ADDS&T, D/OIT, D/OC, D/OIR, C/IMS, and Deputy Comptroller as members -- met to discuss pressing information technology issues. At its December meeting, the Board adopted a broad set of principles to guide the Agency's automated information systems and communications networks, and agreed that these would be shared widely with employees. Those principles appear at the end of this memo, and all employees are invited to contribute their thoughts and suggestions on any aspect of this policy and how we can best achieve these goals. You STAT can do this by writing to AIM or to the Executive Secretary, ISB, room 7E12 Hqs. We may not be able to respond to all your thoughts individually, but the Board will read everything you send. Also at the November meeting, the Board made explicit the logic and assumptions it used to derive this policy and agreed that this context should also be shared. The following then is a brief statement of the Board's general appreciation of the information technology Issues confronting the Agency and the principles that will guide our search for solutions. UNCLASSIFIED Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 UNCLASSIFIED Background It is obvious that we are confronted with an extended and expanded information "explosion." Automated information technology is becoming increasingly central to our ability to function effectively as we create more impressive ways to collect information, find new sources of valuable unclassified information, and seek to serve a policy-making community with a seemingly bottom-less appetite for intelligence on a rapidly changing and growing number of issues. Although the technology that is helping to create the "explosion" can also help us manage it, we need to more effectively integrate that technology into our systems and networks. In particular, the rapidly Increasing capability (at rapidly decreasing cost) of personal computers is already encouraging the acquisition of small systems for specific problems or functional areas -- without considering the eventual need to integrate these into the total network. Integration is an essential goal if we want to communicate electronically with each other. It is essential if we are to master the security challenge presented by these new capabilities. It is essential if we want to avoid the high cost of maintaining an _ excessively diverse array of equipment. And it is essential to insure that our training efforts are not overwhelmed by the demand for training on dozens of different systems, and to avoid a situation in which each of us has to learn how to use a new system with each new assignment. UNCLASSIFIED Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 UNCLASSIFIED We want to exploit the solutions to our problems that American enterprise offers, but we must also get maximum benefit for the money invested._ Too many different solutions can be as costly and cumbersome as too few. Nor can we afford to dawdle in coming to grips with these issues. Young people entering our workforce are more and more accustomed to working with computers, and current employees are rapidly becoming "computer literate." Our sense is we must challenge them and give them a voice in determining what tools they will use if we want to keep them and effectively harness their energy and creativity. The following statement of principles is intended to guide all Agency employees -- both customers and suppliers of information technology services. Although the language of this statement is necessarily general and broad in scope, many specific supporting actions and programs are underway in each directorate. Because we all have a stake in the best information systems we can afford, the Board will monitor these various activities and will report to Agency employees regularly on the progress made toward achieving these goals. UNCLASSIFIED Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 UNCLASSIFIED The Information Technology Policy of the Central Intelligence Agency ? -- We are dedicated to improving the quality and efficiency of our work and solving intractable substantive problems. We will exploit information technology whenever possible to achieve these goals beginning with a workstation for every employee who requires one as soon as possible. -- We are committed to a stable and continuous program to ensure secure data processing and telecommunications with well-publicized and well-enforced security standards governing our systems and rules governing system use. -- We intend to create an information technology environment in which individual creativity thrives but where corporate requirements, not personal preferences, form the basis for decisions. -- We are committed to a "federal system" of information technology management in which corporate services are centrally controlled and managed, customer-specific services are the responsibility of individual components and all responsibilities are clearly defined. -- We will establish an integrated and internally compatible network based on cooperatively determined and centrally enforced technical standards and solutions for acquisition. -- We intend to introduce advanced technology and innovative UNCLASSIFIED Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7 UNCLASSIFIED solutions to our information handling problems systematically and cooperatively and to avoid the extremes of becoming wedded to outmoded technology on the one hand or constant change and disruption to our systems on the other. -- We are committed to the development of a career management system that will attract, hold and motivate the best information technology specialists available. -- We intend to develop techniques for better understanding the costs and requirements of changes to our systems, managing our resources, and making more informed investment decisions. UNCLASSIFIED Declassified in Part - Sanitized Copy Approved for Release 2012/08/23: CIA-RDP90G00993R000300390014-7