COMMUNITY-WIDE, COMPUTER-ASSISTED COMPARTMENTATION CONTROL SYSTEMS (4CS)

Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 UNITED STATES INTELLIGENCE BOARD INTELLIGENCE RESOURCES ADVISORY COMMITTEE USIB/IRAC-D-9. 5/17 19 September 1975 MEMORANDUM FOR: The United States Intelligence Board The Intelligence Resources Advisory Committee SUBJECT : Community-Wide, Computer-Assisted Compartmentation Control Systems (4Cs) REFERENCES : a. b. USIB-M-669, 30 May 1974, Item 5 USIB-D-9. 5/16, 30 October 1974 1. The enclosed memorandum on the subject, with its attachment, from the Chairman of the Security Committee is circulated for consideration. The Security Committee recommendations are contained in paragraph 6 of emorandum. The attachment is a report of the Security Committee Working Group on the follow-on study which the Board agreed to support after the Security Committee recommended rejection of the CLAIRE concept. 2. It is planned to schedule this subject on the USIB agenda for Board consideration at the 25 September meeting. A tin Executive Secret ry STAT STAT Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 UNITED STATES INTELLIGENCE BOARD Enclosure SECURITY COMMITTEE USIB /IRAC-D- 9. 5 /17 19 September 1975 17 September 1975 MEMORANDUM FOR: Chairman, United States Intelligence Board SUBJECT . Community-Wide, Computer -Assisted Compartmentation Control System (4Cs) REFERENCE . (A) (B) USIB-M-669, 30 May 1974, Item 5 USIB-D-9. 5/16, 30 October 1974 1. Attached is the report of the Security Committee's working group on the follow-on study which the Board agreed to support after the Security Committee recommended rejection of the CLAIRE concept. 2. Toward a goal of inducing economy and efficiency in the community's management of compartmented clearances, the representatives of CIA, DIA, Army, Navy, Air Force, State, ERDA and NSA developed and costed a design to meet their requirements in this area. The configuration of this system calls for a central facility in the form of a secure dedicated minicomputer in one agency connected to remote terminals in other agencies. 3. The design permits registration of approximately 300, 000 individuals, each of whom can be credited with 1, 000 clearances. The design is open-ended and more storage capacity can be added. The design provides for expansion capabilities but is limited initially to use in the Washington area. The design also provides for a suppression capability to limit access to certain personnel and/or clearances to the inputting department if this feature is desired. 4. The central facility would cost approximately $431, 707 and require monthly personnel costs of $13, 333 and maintenance costs of $2, 267. Departments and agencies perceive the need for Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 Enclosure USIB/IRAC-D-9. 5/17 19 September 1975 terminals of different configurations to satisfy unique requirements. The projected costs of these terminals are: A enc Equipments Monthly Maintenance DIA $ 72,900 664 Army 72, 900 664 Air Force 52,822 471 Navy 69, 107 616 CIA 61,237 561 NSA 37,570 320 State 32,570 290 ERDA 29,329 160 5. The participating members endorse this concept and the FBI and Treasury Department, while not represented on the working group due to small need for such a facility, also endorse the proposal. 6. Recommendations The Security Committee believes that this computer-assisted compartrnentation clearance control procedure is feasible and cost- effective, and recommends: (a) That USIB endorse the concept and authorize its implementation. (b) That the Office of Joint Computer Services, CIA, be designated as executive agent for implementation and operation as a service of common concern (c) That the CIA fund purchase and maintenance of the central facility to be located in CIA. Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 (d) That the departments and agencies fund the costs of selection, purchase and installation of terminals configured to meet their perceived needs. STAT Attachment 4Cs Report Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 Attachment 1 USIB/IRAC-D-9. 5/].7 Requirements for a Community-Wide, Computer-Assisted Compartmentation Control System (July 1975) Security Committee Task XI-I Attachment: Supporting Facts and Observations Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 Attachment 1 USIB/IRAC-D-9. 5/17 Report of the Working Group of the USIB Security Committee on Requirements for a Community-Wide, Computer-Assisted Compartmentation Control System 1. Introduction This report was prepared by a Working Group of the Security Committee of USIB with representation from CIA, Chairman, DIA, Army, Navy, Air Force, NSA, State and ERDA. The FBI and Treasury declined participation although they expressed interest in the study. The report satisfies requirement of a task by the Security Committee in November 1974 to conduct a study of the intelligence community's requirements and devise a concept for a viable cost- effective procedure to assist in control of compartmented accesses. The Working Group first assembled requirements of the community members and then submitted a statement of needs to system design personnel in CIA and DIA for independent feasibility and cost studies. The Working Group examined DIA and CIA proposals and selected a DIA design which the Working Group calls the "Community -Wide, Computer -Assisted Compartmentation Control System" (4C). 2. Discussion A. The recommended 4C system consists of a dedicated mini-computer containing a central data base of intelligence community access approvals. The proposed system would be developed in two phases: the first phase provides on-line remote update and retrieval capabilities within Washington area headquarters offices only; the second phase permits an on-line expansion throughout the United States. Once implemented, the system would allow participating activities direct access to sensitive compartmented information (SCI) access approvals for most intelligence community personnel in a timely and efficient manner. Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 (1) Benefits from the recommended 4C system as opposed to maintaining existing separate systems within the intelligence community include: a) Improvement of overall efficiency through uniformity of approach for security handling within the intelligence community. b) Cost advantages result which are unattainable using existing individual system to achieve the 4C objectives. c) Significant reductions in the volume of clearance certification message traffic inter- and intra- participating organizations. d) Continuous rather than limited incumbent and billet'access verification by Special Security Officer (SSO) facilities. e) Elimination of need for permanent certifications among participating services and agencies. f) Significant time savings for outlying Special Security Officer sites supporting major headquarters and subordinate elements having high volume in personnel and billet access requirements. g) Elimination of need to contact multiple sources for individual billet access approvals. (2) Specifically, the recommended system: a) Meets the basic objectives as set forth by the Chairman, Security Committee, which are: 1 Permit rapid verification of current (and future) SCI access approvals of individuals by any intelligence community organization participating in the system; Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 2 Provide access control and accounting mechanism for intelligence "bigot" lists and "bigoted" programs/projects; 3 Eliminate individual SCI access control systems within participating organizations. b) In pursuance of the above objectives, the recommended 4C system provides the following capabilities: 1 Offers participants an on-line query capability using cathode-ray tube terminals (CRT) and remote batch terminals (RBT). 2 Meets the common requirements of all member organizations for control and management of SCI access, and the DoD SCI billet structure. 3 Provides a "suppression" capability that will conceal, at the option of the inputting organization, the access authorizations and/or the existence of an individual's record from other participants. 4 Offers features for controlling the access of contractors, foreign personnel and others for whom "need to know" or release authority must be established prior to each access certification. 5 Can be expanded throughout the United States and eventually overseas, if desired. (See Attachment, paragraph 1) 6 Provides an on-line and batch update capability from remote locations and a complete audit trail to permit trace of all record changes to initiating organization. 7 Offers a record of access queries to the system. Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 B. A system designed in accordance with the 4C User Requirements Design Concept is technically feasible using either a large scale computer or a mini-computer. The recommended mini- computer system offers more advantages than the large-scale computer system (See Attachment, paragraph 2). C. Estimated costs of a system are outlined below. Costs cited are based on dedicated secure communications lines. Any existing secure communication links which can be used will reduce implementation costs. Detailed cost estimates for the below described mini-computer alternatives were derived from the DIA feasibility study. (1) Minimal System Monthly Cost ITEM Initial Cost Pers/Maint a) Central System using $ 231, 707 $13, 333/$2267 System software development costs 200, 000 Subtotal: $431,707 $13, 333/$2267 b) One basic query/update device w/commo (1200 BPS) per intel- ligence community organization. (8 ea. CRT + character printer $147,680 /$1280 MINIMAL SYSTEM TOTAL: *$579,387 $13, 333/$3547 STAT Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 (2) Washington Area R4C* ITEM a) Central System System software development costs. b) Commo (1200 & 4800 BPS and terminals (CRT w/ &w/o character printers, remote batch terminals ) fulfill Washington area require- ments as expressed in R4C concept. Initial Cost Monthly Cost Pers/Maint $ 231, 707 $13,333/$2267 200, 000 $431,707 $13,333/$2267 $411, 291 /$3746 $842,998 $13-,333/$6013 D. The 4C system is highly cost sensitive to the requirement that it be encrypted. The rationale for this requirement is discussed in Attachment, paragraph 3. E. Time to fully implement the system within the Washington area is estimated to be 18 to 30 months from time of USIB approval. The longer period considers the normal times required for require- ments analysis, system design, interagency coordination, bid request preparation/publication, vendor response preparation, vendor selection and contract award, software development/ equipment receipt and test, and system testing and training. The shorter estimate assumes extra- ordinary measures can be taken to compress the schedule. These might include: commitment of additional in-house systems analysis and design personnel, appointment of agency representatives with * R4C indicates that members of the intelligence community were interviewed to determine what equipment each agency would like to have in their terminals to do an adequate job. The exact breakdown of equipment suggested by each member was then priced to arrive at the $411, 291 figure. Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 plenary acquisition authority, and expeditious provision of necessary funding. It also assumes procurement of rom existing stockpiles or diversion ol lead time is about two years) from other projects or programs. The relatively long period to achieve operational status within only the Washington area is a disadvantage that would accompany the development of nearly any automated on-line system embracing the requirements of multiple organizations and requiring the procurement of hardware, particularly the cryptographic devices. F. Achievement of the objectives set forth by the Security Committee for creation of a community-wide system by linking together the existing systems of intelligence community members was not considered cost-effective or feasible. A discussion of this alternative is in Attachment, paragraph 4. G. Savings might be derived through implementation of the 4C System (Attachment, paragraph 5). 3. Conclusions A. The 4C System proposal satisfies the tasking requirements of the Security Committee. B. The 4C System would be cost-effective in consideration of an increase in security, savings to be achieved through elimination of separate systems, and capability to handle growth rate. C. The approximate initial costs of the R4C System with preferred terminals would be $842, 998 (with a possible variance of plus 20% to minus 10%) for implementation within the Washington area headquarters sites. Approximately one-half of this amount would be devoted to the purchase of desired terminal equipment for intelligence community organizations and one-half to equipment procurement and software design for the central facility. Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 Attachment 2 USIB/IRAC-D-9. 