PROPOSAL FOR CENTRALIZED COMMUNITY BIBLIOGAPHIC AND DOCUMENT RETRIEVAL SYSTEM

Approved For Iea M $ : i P83T0057 00010012002 ODP-9-480 SAF-E059-79 23 March 1979 MEMORANDUM FOR : Associate Deputy Director of Administration FROM 25X1 A Director, consolidated SAFE Project Office/ODP SUBJECT : Proposal for Centralized Community Bibliographic and Document Retrieval System 1. As you requested on 28 February, I have reviewed the proposal made to the Chairman of the Intelligence Handling Committee to provide the subject service to the community. In 25X1A particular, I asked to review the security implica- tions of the service as proposed. 2. As noted in the attached memorandum, the accessing of the RECON data base by both the community and internal Agency users presents security problems. It appears that some of the data in this data base requires controlled access and must be screened out for outside users. If open access is given by the COINS network to this file, then about 164,000 records would have to be eliminated from the file. This would mean that internal users of that file would not have access to the com- plete file. Alternatively, external requests could be screened by a human intermediary such that the same files could be used for all users. Given the small number of external queries pro- jected, this would appear to be the preferred method of operation. 3. Given the security considerations attached and the un- desirable cost of duplicating the service, it would appear that an internal service for free access by the Agency, but providing screened access to external users, would be the least expensive alternative. It should also be capable of sustaining the ex- ternal load as projected. 4. These bibliographic files are indeed the files to be used on the SAFE system and hence any extension of current capabilities should be coordinated with the SAFE program to avoid developing this capability twice. If the IH C initiates a study on this subject, we would be happy to participate. Approved For Release 2 Oq / ~~Q` T00573R0db~#0 Ze7omes UNCLASS'.F'-., when separated from atra:nment.  Approved ForW6teleas6 "' FN~F- tU1P83T00570001 00120022-7 SUBJECT: Proposal for Centralized Community Bibliographic and Document Retrieval System 5. I trust that either you or Mr. Eisenbeiss is still the representative for the IHC. I would be glad to discuss this further if you would like. 25X1A cc: Acting Director of ODP Director of OCR Approved For Relea A /4/ 8 T4 LP83T00573R000100120022-7  Approved For44elease 2002/01/08 : CIA-RDP83T0057 00100120022-7 ODP-9-428 SAF-E046-79 14 March 1979 25X1A MEMORANDUM FOR: Director, Consolidated SAFE Project Office/ODP FROM SAFE Security Advisor SUBJECT Proposal for Community Access to the Bibliographic Files Supported by RECON 1. Before addressing the specific questions from D/ODP on the buckslip attached to ODP-8-2184, 25 January 1979, I read the memo to gain necessary background. It presents the subject proposal to the DCI Intelligence Information Handling Committee and develops three options for implementing the desired service. These are: 3a. Off-Line Service, 3b. Direct On-Line Service and 3c. On-Line Service through Intermediaries. The last, 3c. is impressive for the following reasons: (U) a. Provides a high degree of security without system complications. (U) b. Is economical because it places the "filters" on the side of RECON where there is the least activity and because it does not require duplication of hardware or data. (U) c. Is flexible and provides a smooth transition for the non-CIA users when RECON-supported bibliographic files become the Central Index File for SAFE. (U) d. Provides a customized service for the diverse requestors by knowledgeable "librarians" so that much training and unwanted output can be eliminated. Because only 10 queries per day are reported now with an eventual growth projection to 50 per day later on, this method should remain economically feasible and responsive. (U) 2. Preparing to answer the buckslip questions (copy attached), which are primarily associated with the 3b. Direct On-Line option, I discussed the matter with OCR/SAS, OCR/ISG/SAIO, OS/ISSG and various CSPO personnel to gather ORIGINAL CL BY (a 7 (~t~ `f DECL ^ REVV'd Approved For Release 2002/01/08 : CIA-RDP8 f Ag~ OD 7~-`~ 6 i i'u 3 S L.r ,~ 1 1A REASON  Approved For'Iease 2002/01 0'8` tI1 2RbP83T0057 00100120022-7 information and statistics. All were most helpful. From a security viewpoint, this option is the least desirable. However, certain general minimum security requirements can be identified. More might be necessary later on based on further details of the plan. (A-IOU) a. The RECON terminals and printers at the non-CIA facilities would have to be dedicated and in areas meeting the requirements of tzh Combined Minimum Security Standards for Compartmented Information. These standards include physical, personnel and -technical security. The link to RECON would have to be via an approved encrypted communication channel. (U) b. A "duplicate" data base of some sort will be needed as the least problematic way to serve the CIA users. A number of the ways you have suggested