SECURITY REVIEW TASK FORCE

Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1 ~R_xxvcutivIt PO~C dry I think that this is am*41Cre ?,rat, although I have some problems with it.Ij,hav asked Jack Blake to send copies to the Deputy Directors for comment.. Attachment: Report of the Security Review Task Force Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1  Approved For Release 2006/04/l9_.:.CIA ;RDP86-00674R000300140001-1 MEMORANDUM FOR: Director of Security 9 November 1978 Chairman, Security Review Task Force SUBJECT: Security Review Task Force REFFRENCES: (a) Memo for DD/A from the DDCI, dtd. 18 August 1978, Subject: Request for a Security Review and Assessment (b) Memo for Chairman, Security Review Task Force from Director of Security, dtd. 21 August 1978, Subject: Request for a Security Review and Assessment .(c) Memo for DDCI from the DD/A, dtd. 31 August 1978, Subject: Security Review - Interim Report 1. In accordance with the references, the Security Review Task Force has completed its review of the Agency's security policies and procedures. The conclusions and recom- mendations contained in this summary report are well supported by the Task Force investigations. The investigations, as indicated in the Interim Report, were conducted by three separate segments, each addressing a general topical area, i.e., Personnel Security, Physical Security and Information Control Security. Remarkably, each segment independently reached the conclusions and shared in the principal recommen- dations of this report, specifically those pertaining to reemphasis of the principle that security in the Agency is a command responsibility; Area Security Officers, and Security Education. 2. The Task Force believes it is essential that all responsible recipients of this report comprehend the fact Regraded "Administrative/ Internal Use Only" V hen Separated from Attac _ e:it Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1  Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1 that regardless of the quality of the Agency's Personnel, Physical and Information Control Security, rei=o~?ya~ay n,,.tos.e3u ze 3 yr~e.3ur1e:. ar~athe wi~c i=dent" bfi's~zn~`u~'`~ :12~ Put another way, we submit that~i~rl`v'e=c~an'i3rt`}f'}~reeri`td ..~7t~tan'tC~~+~r?~i~?73?a~i~r~=~ii~~]~`;:~~-3rd;; 3. In conclusion, I want to assure you that the Task Force members approached their task with professionalism and integrity. Fourteen officers were assigned to the three segment organization, as follows: Personnel Sep-:ent Physical Segment Information Segment Their reports represent, in my opinion, an exceptionally dedi- cated effort in response to your direction. Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1  Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1 SECRET SECURITY REVIEW TASK FORCE REVIEW OF THE CIA SECURITY PROGRAM What follows is a review of the current CIA Security Program and recommendations which, if approved, will improve that program. When examining the contents of this report and contem- plating the recommendations contained therein, the reader should bear in mind that in this Agency security is a command responsibility. He should consider the contents of this report with the idea in. mind that unless there is a constant and conscious exercise of that responsibility by all employees, and particularly by supervisors and managers at all levels, no security program, no matter how well designed, can be success- ful. There is only one reason for the existence of this orga- nization and that is to provide information to the President on the intentions and actions of other nations of the world which could adversely affect the security of the United States. It follows that the sources and methods used to collect that information, as well as the information itself, must be protected from unauthorized disclosure if it is going to be of any benefit. ~/.? i _Vl1 ~... 1/ lY~ L i Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1  Approved For Release 2006/0M MDP86-00674R000300140001-1 It also follows that security is paramount in the accomplish- ment of the mission. >oSz;vrs+dL>a'geTS involved in the accomplishment of the Agency's mission not only should, but er, eta?ce erm _a x-sec r4t)r. It does not matter what that action is. It could concern the management of a clandestine or technical operation. It could be a decision to be made on whether to hire a new applicant for staff employ- ment. It could be a decision to be made on whether to retain the services of an employee who has married an alien. It could be a decision to be made on the elimination of Career Security Officers in operating components when there is a reduction of personnel in the Agency. In any situation, the first question the manager has to answer is: What effect will his decision have on the secure accomplishment of the mission of the Central Intelligence