5/17 SUPPORTING FACTS AND OBSERVATIONS OF THE WORKING GROUP 1. Dedicated Communications Line Costs These costs are not system sensitive within the Washington area and may not be so within CONUS. However, at the point of overseas expansion of the system they will certainly become so. At that time the feasibility of linking overseas terminals through then existing switching systems should be addressed. 2. Analysis of Relative Merits of Large Scale and Mini-Computer in the Implementation of the 4C System A. Large Scale Computer: (1) Advantages b) CIA software (GIM) and software knowledge and expertise would expedite system development by an estimated ten months. (2) Disadvantages a) Available (GIM) software cannot provide both a "suppression" capability and a capability at remote terminals for programming of output products. b) "Spillage" of file data possible due to mixing of 4C System with other non-related applications possessing their own sets of terminals. STAT Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 c) Backup capability is unknown. It would require commitment of additional CIA hardware or at least assignment of a precedence to 4C sufficient to permit it to displace other applications on other hardware. (This requirement represents some as yet undefined commitment of additional resources. ) d) Expansion potential is uncertain. Other systems sharing the computer will compete for available capacity as each system expands. Once the large scale computer is saturated, there is no capability for adding small increments of capacity. B. Mini-Computer (1) Advantages a) Security maximized by not mixing file with other applications having separate terminals. b) Backup capability achieved through use of two mini-computers, a dual processor. Both contribute to normal operations; however, if one fails the system response is degraded, but it does not cease to function. Under normal conditions one mini-computer (processor) would support on-line query operations, and the other would support batch operations. c) Capacity of system can be readily expanded when operations dictate this step by purchase and installation of an additional mini-computer and disks. d) The administrative problems of competing priorities with non-related systems sharing the large scale computer are avoided. e) A "suppression" capability is possible without the sacrifice of any terminal programming capability. Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 (2) Disadvantages a) Greater initial outlay of funds required. The $226, 707 required for the mini-computer hardware at the central site would exceed the rental charges associated with the CIA large-scale computer until approximately five years of operations. b) Software preparation will take more time due to the lack of an off-the-shelf or a government- owned existing system that will completely fulfill system requirement. If the "suppression" capability remains a firm requirement, the time disadvantage of the mini-computer disappears as does software cost disadvantage (up to $200, 000 for mini, something less for large scale). (1) Time required to procure any additional peripheral equipment needed for the central system, encryption devices, and terminal equipment for remote sites would presumably be the same as for procurement of the mini-computer hardware; i. e., time for full implementation would not be appreciably shorter than for the mini-computer alternative. (2) The mini-computer alternative for implementation of the 4C concept would produce a superior system, for about the same amount of money and time than the large-scale computer alternative would require. 3. Reasons for System Encryption Classification of the system at a level of CONFIDENTIAL is in accord with current community usage for extensive collections of security access data. A. Encryption will prevent undetected, unauthorized introduction via line taps of spurious responses to terminal queries and will prevent modification of the data base via similar means. Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 B. It will prevent intercept of batch products; e. g. , large access rosters that would aid a hostile spotting and assessment effort or DoD SCI billet rosters from which significant order of battle information could be derived. 4. Modification of Existing Systems to Attain "Bigot" List Control and Rapid Access Verification Capability After examination and discussion with qualified data processing systems personnel, this course of action was discarded by the Working Group. It would require as much or more effort in software develop- ment than would the development of an entirely new system. It would take about as long to complete. Major software modifications would be required for the systems supporting each agency/department. Report and conversion programs would be needed to channel data to a central system, presumably a modified No economies of scale or volume would be achieved in such a "patch work" system, and if future modifications became necessary their cost could be multiplied by the number of different existing subsystems in the network. Such a "system" would suffer from the deficiencies that exist within each of the component systems in timeliness of input, data accuracy and, to some degree, information available. Time required for full implementation would likely equal that for the 4C concept. 5. Summary of Areas From Which Savings May be Derived Through Implementation of the 4C System Current system operating costs are difficult to specify since most operate on a time-sharing basis using in-house computers. For most participants it is reasonable to assume that computer time devoted to security support applications will be significantly reduced by the transfer of operations to the 4C System. Due to the unique require- ments of certain participants, they will continue using their existing systems, thus, somewhat reducing the potential for savings. No direct security personnel cost reductions can be predicted. Difficult to specify but certain cost savings will be achieved through reduction STAT Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8  Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8 of access certification message traffic, reduction in the number of times which identical information is input to different data bases, decreases in time lost due to visitors awaiting access verification, and savings in security processing. Approved For Release 2006/11/29: CIA-RDP82B00871 R000100110002-8