FINAL REPORT OF THE INFORMATION HANDLING TASK FORCE (IHTF)
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP86B00269R001300060001-0
Release Decision:
RIPPUB
Original Classification:
S
Document Page Count:
481
Document Creation Date:
December 19, 2016
Document Release Date:
November 22, 2006
Sequence Number:
1
Case Number:
Publication Date:
September 5, 1980
Content Type:
MF
File:
Attachment | Size |
---|---|
CIA-RDP86B00269R001300060001-0.pdf | 24.98 MB |
Body:
Approved.For Release 20M7'I (22 :: CIA-RDP86B00269R001300060001-0
DDA 80-1888/2
5 SepteTber 1980
MO4OPMD'UM FOR: Director of Central Intelligence
Deputy Director of. Central Intelligence
Executive Committee Members
Fi ONI: Don I. Wortman
Deputy Director for Administration
SUBJECT: Final.Report of the Information.Handling Task Force (IHTF)
REFERENCE: Memo dtd 13 Aug 80 to EXCOM and IHTF Members fr DDCI, subj:
EXCO 41 Guidance for I-1TF Final Report (EX.CUMM 9106-80)
1. Attached for Executive Committee review and action is the final report
of the Ih"TF. Section 6.0 of the report contains final recommendations of the
Task Force and represents an agenda for decision-making. A copye recom-
mendations section has been attached (Att 1) to this memorandznn. u
2. Section 5.0 contains an expanded discussion of the Architect`s ruuss ,
and function, a suggested appeal mechanism, a description of thv Sta:`f, , any
discussion of possible organizational positions far he Architect cousider~,:ig
that appears in Section 5.2, Architect of Information Services. A ri;vsed.
3. When the Executive Committee considers the -report, i 4uo 1 like a in
r;
review a proposed revision to the mission and i ction statement of ti-,e Arc
the Office of the DCI and the Office of the DDA.
a- d function st a - c e (Att .1 ?e. ieve tails rev-stc~ satc:An'-
con.sistent with iscussion the DDCI's mezr,~ra:~d :1i: f~r5 . i 3
(reference) implemen ing o decisions.
25X1
4. Section 4.1.5, Career Management, has been expanded to ir.c.lad.e stat:it?C.'
information on the population of information specialists Tai thl;t Di recto:s'at? ,3_n,_-&
to provide discussion of alternatives for Directorate management.
F
5. Attachment C to the final report, Description of Management Alternatives'.:: ..gins a description of the organizational options we discussed ` 25X1
7r.1lc ve this is responsive to the DCI's annotation on the reference meet ranaur,
rreqWE:st:cng t'llat ti be included in the final report. As you recall fro;-
cwr discussi.on.s the Agency-level options for change were the creation
C0VF DE Ti IAL UPO ; EVDVAT. OF ATT 1
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved'For Release 20067'Ill22 I iA-RDP86B00269R001300060001-0
of a new directorate containing. the bulk of our IH resources, or the creation of
a Systems Architect to deal only with planning at the Agency level. While the
Task Force tended to lean toward bold structural change, the Executive Committee.
was doubtful about the effectiveness of such a large bureaucracy in maintaining
user satisfaction. Also noted in our Sion was the great administrative
upheaval such a decision would entail.
6. Another factor considered and revisited at several points in our discussions
was how to organize to ensure we are making the best use of available technology.
The consensus was again that the larger the organization and associated capital plant,
the less capable we would be at staying current with technology ar le more inhibiting
that central organization would be to individual unit innovation.
7. In the final analysis, we achieved unanimity on the need for a strong 25X1
centralized planning function to better direct the development of information services.
The Task'Force recommendation to 1 m nt this planning function in a technically
oriented staff was found agreeable
8. Having reached a consensus on the nature of Agency-level management changes,
there is still the quest' if any, Directorate-level changes should be
undertaken. As I stated I plan to proceed with additional changes
involving communications., TOP, printing and information security. These changes will
be aimed toward building an organization and management system more in tune with the
Information Handling goals and developing technologies. I also hope to minimize the
ntmber of DDA elements the Agency user deals with in getting our complete support.
