PROJECT SAFE

MA INTERNAL. USE ONLY Approved For Feasgg 2001/09/03: 04A-00933Flriid05001 ~00 u `i 1 The Director of Central Irate lit;ence 0DV ~ STATINTL FROM: Resource Management Staff DCI/RM 80-2412 9 April 1980 MEMORANDUM FOR: Director of Central Intelligence Director, Information Resources Office SUBJECT: Project SAFE REFERENCES: A. Memo from D/IRO to DCI dtd 26 Mar 80, same subject (Tab A) B. Memo from D/ODP to DCI dtd 26 Mar 80 Subject: Concerns Regarding SAFE (Tab B) C. Your memo of 21 March, Subject: Concerns Regarding D. Memo from , Chairman, STAP to DCI dtd 18 Mar 1980, Subject: Questions Regarding SAFE 1. Supplementing my memo to you, referenced above, I have again conferred with the Director, CSPO, and he has furnished me with copies of Change Order No. 20 which was executed 27 March 1980. This change order appears to me to adequately provide for the satisfaction of the requirement for the interconnection of the CIA and DIA SAFE systems for IOC. 2. I have also had an opportunity to review the referenced memorandum to you from Bruce Johnson, D/ODP, and Clarus Rice, D/OCR, and I concur in the manner in which they respond to your concerns. 3. As the project progresses, the IOC characteristics of the system are becoming defined with greater precision. Good manage- ment practice dictates that we proceed to IOC implementation without any substantial changes in the basic design concept. However, as pointed out in my previous memo to you on this subject, the design-to cost approach which was adopted has resulted in the necessity for deferring for later implementation some of the capabilities of the system embodied in the original design concept. I believe that the SAFE Project Office will soon be in a position to define fairly specifically which capabilities Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4 CIA INTERNAL USE ONLY  CIA INTERNAL UaE ONLY Approved For Rase 2001/09/03 : CIA-RDP84-00933F0500120011-4 will be deferred if current funding levels are adhered to. We are giving strong consideration to including this as an agenda item for our FY 82-86 Program Review. Attachment: Tabs A & B Approved For Release 209 EIMft1R40W*3R000500120011-4  Approved For ase 2001/09/03 : CIA-RDP84-009330500120011-4 SUBJECT: Project SAFE Distribution: DCI/RM 80-2412 Orig - Adse (w/att) 1 - DDCI (w/att) 1 - DDA (w/att) 1 - D/NFAC (w/att). 1 - D/ODP (w/att) 1 - D/CSPO (w/att) 1 - C/OCR/SAS (w/att) 1 - Executive Registry (w/att) Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4  Approved For I asi 12'0 1 Y63'f b1A jRbO~4I'O 3'3I 0500120011-4 W.uhingl i. I) t: 20501 STATINTL Resource Managenit-rit Staff MEMORANDUM FOR: Director of Central Intelligence VIA: Deputy to the DCI for Resource Management FROM: IHC/.Mt1 80 -2408 26 MIarch .1980 irector, n orma ion Resources Office SUBJECT: Project SAFE REFERENCE: A. Your memo of 21 March, Subject: Concern Regarding SAFE (Tab A) gTATINTL B. Memo from , Chairman, STAP { to DCI dtd 18 Mar 1980, Subject: Questions Regarding SAFE (Tab B) 1. I appreciate the opportunity to comment on the issues raised by the STAP Panel in connection with the SAFE Project. As background to our comments, I should point out that last year, after discussions between the D/DCI/RM, the DDCI, and DDA, it was determined that the focus of our interest in SAFE was to be "the areas of resource allocation and the relationship of SAFE to other programs on a Community -wide basis."* Although we have continued to review the development of Project SAFE, our primary attention has been in accordance.with the above quoted limitations. Conse- quently, we are not prepared to comment, except in qeneral terms, on many of the concerns raised in the referenced.STAP memorandum. 2. Of the four principal concerns listed in your memo of March 21st, only one falls within the scope of IRO's responsi- bility as set forth in paragraph 1 above, namely: "What actions are underway to ensure that the Intel 1i- gence Community has access to CIA SAFE and that CIA SAFE has access to DIA SAFE as well as such systems as COINS and SOLIS?" Memo from DDCI to D/DCI/RM dated 16 March 1979, Subject: Project SAFE Approved For Release gfp1o?