LETTER TO JAMES A. WILLIAMS FROM JOHN N. MCMAHON

Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7 S-E-C-R-E-T Central Intelligence Agency Lt. General James A. Williams, Director Defense Intelligence Agency Washington, D.C. 20301 In response to your memorandum of 11 October 1984, I have asked my Director of Security to have his computer security group immediately resume discussions with your security and engineering staffs. Recognizing the urgency of the matter, I am confident this effort will result in a timely solution to the problem. The Office of Security's Information Systems Security Group (ISSG) has long been attempting to determine if compensating safeguards can be substituted for the requirement for dedicated connections for DESIST terminals. I would like to reemphasize that the Office of Security position is not to deny access to DESIST data, but rather to insure that sufficient safeguards are in place for the control of information. As our respective staffs have discussed, the military commands having legitimate access to ORCON data, cannot redistribute or further disseminate that data without originator approval. The military command host computers in question, however, have no controls of which we are aware that can restrict further dissemination of this data, either within the user host computer or secondary distributions across the network. This leads us to the requirement for direct-connected terminals over dedicated circuits. It is the method we our- selves invoke to allow users with access to ORCON data to be in compliance with the national directives for the control of ORCON data. You will recall that we suggested several alternatives to dedicated terminals, and I am sure that your people can develop others. With this in mind, ISSG has arranged to meet with their OS 4 5293/1 C 16& Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7  Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7 counterparts in the Defense Intelligence Agency on 25 October 1984 to continue working towards a resolution of this important issue. Sincerely, John N. McMahon Deputy Director of Central Intelligence DDA/OS/PTAS/ISSG 18 Oct 84) Retyped/D/S:laj UCt 84) Distribution: Orig - Addressee 1 - ER 1 - DDA 2 - D/Security 1 - OS Registry 1 - OS/ISSG Subject Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7  STAT Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7 Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7  Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7 18 OCT 1984 FROM: MEMORANDUM FOR: Deputy Director of Central Intelligence VIA: Deputy Director for Administration Director of Security 1. Action Requested: Request vour concurrence and 25X1 signature for the attached letter. 2. Back round: Lt. General William's memorandum, dated 11 October 1964, recommends that our respective computer security groups and engineering offices begin discussions to reach a compromise position which would allow the Defense Intelligence Agency (DIA) network access to DESIST. DIA cites 25X1 the cost of direct connections as being prohibitive. Our offices have already discussed using the Defense Intelligence Information System Network (DODIIS) Network Security for Information Exchange (DNSIX) front end processor for network access to DESIST when it becomes available in 1986. When available, DNSIX would satisfy security requirements. Recently, our computer security group has been informally advised that DNSIX will not be available until the 1988/1989 25X1 timeframe. Network access to the DESIST data base makes it more difficult to control ORCON data as it enters the network and other computers. A combination of compensating safeguards, such as an application of the GUARD concept for release of data or data encryption standard privacy channels for DESIST data within a network, may be used as an alternative to direct-connected terminals. There are dollar costs and time delays associated with implementation of any safeguards, and these costs may 25X1 exceed DIA's estimate for direct terminals. 25X this memorandum and coordinated in its contents. 3. Staff Position: The Office of Data Processing and the Office of Global Issues were consulted in the preparation of (lc A C')C 2 Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7  Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7 S-E-C-R-E-T DDA/OS/PTAS/ISSG/I I(18Oct84) Distribution: Original - Adse - ER 1 - DDA 1 - D/Security 1 - OS/Registry 1 - OS/ISSG Subject C-R-r-D-F-T Approved For Release 2009/08/17: CIA-RDP87M00539R000901160005-7