I anticipate presenting a plan for initial . than es in the existing DDA structure
six months after the Architect is on board.
9. There may be similar thoughts of change in other Directorates, prompted by 25X1
the results of this study. If this is-the case, I would recommend that our mutual
efforts be closely coord to ensure that the final results are in harmony and
supportive of the goals. u
10. Unless directed to the contrary, the remaining Task Force members.will move
to new assignments by mid-September. They will remain available in Headquarters for
further consultation and discussion as required. They e to be commended for a job
well done. Their work can be judged a success already, terms of moving the Agency
to agreement on a strong Architect function.
Don- I. Wortman
Attachments :
As stated
Approved For Release 2006/11/22 CIA-RDP86B00269R001300060001-0
Approved For Release 2O: CIA-RDP86B00269RWf 956011-0
6. RECOMMENDATIONS
6.1 Organizational Changes
6.1.1. Create an Information Services Architect to maintain and
publish an Agency strategic plan for the development of information
services. (ref. 4.1.2)
Approve: Disapprove:
6.1.2. Assign the Information Services Architect to the Deputy
Director for Administration. (ref. 5.)
Approve: Disapprove:
6.1.3. Charge the Deputy Director of Administration with
responsibility for accomplishing within six months:
A. Establishment of a joint planning mechanism to produce a unified
plan for information services of OC, ODP, and OL/P&PD.
B. Creation of a plan and time table for restructuring DDA line
components in accordance with the needs of this strategic plan and
with due consideration of the issues raised by this report. (ref.
4.2.2, 4.2.3, 4.2.4, 4.2.6, 4.2.7, 4.4.2)
Approve: Disapprove:
6.2 Management Change
6.2.1. Expand the scope of the current EXCOM ADP review to
incorporate all information services and charge the Architect for
Information Services with management of the preparation and
presentation of that review. (ref. 4.1.4)
Approve: Disapprove:
SECRET 1
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
6.2.2 Mission components should program, budget and defend
capital investments required to provide dedicated information services.
(ref. 4.1.3)
Approve: Disapprove:
6.2.3 Directorates should develop and implement plans to centralize
career management of personnel devoted to provision of information
services. Early attention should.be given to centralized management
of ADP and registry personnel. (ref. 4.1.5)
Approve: Disapprove:
6.3 Programmatic Objectives
6.3.1 Assign responsibility to the DDA for design and
implementation of a unified information distribution network whose
nodes are conveniently located throughout Agency facilities and which
contain facilities for storage, transmission, printing and sorting of
electrical information. Management of those nodes will emphasize
security, compartmentation and accountability for information.
Estimated costs are $15M for a ten year program. (ref. 4.2.6) (C
3d (3))
Approve: Disapprove:
6.3.2 Assign responsibility to the DDA for evolutionary
development of a universal terminal network that will provide wide
electrical interconnectivity with compartmentation and command privacy
enforced through cryptographic separation. Estimated costs are $40M
for a ten year program. (ref. 4.2.7) (C 3d(3))
Approve: * Disapprove:
6.3.3 Charge the Architect for Information Services with
developing a concept and commissioning the design of a centralized
data base of dissemination requirements that allows controlled, shared
SECRET 2
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
access to all Agency disseminats.4 Estimated (C costs are $500K with
expected completion in 1985. (ref.
Approve: Disapprove:
6.3.4 Place Agency priority on modernization of the communications
plant to expand capacity, quality and interconnectivity required to
support increased electrical flow. Estimated costs $20M with
completion at Headquarters by 1985; completion world wide by 1990.