~:q~l~t~ IC ?0933R000500120011-4  A p p r o ~ e t d F~gr ~~~QR~~@9/@$~ a ~I~,~~~P$e,4R~c~ QlOt9r1~00t1~4e e l i n o s be addressed because: At the DC I's semiannual review in m ay 1979, it was stated that a direct physical link between the DIA and CIA systems would be provided. o our review of the current version of the System Requirements Specifications indicates that such a communications connection between CIA and DIA SAFE systems is not included in-the specifications. o I have discussed this deficiency to the attention of the SAFE Project Manager and he states that such a requirement will be added by amendment; that, although this has not yet been accomplished, such an amendment will be prepared in the near Future. 4. We believe that it is crucial to the ultimate development of the types of intercommunication which are set out in your subject memorandum that this requi rement he now formal i zed in the SAFE documentation since, if properly specified, it will provide the technical capability to enable: o CIA analysts to access DIA files, o CIA analysts to access other Community files through the DIA SAFE interface with the COINS network which is included in the current requirements documents. DIA analysts to access CIA SAFE files. o Analyst to analyst communications between DIA and CIA analysts. o The capability to permit other Intelligence Community components to access CIA SAFE facilities by going through the DIA interfaces with the COINS or AUTODIN networks. 5. It should be noted that the provision of the physical links and the technical capabilities to accomplish the above listed functions will not, in and of itself, result in the implementation of any of these functions. None of the SAFE documentation, either emanating from DIA or CIA, calls for these functions to be provided. Indeed, the original CIA SAFE docu.- mentation specifically provides that the CIA SAFE system will he a closed system accessible only by C.IA personnel. The position has been taken by some that CIA has no validated requirement for access to any non-CIA system, including DIA SAFE. The results of Approved For Release 2001/09/03 CIA-RDP84-009.33R000500120011-4  Approved For Fase 2001/09/03 : CIA-RDP84-00933500120011-4 the IHC-sponsored Analyst Support Study indicate that.this is probably not the case. Nearly half of the CIA analysts. interviewed said they regularly access outside data bases such as SOLIS, the COINS files, CIRC II, and the NPIC data system. Furthermore, analyst-to-analyst communication across agency lines was ranked the second most important source of information by CIA analysts and the most important source.by DIA analysts. As automated systems develop and improve and analysts become increasingly confident in their use of and reliance upon direct access to automated systems, requirements for and the value of access to external systems should increase still further. 6. The management of the Consolidated SAFE Project Office is working under a handicap in this area. There has been, to our knowledge, no extensive formal review or update of CIA's functional requirements on the user side since the decision was made to combine the two programs. Without any formal statement of requirements from the CIA analytical community (primarily NFAC) which the system is designed to support, it is difficult for those charged with designing and implementing the system to anticipate what those needs may be. Therefore, we suggest that either you or some other appropriate authority should give to the SAFE Project Office some appropriate guidance which addresses these areas of concern. 7. We would call to your attention the fact that providing any' access to the CIA system from DIA and more especially from elements of the Intelligence Community outside of DIA raises serious security issues. The resolution of these issues will probably require action on your part to modify the present interpretation of existing security policies, or in some cases amendments thereto. If you should decide that the combined SAFE systems should provide the types of intercommunication and outside access which are outlined in your areas of concern, then someone (possibly the Computer Security Subcommittee of the DCI Security Committee) should probably be tasked with the responsibility of defining the security issues, suggesting possible solutions, and performing appropriate risk analyses so that they may he submitted to you for resolution. If this is undertaken, IRO should probably be involved in some way since decisions on these issues will' undoubtedly have major long-term effects on the feasibility of improving the interagency exchange of information and could also have a substantial impact on the resources which. will be needed to satisfy Community ADP requirements. 