Agency? Unless managers exercise their security responsibility consciously, constantly, and in a responsible manner, the results of all their other efforts, no matter how well designed and managed, will be worthless. The Task Force review included extensive documentary reviews, written surveys, and personal interviews within and external to the Agency. Several hundred personal interviews were conducted by the Task Force members. The Information Control Segment alone conducted 140 interviews during its Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1  Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1 ;EGRET fact finding. The internal investigations touched all Directorates, and the cooperation of those individuals con- tacted was gratifying. External discussions were carried out with representatives of NSA, DIA, DOD, the Department of State, and the industrial sector. The Agency's Personnel Security program was found to be essentially sound, particularly in light of available resources. st gdYve' 3rfen -Indeed, one might have expected that con- clusion, as the program has been tested and refined for thirty years. .r$atars. We believe the erosion can be attributed in large part to the dramatic reduction, during the past decade, in the number of Career Security Officers assigned to operating components, and to the inadequacy of the Agency's Security Education Program. We believe a viable program restoring Career Security Officers to close proximity to the collectors and producers of intelligence is the only way to reverse the trend. Similarly, th eeo3rrrclitg?+"r? 3,a 1, -~,Y;,~grar{;~tEYesrl~fj~'sd: The problems uncovered in this area are not new. The solutions to some equipment problems have been delayed by budgetary restrictions. But the maat P,T y aj- j?. x angi.~.x th r"sK a a t~h 7,; ,~., Approved For Release 2006/04/4- 9 :C `RLP86-00674R000300140001-1  Approved For Release 200/ FfA-RDP86-00674R000300140001-1 -re~~-a.rsr~r-G:uA~~~:~.~,~~w~.:~?~7~~~-~:r.?~~~n g ,~;~i;egs~~ .apoerdu,.esr; is a good example. The T l~ftt,e~pl-ied a~s.aese~~rasnf~c,ual~:. Again, that might have been expected because the Agency, as the rest of the government, has been overwhelmed by the information explosion resulting from technological advances in intelligence collection experi- enced over the past fifteen years. The information control recommendations necessarily represent drastic and far-reaching changes. We believe that for the first time the magnitude and complexity of the information control problem has been accurately, albeit not completely, described. The essential recommendation in this segment is the a=~~ee~~_ th t t t ' :_ r.aas aT rQ- o on a. - ~m r ki 'Dtxii A zs jex ~eRtd-omal-l sen t This report represents a distillation of the findings of the Security Review Task Force. The recommendations are those which are essential to movement toward much-needed reforms in security practices and procedures throughout CIA and, where appropriate, the Intelligence Community. SECRET Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1  25X1 Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1 Next 77 Page(s) In Document Exempt Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1  Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1 SECRET ACCOUNTABILITY AND SPOT INVENTORIES Current Procedures: An underlying factor in the three basic questions probed by the Task Force, as described at the beginning of the docu- ment control section, is the serious lack of inventories of accountable material. Within CIA, DIA, and NSA the only material afforded periodic inventory is TOP SECRET non-compart- mented and Restricted Data. Among these agencies, the inven- tories vary from the first agency-wide TS non-compartmented inventory in CIA, to regular, semiannual inventories at NSA. The minute amount of Restricted Data furnished CIA allows one control officer to maintain accountability on a day-to-day basis. This is an example of the axiom of inverse relationship between volume and control at its best. An example of this axiom at its worst is found in the control and accountability of Sensitive Compartmented Information (SCI), a generic term for all categories of formally compart- mented intelligence, including SI, TK, and BYE. The three categories frequently receive community-wide dissemination based upon predetermined dissemination lists, accounted for only by document copy number. Accompanying document receipts forwarded to recipients by NFAC/PPG are executed only 85 percent of the time. Based upon 1977 figures for NFAC/PPG, the receipt of some 13,000 TS/SCI documents was never verified by the intended recipient. 79 Approved For Release 2006/04/1. I,A(&_86-006748000300140001-1  25X1 Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1 Next 15 Page(s) In Document Exempt Approved For Release 2006/04/19 : CIA-RDP86-00674R000300140001-1