(C 3d(3))
Approve: Disapprove:
6.3.5 In the interests of security, legality, and public image,
there needs to be a central, easily accessed repository of data
regarding information released to the public, the media, and outside
the Executive Branch. A central system should. be useable. by and
responsive to users concerned with FOIA and Privacy requests,
Public Affairs Office, OLC, OGC, Office. of Comptroller, DCI and
DDCI Staffs. The purposes of this repository would be consistency
of judgements with regard to releasability, maintenance of operational
integrity, and more efficient administration. It is recommended that
analysis of alternative means for establishing such a system, including
use of commercial bibliographic reference services, be commissioned
by EXCOM. (ref. 3.8.e.)
Approve: Disapprove:
6.4 Security Procedures
6.4.1 Establish systems of control and accountability for all
transportable, machine writeable, non-human readable storage media,
e.g., magnetic cards, tapes and disks. Such media must be
presumed to contain information of the highest sensitivity. (S 3d(5))
Approve: Disapprove:
6.4.2 With increasing application of technology comes enhanced
SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
ability to positively account for sensitive information. This
opportunity should be exploited to implement complete audit trails on
all Top Secret and compartmented information within Agency computer
data bases. The Office of Security should implement systems and
procedures to frequently review audit information for anomalous
accesses. (S 3d(5))
6.4.3 As classified databases more and more exist on-line,
encouragement should be given to on-line queries from a terminal.
Second-hand queries made via telephone 'should be discouraged.
Accesses via terminal are easily recorded and audited. Most
important, the terminal provides a more positive authentication of the
requestor than the telephone. (S 3d(5))
Approve: Disapprove:
6.5 Personnel Activities
6.5.1 The gradual extension of information handling technology
into the office environment creates a need for more informed users.
It is recommended that all career services incorporate some form of
familiarization training in career development plans. Such training
might include ADP familiarization, Office Automation, and information
management depending upon the nature of the service and the level of
the employee.
Approve: Disapprove:
6.5.2 The Task Force has observed instances of user ignorance or
apathy with respect to current information services. It is
recommended that an indoctrination program be designed for all
employees. This indoctrination, which can be integrated into other
Agency-wide programs, should provide information on available
services with emphasis on the user responsibility to the service,
e.g., establishing and maintaining dissemination profiles.
Approve: Disapprove:
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
6.6 Policy and Administrative Action
6.6.1 There needs to be a definitive policy statement for
contingency planning. This policy should cover a range of
eventualities from brown-outs to natural disaster and nuclear conflict.
(ref. 4.1.6)
Approve: Disapprove:
6.6.2 Future programs and budgets should address contingency
planning by separately identifying added costs.
Approve: Disapprove:
6.6.3 It is recommended that this report be given wide distribution
within the Agency as a means of publicizing the goals program and
the rationale underlying the accompanying management decisions.
Approve: Disapprove:
ALL PORTIONS THIS ATTACHMENT UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
SECRET 5
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved FFr'R9IUse 2 /1PI : VIA-jAb46900269Alf &B93t o i-0
Architect of Information Services:
Performs Agency level planning for Information services with
particular emphasis on application of technology.
1. Publishes Strategic goals and objectives for purpose of
program guidance.
2. Monitors progress toward goals and objectives and reports
state of Information Handling to EXCOM (incorporates ADP
review) .
3. Provides final approval for all agency information handling
systems architecture.
4. Consolidates requirements for IH to maximize commonality and
minimize unique development.
5. Conducts design reviews during conceptual design phase.
6. Maintains technology forecast and reports trends to
management.
7. Acts as Agency focal point to Community on matters of 1H.
8. Commissions system designs to fulfill architecture.
9. Initiates studies and analyses for the purpose of identifying
ways to improve effectiveness and efficiency of IH.
10. Maintains a current data base on the status of information
systems and their interrelationships.
