APEX

STAT Approved For Release 2004/05/12 : CIA-RDP85T00788R000100120043-4 Approved For Release 2004/05/12 : CIA-RDP85T00788R000100120043-4  ~'FILEs~~, ~T eas.. ~._s ;sva C?rnA~ Approved For Rel 4Q/1 ; CIA-RDP85T00788R 0 4 October 1979 MEMORANDUM FOR: Deputy Director of Security (P&M) I se pecia ecurity Center SUBJECT: APEX 1. The purpose of this memorandum is to advise the Director of Security that basic philosophic and practical obstacles exist both within the Agency and the Community which must be examined prior to the acceptance of the proposed. APEX system. 2. Those objections to APEX--which have been expressed repeatedly since October 1978 by such varied authorities as NFAC, DIRNSA, national and executive agent Program Managers,. need not be repeated here. It is sufficient to note that they oppose APEX from security, cost, efficiency and manage- ment viewpoints. Those objections have not been accommodated by the APEX system as proposed and it remains basically incompatible with the expressed needs and desires of the Community. 3. From the writer's perspective of having participated in several APEX working groups, and having seen objection after objection either ignored or "papered over," with no real resolution, there is a mounting uneasiness within the Community that APEX represents, not an improved managerial scheme for SCI, but rather a sinister (to put it bluntly) bureaucratic attempt to build an empire at the expense of the security and efficiency of current collection systems and their products. 4. Aside from the inevitable "whitening" of hitherto "black" programs which APEX will cause, and the accompanying erosion of security, there are more mundane but very real side effects which will curtail the Director of Security's .All Portions of This Document Are Confidential Approved For Release  25X1 Approved For Releas 0 5-/t2 :-CFA-RDP85T00788R000100120043-4 authority in the compartmented intelligence field to that of an interested bystander. The proposed APEX management organization will subsume the following functions now performed by various Office of Security components: a. Overall management of the APEX security control system and the development of APEX security policy. (This is now conducted by SECOM and SSC.) b. Oversight of APEX matters in all organizations outside the Intelligence Community and with foreign participants in the APEX system, with the exception of those foreign. liaison matters specifically delegated by the DCI to other NFIB principals. (Currently the job of SSC and NFAC/RES) c. Responsibility for the development of APEX policy and procedural manuals and coordination of implementing guidance manuals or procedures developed by other organizations participating in the APEX system. (Both operational and product manuals have been either produced by or coordinated with SSC.) d. Development of the APEX Central Access Approval Registry and review and staffing of requests for changes and allocations of APEX ceilings and access approvals, including administrative access approvals. (Assumes and broadens the CIB role while impacting directly upon the "must know" prerogative of Program Managers.) e. Policy direction and guidance for the APEX network of APEX Co rol Officers, APEX Security Officers, and Control Officers, including (1) security in indoctrination procedures for briefings and debriefings of personnel cleared for access to APEX, (2) the personnel, physical, and technical security programs for the protection of APEX materials, and (3) Community standards for document control, including markings, control systems, transmittal procedures, and inventory and accountability procedures. (Arrogates an enormous amount of power and authority currently held by various Office of Security components.) 5. The above is meant to point toward just the internal Office of Security impact of APEX. The Community impact, and the potentially catastrophic impact upon contractors, would require a more detailed study. Approved For Release 20 4/b /11: ~~IA-RbP85T00788R0001,00120043=4  Approved For Release 2904/05112. CIA RDP85T00788R000100120043-4 6. It should be noted, in passing, that the loss of the CIB function would leave CIA as the only NFIB Agency with no independent responsibility, authority and resources for the management, administration and control of the accesses it sponsors. The Director of Security, CIA would be the only senior NFIB security person with no direct control over his Agency's recordkeeping operations. Because of sensitive cover arrangements and the danger of exposing valuable assets, the CIA's Director of Security needs direct authority and control. 7.. What the writer believes is really needed is not a completely new system of compartmentation, but rather a set of specific-guidelines which would permit the maximum amount of intelligence product to be decompartmented from the currently existing intelligence product systems. It is believed that such an approach would be more secure and more cost effective. 8. The Director of Security should be aware that to accept APEX without full knowledge of its implications, both to his Office and the Community, would be a disservice to both. 25X1 Att: Draft APEX Organization Outline Approved For Release 4 O `L1 Z;Cl/ -RDP85T00788R000100120043-4  Approved`For Release 2004/05/12: CIA-RDP85T0688R 00 TRY *~FILE Organization for the APEX Special Access Control System 1. Upon implementation of the APEX system, there will be a need to consolidate a number of Community functions associated with this single special access system which currently are being carried out by at least five organizations in the Community. They are: CIA, NSA, the DCI Security Committee, COMIREX, and the SIGINT Committee. Mission and Functions 2. The'central Community organization for the APEX system would have as it -i>ve-ra1-l--rjssian serving as`fhe 'DCI' staff ~" Iw%: -- the development of common security and access standards for managing and handling compart- mented foreign intelligence systems, informa- tion, and products. -- the establishment of special access programs to control access, distribution, and protection of particularly sensitive classified information. 