COMPUTER SECURITY SUBCOMMITTEE OF THE DIRECTOR CENTRAL INTELLIGENCE SECURITY COMMITTEE

Declassified in Part - Sanitized Copy _)Approved for Release 2013/04/10: CIA-_RDP89B01354R000400510016-5 1,17,1 DIRECTOR OF CENTRAL INTELLIGENCE Security Committee DCISEC-CSS-M99 25 March 1977 COMPUTER SECURITY SUBCOMMITTEE OF THE DIRECTOR CENTRAL INTELLIGENCE SECURITY COMMITTEE ? Minutes of Meeting . Held at CIA Headquarters Langley, Virginia 25 March 1977 L, The ninety-ninth meeting of. the Computer Security Subcommittee of the Director of Central Intelligence Security Committee was held between 0930 and 1300 hours .on 25 March 1977 in Room 7F21, CIA Headquarters Building. In attendance were: Mr. Thomas Wasczykowski, FBI Member Mr. Mr. Mr. Mr. Robert Kyanko, Treasury/USSS Member George Herrmann, State Member Robert Cameron, Navy Member James Studer, Army Member (-apt. Ronald Pherigo, Air Force Member miss Concetta Conigliaro, State Alternate ? 25X1 25X1 25X1' 25X1 25X1 Mr. Eugene Epperly, Office of Secretary Defense (Comptroller), Observer LCDR Dean H. Beyer, Joint Chiefs of Staff, Observer CON F .E.77N Ti A i Declassified in Part - Sanitized Copy Approved for Release 2013/04/10: CIA-RDP89B01354R000400510016-5 Declassified in Part- Sanitized Copy Approved for Release 2013/04/10: CIA-RDP89B01354R000400510016-5 ? kArati 2.- The.security level of the meeting was TOP SECRET SI. 3. The Issues of Draft DCID 1/16: The members of the Subcommittee have not met as a formal body since late August 1976. However, a nucleus of the membership have been diligently meeting and working as an ad hoc group in an attempt to refine and improve upon the 16 March 1976 draft version of. DCID 1/16. During this period, two versions of DCID 1/16 have emerged; the first is a January 1977 version and the other is a February 1977 version. The January 1977 version defines Classified ? Foreign Intelligence as "specially caveated...information (1) on the capability, intentions, and activities of foreign powers, organizations, or their agents; (2) concerning activities conducted to protect the United States and United States citizens from foreign espionage, sabotage, subversion, assassination or terrorism; and (3) concerning methods of Collecting foreign intelligence, sources of foreign intelligence' (whether human, technical, or other), and methods and techniques of analysis that is designated by an Intelligente Community organization of the United States Government (as set forth in E. 0, 11905) as requiring:a specific degree of protectionainst unauthorized disclosure, modification or destruction for,aasons of national security." Also in this version is the Expanded Compartmented. Mode. This mode states that "Individual NFIB members, on a case by case basis, may authorize designated remote terminals and peripheral devices secured to the SECRET level, and/or personnel cleared for SECRET material access to an ADP system operating in the Compartmented Mode. The above provision'shall,-a'pply only after the NFIB member has made a determination that to operate an ADP system in the Compartmnted Mode without this option would significantly impair the-mission execution capability of a NFIB agency or .department. The NFIB member, before approving an operation in this mode, will ensure that other security capabilities within the system have been strengthened, e.g.,' increased physical protection and increased hardware/software controls. As a minimum; the NFIB member will ensure that a Remote Terminal Security Officer (RTS0) cleared for access to the highest level of information being processed by the ,system, is present, during all periods of operations, in those facilities where SECRET cleared personnel access the ADP system's resources through remote terminals and/or other peripheral devices." These two issues continue to be the sources of controversy among the members of the SubcoMmittee. The Chairman of the Security Committee requested that a vote be taken in the Agency's and Department's of the Subcommittee membership on 2 CO.NinDt4NTIAL. Declassified in Part - Sanitized Copy Approved for Release 2013/04/10: CIA-RDP89B01354R000400510016-5 Declassified in Part - Sanitized Copy Approved for Release 2013/04/10: CIA-RDP89B01354R000400510016-5 AL the January 1977 version. The vote was accomplished and the resultS revealed that six (6) members disapproved of the aforementioned two issues being in the draft DCID 1/16. The remaining four (4) members approved Of the January 1977 version in principal, with some editing to be accomplished. The Chairman of the Subcommittee presented these vote sheets with their comments to the Chairman; Security Committee, at his request. The Security Committee Chairman reviewed this vote action and requested a re-write of the draft DCID 1/16 to reflect the majority opinion. Thus, the February.1977 version was written. This version was prepared by NSA and CIA at the request of the subcommittee Chairman. It deletes the Classified Foreign Intelligence definition and substitutes, "The term "foreign intelligence" as used in this directive is set forth in E. 0. 11905 and is so designated." It further deletes the Expanded Compartmented Mode entirely. It adds "No exception can be granted which would allow personnel cleared less than Top. Secret 1 to request access to an ADP system or network, which contained Sensitive Compartmented Information. The footnote 1 after Top Secretequires the clearance be granted based On the requiremental DCID 1/14. The February-1977 version was given to the Chairman, Security Committee who in turn handed out copies to the membership of the Security Committee. A meeting of the Security Committee was held at which many subcommittee members were present. , Controversial discussion ensued at this meeting on the afore- mentioned issues. This resulted in the Chairman, Security' Committee requesting the Subcommittee to meet for the-purpose of preparing footnotes by the disagreeing members on the February 1977 version.. The due date for the footnoting was fixed for 15 April 1977. Thus, the 25 March 1977 meeting was convened. The four dissenting members, Air Force, Army, Navy, and DIA presented case studies to illustrate their problems should the February 1977 draft be adopted. Again, controversial disscussion ensued on these issues. The. NSA member suggested that an attempt be made to resolve these issues by meeting with the Air Force ? -and any other members interested are welcome to attend. The Air force member Stated that he believed the issues could not be resolved at the subcommittee level and declined th NSA suggestion. The DIA member pointed out that the requirements of DCID 1/14 for a background investigation should not be applied to TOP . SECRET collateral clearances. He indicated that DIA's interpre- tation of classified foreign intelligence as stated in E011905 should not apply to unclassified material or foreign counterintel- ligence. 3 CONFIDENTIAL Declassified in Part - Sanitized Copy Approved for Release 2013/04/10: CIA-RDP89B01354R000400510016-5 Declassified in Part - Sanitized Copy Approved for Release 2013/04/10: CIA-RDP89B01354R000400510016-5 The membership discussed the automated systems that were ?presented as examples. The NSA member pointed out that these systems Were of the tactical variety and their accessability Was clearly defined on a functional basis during design: General purpose systems allowing numerous kinds of Activities. and accessabilities present a .risk that is not acceptable. The NSA member, stated that general purpose processing is the basic concern of DCID 1/16. She felt that if and when the February 1977 draft is published, the subcommittee should address chang4s in the Dcip 1/16 by defining computer operations on 4 functional basis. She believes this 'mould require a year of effort by the subcommittee. ? The meeting adjourned with no resolutions. The Chairman announced that this effort on DCID 1/16 would resume on 1 April 1977 at0930 hours. 5. Other Business - No new business was presented. 25X1, Executive Secretary Computer Security Subcommittee 4 CONFIDENTIAL ? Declassified in Part - Sanitized Copy Approved for Release 2013/04/10: CIA-RDP89B01354R000400510016-5