SECRET - this page unclassified
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
ApprO
9, 1, T 'iN3 3 '' NT y31.9RAGCa~io
I I
SA/DDCI
22 September. 1980
SUBJECT Minutes of Executive Committee Meeting,
10 September 1980 STAT
1. The Executive Committee met on 10 September 1980 to review
the recommendations in the Information Handling Task Force (IHTF)
final report. Participants included the DCI, DDCI, and Messrs.
Dirks (DDS&T), McMahon (DDO), Wortman (DDA), Clarke (D/NFA),
Lipton(Compt.), Ware (D/EEO),(D/ODP),~C/IHTF),
and the remaining task force members.
2. Mr. Carlucci reviewed the activities leading up to the
IHTF final report and suggested that the Committee first consider
Recommendations 6.1.1 and 6.1.2. The Committee approved 6.1.1
establishing an "Information Services Architect" but suggested that
the title be revised. They also. approved Recommendation 6.1.2,
assigning the architect to the DDA.
3.. Mr..Wortman suggested that the Committee spend. the rest
of the meeting considering the proposed mission and functions of
the "architect" and postpone reviewing the remaining recommendations
until affected offices had an opportunity to comment on them.
Mr. Carlucci agreed, stipulating that Mr. Wortman should identify
those recommendations that could be handled appropriately at his
level and the rest could be brought back for Committee review
by late October. He also asked that the basis for the resource
estimates in the recommendations be explained.
4. Mr. Wortman highlighted preliminary discussions regarding
potential candidates for the "architect" position. Five internal
candidates and a number of external candidates are being considered.
The subsequent discussion of the mission and functions of the
"architect" included the appropriate grade level (about CS-17,
possibly GS-18) and the appropriate boundary line between the
"architect's" general planning functions and the detailed operational
responsibilities of line managers. The Committee agreed to adopt the
proposed mission and function statements for the time being and review
them-for possible revisions after the "architect" has been in operation
long enough to evaluate them.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approves f V1 $- -,r 7
zt~
E0
001300060001-0
6- 59
5. Admiral Turner thanked the task force for its efforts. The
meeting was adjourned.
cc: IG
D/OJ).P
C/ IIITF
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
8 September 1980
VINCE:
The attached notes are for your/DDCI background for 10
September meeting.
Think we should follow foreign liaison model:
- opening remarks from Wortman (needs to be told)
- brief highlights from IHTF
- go through recommendations.
II
will be available Tuesday and Wednesday AM for briefings.
Call with any questions.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
8 September 1980
SUBJECT : EXCOM Meeting, 10 September, 3:00 P.M.,
Information Handling Final Report
Concentrate on Don Wortmants covering memo, and its attached
recommendations and Mission and Functions statement for the
systems architect. (Note: Latter is different and better than
one in text.)
- as much agreement as possible on the role of the new architect.
- both DCI/DDCI support for organizational changes he needs to
make (steps toward OC/ODP merger) and flexibility in how he
approaches these changes.
- Of the nineteen recommendations, the task force considers nine of
them critical:
6.1.1 - systems architect
6.1.3 - DDA Joint planning and consequent restructuring
6.2.3 - career management centralized at Directorate
level IMS model)
6.3.1 - unified information distribution network
6.3.2 - universal terminal network
6.3.3 - centralized dissemination requirements data base
6.3.4 - priority modernization of communications plant
6.4.1 - establish security control and accountability
procedures
6.6.1 - contingency planning policy
- Recommendations are generally consistent with consensusi
Comments,,,;.on each bel e importance, expected contention, and any
deviation from
6.1.1 - Create systems architect
- no dissension expected (Wortman has been laying
foundation with DDs re: choice of architect).
- consistent wit
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
*At this point, you may want to turn to architect mission
on statement to get agreement here. Consistent
Uncti
and
with iscussion.
6.1.2 - Assign Architect to DDA
- not critical
- no opposition expected (some hallway speculation is
skeptical that any change will result if function is
placed in DDA; will depend on individual chosen;
you and/or DCI may want final approval of choice).