3.... In performing these activities, the APEX organization should be required to coordinate with the Chairman, DCI Security Co,-m,ittee, all activities which establish new, or amend existing, Community physical and personnel security policies. 4. The APEX organization would be responsible for the following specific functions: _ a. Overall management of the APEX security control system and the development of APEX security policy. b. Staff for the DCI the reviews and approvals re- quired for programs contained within the APEX system, including projects approved for the ROYAL dissemination system. c. Oversight of APEX matters in all organizations outside the Intelligence Community and with foreign par- ticipants in the APEX system, with the exception of those foreign liaison matters specifically delegated by the DCI to other NTFIB principals. Approved For Release 2004/05/12 CIA-RDP85T00788R0001001200434  C Approved For Release 2004/05/12 : CIA-RDP85T00788R000100120043-4 d. Responsibility for the development of APEX policy and procedural manuals and coordination of implementing guidance nanuals or procedures developed by other organizations participating in the APEX system. e. Establish and staff the Commtmity mechanism for exercising the right of challenge to classification or compartmentation of APEX materials and providing guidance on security classification and downgradinand the de- C> or sanitization of APEX materials. f. Develop Corramznity policy guidance and procedures for the release of APEX materials to foreign governments and liaison services. g. Development of the APEX Central Access Approval Registry and review and staffing of requests for changes and allocations of APEX ceilings and access approvals, including administrative access approvals. h. Policy direction and guidance for the APEX network of AP"X Control Officers, APEX Security Officers, and, Control Officers, including (1) security indoctrina- n procedures for briefings and debriefings of personnel cleared for access to APEX, (2) the personnel hysical, and-technical security programs f t ie-protection o, APEX materials,- and (3) Community standards - for -docuTnent control, including markings, control systems, transmittal procedures, and inventory and accountability procedures. i. Developmnt of policies and procedures for access by contractors and consultants to APEX materials. Staffing and Resources 4. The staffing arrangements and resource requirements for this new organization could be achieved as follows: a. A ninnber of the responsibilities listed above are presently carried out by the COMIREX and SIGIN7 Conan ttees. These responsibilities and the associated resources would be removed from the jurisdiction' of these two Committees and transferred to the APEX organization. Approved For Release 2004/05}/12: CIA-RDP85T00788R000100120043-4  Approved For Release 2004/05/12 : CIA-RDP85T00788R000100120043-4 b. Others of these responsibilities are presently carried on by the DCI Security Committee, and parts of the Office of Security, such as the Compartmented Infor- mation Branch. These functions and the associated resources could- also be transferred to the new organization. c. The staffing pattern of the new organization should be changed radically, compared with the existing staffing patterns of the organizations named above. Rather than being staffed with a cadre of people who are almost uniquely expert in security matters or in the specific disciplines of COMINT or Imagery collection, the new organization should be staffed on a much more catholic basis. A small cadre of Security, Imagery, and SIGINT specialists is necessary, but the remainder of the staff should include representatives from: other collection activities,.e.g., NSA, Navy. other processing organizations, e.g., NPIC, OIA. -- user organizations, e.g., NFAC, DIA Production, and INR. 5. To preserve the momentum and thrust of the program, the initial chief of the organization should be from the user co.~ ity. He should also be of sufficient status--supergrade level--to deal with senior members of the Cormam ity. 6. The new organization should be viewed clearly as a Community organization reporting to the DCI through his Deputy for Corm-,unity Support. Each of the principal members of the NFIB should be required to detail officers to serve rotational tours with this organization. 7. The functions of this organization would require an estimated 2S to 28 positions. This would include the 12 positions in the Colrmpart- mented Information Branch of CIA's Office of Security which would move intact to the new organization. One staffing arrangement for the organiza- tion might be as follows: Office of the Chief -- Chief, Deputy and two secretaries. The Deputy would also have direct responsibilities for the0 25X1 dissemination system Approved For Release 2004/5/12 : CIA-RDP85T00788R000100120043-4  Approved or Release 2004/05/12 : CIA-RDP85T00788R000100120043-4 Security Staff -- Two-three professionals and one secretary. Imagery Staff -- Two-three professionals and one secretary. Signals Staff -- Two-three professionals and one secretary. APEX Control Access -- Two professionals, two technical Approval Registry and eight clerical employees S. Based on present commitments (positions'or man-year equivalents) to activities similar to those to be performed by the new organization, 20 of the required 28 positions are immediately identifiable: COMIREX -- 3 positions SIGI`'T Committee -- 2 positions Coy- artmentation -- 3 positions Branch, DCI Security Committee Cor artmented Infor- -- 12 positions mation Branch, Office of Security, CIA 9. As a matter of Community concern, other Community members most involved in the APEX program should be asked to provide positions for the remaining staffing requirement of eight positions. NSA, for example, could be asked to underwrite two positions and the following to under- u-rite.one position--S.IFSS, NPIC, Navy, CIA/DDSET/OSO, CIA/?NFAC, and DIA. Approved For Release 2004/05%12 : CIA-RDP85T00788R000100120043-4