8. General comments on other concerns expressed by you based upon our limited perspective are: 3 Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4 CIA INTERNAL USE ONLY  STATINTL CIA INTERNAL USE ONLY Approved For RdWse 2001/09/03: CIA-RDP84-00933R 00120011-4 o We are informed that of OCR is coordinating the CIA user interface with the CSPO; that he is completely aware of the status of the project and consults regularly with the CSPO. o In the development of a project such as SAFE, it is extremely important that a well defined single point of contact between the users and developers be established and maintained. Otherwise, the system developers will be faced with conflicting statements of requirements. If, in fact, the established lines of communications with the users are not adequate, perhaps the reason is attributable to a lack of an effective framework within NFAC to provide a continuing review of SAFE as it develops. If this is the case, we are not aware of it. We see no evidence that "major portions of the proposed operational capabilities are unspecified." It is, however, probably true that NFAC should direct more attention to the general issue of what its requirements for open source material are and how these should be met, either through SAFE or other means. o .The decision to place SAFE ona design -to -cost basis necessarily implied some scaling down of the original requirements for the initial version. In consonance with this, NFAC did review and set priorities on the original SAFE requirements. It is our assessment that the CSPO is proceeding with development so that NFAC's highest priorities will be met first and the design will accommodate the later addition of those functions which now enjoy a lesser priority. If some of the capabilities which this approach will require to be deferred are considered to be important enough to warrant it, NFAC should develop a justifi- cation for their inclusion in the initial version of SAFE and the issue should be addressed during program review. 9. In conclusion, I would take this opportunity to inform you of two initiatives we are. taking in conjunction with the IHC which may have an impact on the future development of SAFE. Approved For Release 2001/09/03 : Ck-RDP84-00933R000500120011-4 CIA INTERNAL USE ONLY  (;!1\ tIV I tFtfVr''. U>t UIVI.T Approved For Rse 2001/09/03: CIA-RDP84-00933R00120011-4 o The development of a user language for SAFE will result in a common user language for DIA & CIA. We are exploring the possibility that this could become the initial step for developing user language standards for use throughout the Community. This will require the cooperation of the SAFE Project Office if it is to succeed. We expect the IHC to recommend the development of a distributed system of bibliographic informa- tion storage and retrieval systems. If this is to be done, the facilities of both the DIA & CIA SAFE systems in this area will have to function .as part of an overall Community system. If this is to be accomplished, the interconnection of the two systems could taken on added importance. Approved For Release 200 d? /Rr6 nP~t4-M31BR000500120011-4  Approved For ase 2001/09/03 : CIA-RDP84-0093380500120011-4 ODP 0-369 26 March 1980 MEMORANDUM FOR: Director of Central Intclligcnce VIA: Deputy Director for Administrr-ttion Director, National Foreign Aas ssmei t. Center FROM: Bruce T. Johnson Director of Data Processing, DDA Clarus W. Rice Director of Central Reference, NFAC S1ATINTL SUBJECT: Concerns Regarding SAFE REFERENCE: Your memo dtd 21 March 1980, same subject (ExReg 80-754/1) 1. This memorandum responds to your query of 21 March 1980, transmitting some questions about SAFE posed by your Science and Technology Advisory Panel (STAP). 2. Attached are answers to the specific questions raised by the STAP, presented in a narrative form reflect- ing the complexity of some of the issues they addressed. These answers represent the coordinated views of OCR '.1ncl ODP, reviewed and-endorsed by the DDA and the Director, NFAC. 3. At our mecti.nc with ou now scheduled for 3) 7\,,)ril, we propose that Mr. Director of the Con-- soli_datod SAFL Project Office (CSPO), present.. a hri,eE sure ary which addresses the four concerns you l i.st in your memorandum, after which we will be prepared to elaborate on any of those or other_ STAY c uestions about SAFE. We will also have available Mr Chief of OCR's Systems Analysis Staff, to discuss NFAC's extensive efforts to iden- tify user requirements. 