- consistent with
* Appeal mechanism to DCI/DDCI spelled out in text but not
recommendations; you may want to emphasize that here.
6.1.3 - DDA (A) joint planning mechanism, and
(B) plan for restructuring
- critical: will provide first aid for present
problems/user dissatisfaction while architect
is being established. This is area Don will need
both your support and some flexibility.
- no opposition expected outside of DDA; some apparent
within OC and ODP.
- consistent with Don's comments I land in
his memo.
6.2.1 - Architect charged with EXCOM ADP review
- not critical; should be helpful in focusing and
streamlining this exercise.
6.2.2 - Mission budgeting for dedicated information services
(SAFE current example)
- not critical, but contentious
I co
nsensus: be receptive to it when to
(you were persuaded that it could be helpful
in a tight budget climate when support
activities are more vulnerable.)
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
6.2.3 - Centralize info handling career management at the
Directorate level (IMS model)
- IHTF believes will be necessary in long run
- all but DDO/DDA will disagree
DDCI/DCI seemed to favor centralization
at Agency evel; DDA agrees with Directorate
centralization as a minimum
and has taken first steps; DDO will want to keep
"their model"; NFAC and S&T will see no value in
centralizing.
are critical for implementing the proposed
Agency information handling goals. Will all
be controversial. May want to have new architect
consider pros and cons in-depth rather than make
decisions now.
6.3.1 - DDA design and implement uniform distribution network
- critical
- cost very soft estimate
6.3.2 - Universal terminal network
-- critical
some opposition based on incorrect perception that
only one kind of terminal will be used; proposal is
only for standard terminals at key points to minimize
required user training, increase commonality among
systems, etc.
6.3.3 - Centralized data base of dissemination requirements
- critical
- DDO may object on security/compartmentation grounds.
- IHTF emphasizes controlled access and strongly enforced
need to know.
6.3.4 - Priority on modernizing communications plant
- critical
- ranked outside of guidance in FY-82 program.
- costs ($20 M) are differential costs; difference
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
between what is already being discussed/proposed
and what would actually be needed to do the job.
6.3.5 - MIS for information being released to public
- Wortman pursuing separately
IHTF believes previous analyses of this problem
not technically sound; an MIS would be "doable"
if all participants could agree on requirements.
6.4.1 - Security systems of control, accountability for all
non-human readable storage media (mag cards, tapes,
disks)
- critical; without it, control over paper documents
meaningless.
- Opposition will depend on how much homework
principals do.
6.4.2 - Audit trails for sensitive information
- neither critical nor controversial
- will evolve with or without approval; private
industry already moving in this direction.
6.4.3 - Discourage second-hand terminal queries; encourage
only on-line terminal queries.
- neither critical nor contentious
- Policy statement best can get
6.5.1 - User familiarization training
- Motherhood
6.5.2 - Employee information services indoctrination
- Motherhood
6.6.1 - Policy statement for contingency planning
- critical
- not discussed at Beechtree
- IHTF believes too much money already invested in
systems without any backup
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
6.6.2 - Identify contingency planning costs in future
programs/budgets
6.6.3 - Distribute widely
- Pro forma
- Executive summary can be detached if desired.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
secret
Information
Handling
Study
28 August 1980
secret
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/1112 C(&I&TRDP86B00269R001300060001-0
This document constitutes the final report
of the Information Handling Task Force
submitted to the Executive Committee, CIA.
1. This report follows the convention that he is to be interpreted
as he or she.