to provide parallel or serial updating of the bases sound promising. Because there are so many more CIA users even now - about 300+ generating nearly three times as many queries as non-CIA - it is imperative to provide them direct access to a data base without "security gateways" (if such were available) or any other impedance to good service. As stated above, the outside use for which the dedicated host is suggested will start with an average of ten queries per day with a projected growth to fifty per day. (U) c. Another reason for a "duplicate" data base (and the reason for the quotation marks) is to retain present day dissemination restrictions. In the current off-line method of handling outside users, the OCR personnel screen out some requests or limit the response based on dissemination controls imposed on certain files by the data owners. A comprehensive, double layer set of codes is associated with the records for this purpose. About 164,000 records would currently be limited or screened out from an NFIB requestor. For an off-line or human intermediary system, spillage would present no serious problem. But for an interactive system for non-CIA users, a data base should be provided devoid of the restricted items so that the software does not have to be trusted to provide the control. (C) Approved For Releas 2y0d1: q& RQP83T00573R000100120022-7  Approved For#MIea iIl hJi3t dIi DP83T0057 D00100120022-7 d. Depending on the file update method chosen for the two versions of bibliographic files, provisions would have to be made in the SAFE design to securely accommodate the communications for update. A twisted pair in the secure distribution grid could later be replaced by a dedicated channel on the WBCS when SAFE makes this available. (U) e. The transition from the current RECON system to the Central Index File of SAFE would also have to be addressed in the SAFE plan. Would it be possible, for instance, to install the "internal" version of the RECON-supported files directly in the SAFE Center-to-be? Or must a temporary secure home for it be provided which would be phased out later? The other transition would be in terms of the growth in internal users from the 300 mentioned above to the total SAFE user population. (U) f. If any new kind of access is approved for non-CIA users, thisc-iange would have to be submitted to the data owners involved in the RECON-supported files for their concurrence. Their willingness to provide certain sensitive files to the present system might have been based on trust in the dissemination controls built into a human intermediary system. DDO would be especially sensitive to this. (C) 3. All questions on the buckslip have been addressed in the above security requirements. In addition, other restraints are mentioned which go beyond the questions but which are pertinent. The guidance does not rely on security technology still developmental because IOC for RECON community use could be about a year after approval. Incidentally, the choice of 3a. (the slight enhancement of the current method) or the 3c. On-Line Human Intermediary options would allow easier implementation, although the remote terminals of 3c. would also have the requirements of Paragraph 2a above. (U) 25X1A Attachment: buckslip Approved For F,e,#ere?fs.1~d,~lA-RDP83T00573R000100120022-7  Approved For '20Dl?A 1N8 : Al-RDP83T0057 +b00100120022-7 Distribution: D/CSPO/ODP C/ISSG Al P. Chrono ODP Registry Approved For Relea I2b  2 8 FEB 1979 MEMORANDUM FOR: Approved For Release 2002/01/08 : CIA-RDP83T00573R000100120022-7  Approved For Release 2002/01/08 : CIA-RDP83T00573R00010012002 ODP-9--435 15 MAR 1979 "1 MORA-1DUM FOR: Chief, Information Systems Security Group, Office of Security FROM ~ 25X1 A Chief, Management Staff, 01W SUBJECT Proposal for a Centralized community Bibliographic and Document Retrieval System Operated by CIA 1. During our meeting on 12 march with the Director, of Data Processing, we briefly discussed a proposal that the Intelligence Information {andling Corn ittee study the feasibility and desirability of adopting CIA's '?FCO11 bibliographic index and ADSPAR micrographic document storage and retrieval system as a Centralized Intelligcric^ Community Bibliographic and Document Retrieval System, managed and operated for the Community by CIA. A copy of the proposal, that was made by the CIA ":er, I'C - Clifford D. ,*ay, Jr., is attached for your information. 2. Inasmuch as considerable interest in the pro- posal is being expressed by IUC Committee nember. s , this matter is called to your attention because of the possible curity implications. 25X1A Attachment ODP-8-2184 cc : SO/0011 - X7/o Attachment NEMOX DISTRIBUTION: Original and 1 - Addressee 2 - O/D/ODP ) t m-r 1 - MS Chrono 25X1A ODp 2 - ODP Registry ~P$Po M4AP CIA-RDP83T00573R000100120022-7  Al NO1 WILL C-)4rCRt`CLA5.lfflVCA%"VuN YOf ANO fgf",^'Y'r,xe ? OFFICIAL ROUTING SLIP NAME ANO AOQI USS' DAT'L INIrfAL3 II ICDA Z 6 ACTION AIRECT REPLY PREPARE REPLY APPROYAL DISPATCH RECOMMENOATIOH COMMENT FILE RETURN ONCURRFNCE _ NFORMATION SIGNATURE Remarks: `/"6 FOLD MERC TO RETUf1N TO 8LNDER oved Fir'~I~s~~2(~21~1+~?Ss?~Ql-Ar~F~$~00 - r 7