DRAFT NATIONAL POLICY ON TELECOMMUNICATIONS AND AUTOMATED SYSTEMS SECURITY

Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6 ROUTING AND RECORD SHEET SUBJECT: (Optional) Draft National Policy on Telecommunications and Automated Systems Security . FROM: EXTENSION ~ ~ TE C/OC-MLS ~ 17 February 1984 TO: (Officer designation, room number, and DATE building) OFFICER'S COMMENTS (Number each comment to show from whom INITIALS to whom. Draw a line across column after each comment.) RECEIVED FORWARDED EA DD I Hqs 7E12 - 2. 3. API 5. 6. 7. A T 8. 9. 10. 1 1 12. 13. 14. 15. FORM 61 0 USE PREVIOUS 1-79 EDITIONS Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6 CONFIDENTIAL 17 February 1984 SUBJECT: Draft National Policy on Telecommunications and Automated Systems Security 2. I explained to Mr. deGraffenreid that I had sent the attached memo and was meeting with him in advance of the Community-wide 17 February meeting because I did not want to surprise him at that larger meeting with Agency objections; I thought it would be to our mutual benefit to discuss such objections one-on-one in advance. 3. Mr. deGraffenreid noted that my memo raised two cate- gories of objections. The first included specific problems that might be correctable with relatively minor changes. The second was a larger philosophical disagreement over whether or not communications security and computer security should be covered by one directive/policy/procedure or by two. I pointed out that our preference was two, and I so stated for the record; however, if ittwere elsewhere decided that it.should be one" document,,,.we wouldnot withhold our concurrence soleX on the one document-two document issue. I thought Ihad put the matter to rest., but Mr. deGraffenreid returned to it several times during the meeting. He emphasized that he was under direction to consolidate the two disciplines into one document, but when I pressed him to learn who had so decided/decreed, his only response was "my leadership." 4. In discussing our specific objectives, Mr. deGraffenreid appeared to show considerable flexibility. According to him, many of the interpretations we were giving to the draft were not as he had intended them. He seemed more than willing to rewrite, or to accept our suggested rewrite, of a number of paragraphs in WARNING NOTICE-INTELLIGENCE SOURCES OR METHODS INVOLVED CONFIDENTIAL Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6 the draft in order to satisfy Agency concerns. It was agreed that we would submit, within the next several weeks, specific wording for the NSDD. 5. Mr. deGraffenreid noted that the.17 February meeting was not intended to be a decision session, but rather a session to elicit reactions to the draft. He stated that the Agency response was the first written response he had received. 6. Following this meeting and without aff nreid, we empha- met with of the IC Staff. Mr~r sized in very-strong terms that one document joining communi- cations and computer security would be unenforceable and unmanageable at this time. While I did not disagree, I stated that my instructions are to avoid that issue and to concentrate on protecting the DCI's authorities. We agreed on a two-stage approach. I will continue to seek rectification of the specific problems that we see with the present draft. Separate from that, I will seek clarification on the Agency's position on one versus two documents, and then proceed accordingly on that matter. Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6 1..UNVIUtlNIIAL OC mt_S-rr~By-O// V iJ MEMORANDUM FOR: Mr. Ken deGraffenraid National Security Council Chief, Management and Liaison Staff, DDA/OC SUBJECT: Draft National Policy on Telecommunications and Automated Systems Security 1. The responsibility for reviewing the subject proposed NSDD and representing the DCI at the February 17 meeting was delegated to the Director of Communications by the DDCI. We attempted but were unable to arrange an informal meeting with you to discuss areas of concern within the Agency which are: a. The letter of transmittal from the NSC states that "it is intended that the machinery established by the NSDD would initially focus on those automated systems which are connected to telecommunications systems." The body of the proposed NSDD does not follow this statement of intent and is all inclusive for "automated information systems'which create, prepare, or manipulate information in electronic form for purposes other than telecommunications, and includes computers, word processing systems and associated equipment." (emphasis added) b. The proposed NSDD does not accurately recognize the DCI's statutory responsibilities and authorities. Encroachments include: (1) the development of consolidated resources and budget which could both dilute the DCI's responsibilities regarding formulation of the NFIP and impact Intelligence Community priorities; (2) the proposed NSDD implies that the Director, NSA will take sole responsi- bility for assessing and disseminating hostile threat infor- mation, thereby removing related analytical missions of the CIA, FBI and DIA; and (3) a requirement that the DCI "coordinate unique requirements pertaining to the protection of intelligence sources and methods" with the Steering Group, the NTISSC and the Director, NSA. WARNING NOTICE INTELLIGENCE SOURCES OR METHODS INVOLVED CONFIDENTIAL Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6 CONFIDENTIAL SUBJECT: Draft National Policy on Telecommunications c. The missions and functions of the Interagency Committee on Foreign Real Estate Acquisition in the U. should be as stated in the original PD/NSC-24. d. There are a number of initiatives mandated by PD/NSC-24 that have not been completed for a number of reasons. The abrupt termination of these initiatives would countermand the thrust of PD/NSC-24 to eliminate the reliance on microwave and the vulnerability to intercept of telecommunications by an adversary. e. Under PD/NSC-24, there is an inter-agency mechanism for publishing coordinated national policy and standards. Under the propose SDD t is responsibility is delegated to the Director, NSA, and there is no mechanism for coordination. 2. Although there is philosophical agreement that separate NSDD's for computer security and for communications security might leave gaps in the protection of automated information systems as the technologies of the two disciplines' converge, we are concerned about the feasibility of managing a consoli- dated effort, particularly in view of the expanded scope of the proposed NSDD. We would prefer an NSDD that addresses the com- munications security issue only, with a separate or consolidated approach after the panel completes their study. 3. If you would like to discuss any of these point to the February 17 meeting, I can be reached on Secure or ORIG: OC-csD/PPB3 Distribution: Orig/- Addressee .X - 0C- 1- OC/OL/ INC 1 - OC-CSD Chrono 1 - OC-COD Record 13 Feb 84 CONFIDENTIAL 25X1 25X1 25X1 25X1 Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170039-6