2. Classification marking & handling - unmarked portions of this
report are unclassified; some portions, while unclassified, are
designated for administrative use only.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
SECRET - this page Unclassified
5 SEPTEMBER 1980
The "Problem"
1-1
Launching the Study
1-1
The Study Team
1-2
The Charge to the Task Force
1-2
Scope of "Information Services"
1-3
Study Procedures
1-4
The State of the "System"
1-5
Scheduled Advances
in Technology
1-6
Goals for the Next
Decade
1-7
Information Systems
Development Recommendations
1-10
Personnel Resources Recommendations
1-11
Information Control Recommendations
1-11
Organization and Management Recommendations
1-11
The Elements of an Information Handling Strategy
1-12
The NAPA Report
1-15
The Security Task Team Report
1-15
2.1
Recording of Information
2-1
2.2
Acquisition of Information
2-3
2.3
Dissemination of Information
2-4
2.4
Distribution
2-5
2.5
Information Reference Services
2-6
2.6
Reproduction of Information
2-7
2.7
Security Control & Accountability
2-7
2.8
Computing Support Facilities
2-10
2.9
Information Systems Development and Maintenance
2-11
2.10
Miscellaneous Services
2-12
3.1
Management of IH Systems
3-1
3.2
Recording of Information
3-5
3.3
Acquisition of Information
3-7
3.4
Dissemination of Information
3-8
3.5
Distribution of Information
3-10
3.6
Information Reference Services
3-11
3.7
Reproduction of Information
3-13
3.8
Information Control and Accountability
3-14
3.9
Computing Support Services
3-16
3.10
Systems Implementation and Maintenance
3-18
3.11
Miscellaneous
3-20
SECRET - this page Unclassified
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
SECRET - this page Unclassified 5 SEPTEMBER 1980
4.1.1 PROVIDING CLEAR DIRECTION FOR IH 4-5
4.1.2 THE ARCHITECTURAL FUNCTION 4-9
4.1.3 THE ABILITY TO ACQUIRE NEEDED RESOURCES 4-14
4.1.4 THE ADP REVIEW PROCESS 4-18
4.1.5 CAREER MANAGEMENT 4-22
4.1.6 CONTINGENCY PLANNING 4-29
4.2.1 TECHNOLOGY'S EFFECT ON ORGANIZATION 4-34
4.2.2 ADP AND COMMUNICATIONS 4-37
4.2.3 INFORMATION DISTRIBUTION - ROLE OF PRINTING 4-42
4.2.4 INFORMATION SYSTEM SECURITY 4-49
4.2.5 USER SATISFACTION 4-51
4.2.6 INFORMATION DISTRIBUTION NETWORK 4-57
4.2.7 THE UNIVERSAL TERMINAL NETWORK 4-60
4.2.8 CENTRALIZED DISSEMINATION AND REFERENCE 4-67
4.3.1 INFORMATION HANDLING STANDARDS 4-73
4.3.2 NETWORKING STANDARDS 4-75
4.3.3 DATA BASE STANDARDS 4-76
4.4.1 INFORMATION SECURITY AND COMPARTMENTATION 4-79
4.4.2 COMPUTER SECURITY 4-83
4.4.3 ENCRYPTION, STORAGE, COMPARTMENTATION 4-85
5.1 Executive Committee Guidance 5-2
5.2 Architect of Information Services 5-3
5.3 The Appeal Mechanism 5-4
5.4 The Architectural Staff 5-5
5.5 Positioning the Architect 5-6
6.1 Organizational Changes 6-1
6.2 Management Change 6-1
6.3 Programmatic Objectives 6-2
6.4 Security Procedures 6-3
6.5 Personnel Activities 6-4
6.6 Policy and Administrative Action 6-5
SECRET - this page Unclassified
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
SECRET - this page Unclassified 5 SEPTEMBER 1980
INFORMATION HANDLING STUDY PLAN A-1
TERMS OF REFERENCE - INFORMATION HANDLING STUDY A-3
ATTACHMENT B
Description of Current Services
ATTACHMENT C
Description of Management Alternatives
ATTACHMENT D
Glossary
ATTACHMENT E
Bibliography
SECRET - this page Unclassified
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/1'&gL MIT- RDP86B00269ROONW-SUM ER 1980
This report sets out the procedure and conclusions of
CIA's Information Handling Task Force. In a year, the
five member team investigated the ways in which
information services, broadly defined, are now provided,
and gauged the impact of a rapidly changing technology.