4. We understand that Messrs. wall be at the meeting, and welcome the opportunity to discuss; their questions with them. We would like to suggest, however, that it may be profitable for us to spend some additional time with them subsequent to our joint meeting Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4  Approved For Erase 2001/09/03 : CIA-RDP84-00933500120011-4 SUBJECT: Concerns Regarding SAFE with you, to supplement the one short briefing previously provided for them by SAFE's managers. /S/ Bruce T. Johnson Bruce T. Johnson Deputy Director for Administration 2 G MAR 1980 Director, National Foreign Assessment Center Date Attachmuents: a/s cc: D/CSPO Distribution: Orig - DCI w/att. 1 -- DDCI w/att. 1 - Exec. Reg. w/att. 1 - D/N1'?1C w/att. 1 - DDA w/att. 1. - D/CSI'O w/att. 1 - D/OCR w/at.t. 1 - D/ODP w/att. Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4  Approved For Rrse 2001/09/03 : CIA-RDP84-00933R500120011-4 2.0 How is SAFES management ensuring t.lhat: a final a;orl: 1 fly system has been developed from the contililling evolllt-.ic::i of an operationally valid pilot system? !!:.w has S.F1 t,. 1ken advantage of the experience of similar, very lar.(? system in their: 1) system architecture, 2) communication and control, and 3) changing performance requi.rement-s? flow is SAAF111 management ensuring that t:he ,ystem 1 1 1) make available data on operation and us ge of tho a pilot system to guide development; 2) be able to modify both system functions and interaction capabilities so as to meet changing and evolving requirements; and 3) be able to add new functions and interactions so as to meet new requirements. 2 . 0 The "operationally valid pilot system" from which evolution will take place is the system which will he delivered at IOC in December.1982. Experience with the "Interim" SAVE system inaugurated in 1973 is being used in building the operational system. Data and us.irjf, patterns message and query analyses as well as user reaction!-, are used in requirements specifications, system sizing, function allocation and usage scenario development.. In order to ensure adaptability to changing needs and growth, we have dictated the maximum use of general-purpose computers and software. The system architecture proposed is the result. of an 13 niontll design competition between and is baasecPTATINTL on = anc.l Government experience with large systems. It distributes co:nnilnnications anc.l control functions as well as fllc ptocessi.ng such that boLt.l:cmnecl:s are avoided and parallel expansion is possible without reciesicin. Ne.w functions may be added at either the top or mid-level processors. Functions may be moved between levels to compensate for loading or usage changes. We expect the initial system to have shortcomings. All major systems do. We expect, however, the initial system to provide significant improvements in service and value over the current environment. Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4  Approved For Rse 2001/09/03 : CIA-RDP84-00933R500120011-4 Response to Quccst_i nee and Cemii enL f rem Science cIn(1 't'cec;filiol,,cgy Advisory Panel ?9emo1:r1ndum of 1.8 ittirch 1980. CONCERN: 1.0 What steps are being taken to ensure that the Agency, rather than the contractor is in control of the technical aspects of the design of the system? 1.0 The Agency has in place a strong technical matta(iement: team. The contract effort is under control and t}.e needs of two Agencies are being addressed successfully. In recognition of the problems of technical communication and management control compounded by geographic separati.on a number of steps have been taken as follows a) The Government has contracted for a system (icvelopment rather than technical effort. The contract::.or is responsihle for that development with govci-nmen)t controls . The Government defines the functions and performance of the system as seen fj:o:n a user's perspecti.ve. The development is perform( c1 to (jovernmeirt requirenionLs specif i.cat_ion in accordance with 111L St:ds. 490 and 1:521.. wiLb (Jov(crnlncent: rtpprota? kTINTL required of all specifications and de;si(II1 ,. The Govurnme.nt: approves all solicitation doClihient3 evaluation plans and contract awards by 1)) fonl:}ily formal project reviews are condunL.ed by the Consolidated SAFE Project Office (CSPO). Technical staff interaction daily by phone and virtually continuously through travel maintains communi.cati_on. The contractor has several permanent representatives located in Rosslyn, headed by a deputy pro ject manager for. East Coast operations. c) belays in decision making are not geographical problems,. They are problems associated with hard choices, An on-site representative could provide oversight and sonic. guidance but those problems of larger scope are not one-man problems. A full. time government representative is being considered for transfer to California. Travel will continue to be heavy in any event. Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4  Approved For tease 2001/09/03 : CIA-RDP84-009330500120011-4 2.0 - Continued The cautionary note in the STAP memorandum is well founded. We should expect to take up to a year to introduce the system services after which the system will continue to evolve. The SAFE budget: for 1982 and beyond recognizes this process. Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4  Approved For Rase 2001/09/03 : CIA-RDP84-009338 500120011-4 3.0 The SAFE user coirununity consists of Tnt:elliJjeFIc.c, Community analysts covering the full speect.rum of research into foreign political, nu.litar.y, economic, scient:i.Li.c, and technological activity. Their effective use of this system and, ultimately, the quality of intelligence they produce rest on whether their real needs can be identified and satisfied by the system. 3.0 There has been more user involvement in the defiiii.tion of the SAFE System than in any computer system of which we are aware. The interaction is continuing to refine and revalidate the system functions with the user. The CSPO maintains the balance of interactions with the contractor and - through OCR's System Analysis Staff and UTA's user points of contact - the users. The Consolidated SAFE Requirements Document, which is the foundation of the technical development, was developed with and largely by the using NFAC and DIA community. In the CIA this work began in 1972 and has included: a Pilot groups of 50 analysts defining useful functions Pilot systems development in 1973/4 Pilot branches to date provide usage data o User workshops in 1975 600 analyst survey in 1976 SAFE Procedures Development Laboratory o Project Upstairs/Downstairs with analysts o Newsletters o Direct interaction with CSPO and contractor of NFAC user representatives Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4  Approved For Rse 2001/09/03: CIA-RDP84-00933R00120011-4 3.0 continued In DIA there are 29 points of contact in user organizations who provide advice on requirements and are fully informed of project status. An extended data, collection effort fi-om 1977 to the present has developed user requirements which have been staffed with top level user m-anagcment. All data gathered on the inLeri_m: system usal.te 71 lid voluminous data on DIA's DIAOLS system have been forwar.clcd to M All prior study material has likewise been f-orwarded. These data are used to develop system desic7n and flow threads. Four former analysts are resident in the CSPu to focus and control the flow of requirements and to ensure: that they are met. This group coordinates heavily with both Agencies. .We believe that a "community" system should he developed after SAFE and that-SAFE would be a prototype for replication and potentially be a node in a community network. Training of users, operators and instructors is part of the system development contract. Both the Office of Training and NFAC will have instructors trained to support continuing operations and expansion of the user community. The Office of Data Processing will have operations personnel trained as a part of this effort. Approved For Release 2001/09/03 : CIA-RDP84-00933R000500120011-4  Approved For Rse 2001/09/03 : CIA-RDP84-00933R500120011-4 4.0 How can the Agency make a reasonable evaluation of the current status of SAFE with major portions of the proposed operational capabilities either unspecified or uncommunicated to the Agency? For example, 1) the user command language and its parsin(j, 2) the user programming language, 3) the user editing languages, and 4) procedures for backup, including regeneration of derived files lost in crashes. 4. All operational capabilities required including a er languages and backup capabilities, are specified in the Consolidated SAFE Requirements Document written by the Government. The contractor's translation of those capabilitic:--, to system design are encompassed in numerous system, su}b-system and clement specifications. These are. being developed can schedule with a normal amount of difficulty. Problems are addressed early in the process and corrccti'-c action is t7i:on. For example, the plan for l