Their goal was to produce the Agency's first strategic
plan for information handling.
One cannot but be dazzled by the pace of computer technology. If
automobile technology were improving at the same rate, a Rolls Royce would
cost $2.50 and get 200,000 miles to the gallon. Correspondingly, the demand
for computer and related services is ever growing. However, Agency buying
power is constricting and we are enjoined to "do more with less". Two
problems thus pertain:
Computers promise to "do more with less" ... at the cost of capital
spending. Senior managers find they must make major resource
decisions, often unprogrammed, with insufficient background in a
rapidly changing technical area. Seemingly related projects are
considered (and apparently designed) in isolation. The absence of a
"Master Plan" precludes optimization.
Traditional institutions providing information services may become
less effective as new technologies evolve, demand grows and resources
shrink. There needs to be a reconciliation of demand vs. supply, a
strategy for investment, and appropriate institutions to execute the
strategy.
In addition: there was widespread belief at the inception of the study that
there was an "information explosion", ill defined; there was scattered
enthusiasm for appointing an information processing "Czar"; and finally, some
sentiment prevailed that the Offices of Communications and Data Processing
could profitably be merged as the technological distinctions blurred.
Launching the Study
The Executive Committee of the Agency -- the Director of Central
Intelligence, his deputies, comptroller and EEO director -- commissioned the
study in the winter of 1979. Recommended severally by the Comptroller, and
the Deputy Director for Administration and his Directors of Data Processing
and Communications, the study had two predecessors, the SCIPS and CHIVE
studies. The more proximal antecedent was a survey and catalog of
information handling issues compiled by the Director of Data Processing, a
recap of which can be found in Chapter 3.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11 f-RDP86B00269R002139@HR 1980
The Study Team
Although it was decided that the study team should be collegial rather
than representative, it turned out to be both. While non-partisan (the
inevitable result of a year of close habitation) team members came from each
of the directorates: one each from NFAC, S&T, and DO, and two from the
DDA. Skills embodied in the team ranged from computer science and human
factors, across traditional computing and communication, to records
management.
The Charge to the Task Force
The Task Force was asked to draft a Strategic Plan for the use and
provision of Information Handling Services, and to recommend management and
institutional changes needed to carry out the plan. The definition of a
"Strategic Plan" agreed upon:
Sets out clearly the goals and objectives toward which we must
strive;
Starts from a clear appraisal of where we now stand;
Charts, in general terms, the (alternative) routes by which we get
from here to there;
Publicizes major observables by which we measure our progress and
projects a timetable of these milestones;
Fixes the responsibility for fulfillment of the various objectives and
subobjectives; and,
Estimates the magnitude of resources required.
In the terms of reference on which the study was based (Attachment A) the
Task Force was also invited to "...define a management structure for more
formal continuing coordination of the Agency's information handling
activities." In toto, then, the proposed elements of the strategy were to
include: "management, organization, operation, security, technology, and
personnel."
The terms of reference directed the attention of the Task Force to the
following issues:
Management "... To what degree can central management of information
handling contribute to the provision of information services? While
there is popular enthusiasm for further centralization of management
functions associated with information handling, there needs to be a
careful assessment of what functions need to be centralized to improve
provision and use of information services.
Standards "... To what degree can standardization contribute to the
efficiency and effectiveness with which information services are
provided? Standards could cover equipment, programming, engineering,
documentation, or management systems.
1-2 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/1'b"13ER(ELR-RDP86B00269R0t21}TH?:R 1980
Structure "... To what degree should technology influence Agency
organization? The apportionment of missions to some components is based,
in part, on historic technological definitions which may now be obsolete.
As technology evolves, a reallocation of the division of labor might be
useful and even necessary to clarify roles. However, the value of
organizational realignment must be weighed against the employee morale,
personnel management, and budgetary impact of change.
Com partm entation "... To what degree can systems and data bases be shared
without jeopardy to security and compartmentation? Increased efficiency
will often result from aggregation of user needs and resource sharing.
Strategies need to be identified that will maximize efficiencies within
constraints imposed by security and compartmentation.
Scope of "Information Services"
The study focused on the provision and use of information services within
the Agency. Information services were defined as those disciplines and
technologies whose purpose is to facilitate information handling. The study
addresses the interface of the Agency information systems with collection and
processing systems, not the collection systems, themselves.
The definition of Information Handling contained in EXCOM-19-79 was
accepted as the most appropriate for the purposes of this study:
"Information handling in CIA is the systematic creation, movement, use,
storage, retrieval, and disposal of intelligence and management
information with the support of automated or other clearly identifiable
processes and with due regard for control of sensitive and compartmented
data."
For purposes of this study, information handling services were
categorized as:
Recording of Information, including all facilities or services which
enable the generation or capture of information in a media that will
support subsequent storage and exploitation of that information.
Acquisition of Information, referring to the receipt of information
which has been collected or generated by non-CIA resources and
acquired for Agency use.
Dissemination of Information, the process of determining the
component or individual that should be made aware of recorded or
acquired information. This "intellectual" dissemination process is
contrasted with the distribution function.
Distribution of Information, referring to the physical movement of
information (in whatever media) and to related registry, mail,
courier, electrical and pneumatic tube services provided by various
information support units.
Information Reference Services, including those services that store
documents and/or information for subsequent retrieval.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11-RDP86B00269R0013$Jh@R '1980
Reproduction of Information, including all facilities wh=ich enable
the production of one or more copies of an information item in the
same media as the original.
Security, Control & Accountability, referring to those facilities or
procedures designed to enforce the need-to-know principle and to
prevent unauthorized access to, or unauthorized release of classified
information. Information control implies accountability.
Information accountability refers to facilities or procedures to
determine the location of information and to identify the components
or individuals who have been exposed to that information.
Computing Support Facilities, including all computers and. the
peripheral devices attached to those computers which support the
storage and processing of information. This support includes the
operation and maintenance of these facilities and the provision of
any systems (non-application) software needed to insure efficient
utilization of the hardware devices.
Information Systems Development & Maintenance, including the
analysis, design, implementation, and subsequent maintenance of
systems used to support specific user requirements in information
handling. This activity is primarily related to the development and
maintenance of hardware and software but can involve non-automated
systems as well.
Miscellaneous Services, including two services which warrant some
discussion but which do not logically reside in the nine categories
described above. They are: Formal training to support the various
disciplines that constitute the IH services; and, Data Base
Management and Support.
Study Procedures
Offices in the Agency were asked to provide structured responses to a
set of questions regarding current information services. These responses
were categorized by components whose mission is to provide services
(providers) and those components whose missions make them users of services
(users).
Using this data base, the Task Force then analyzed the information to
identify and define issues among providers, among users, and between
provider and user communities. The purpose of these preliminary steps was
to define the "benchmark" in information services from which future plans
necessarily depart.
Thirdly, the Task Force compiled a current technology forecast by
literature searches and discussions with Government and industry
representatives. The purpose of the forecast was to allow estimation of those
innovations in information services likely to become attractive to the Agency
in coming years.
With a data base containing the present state of services and the
predicted future developments, attention was turned to formulation of goals.
Goals and objectives were identified by applying the technology forecast in, a
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/119MFt~J -RDP86B00269ROCE1 M6MBR 1980
fashion that would allow information services to develop in ways that met
requirements while contributing optimally to Agency goals.
The goals and objectives were presented to the Executive Committee for
review and comment. Based on the generally favorable response, approval
was requested and received to use these goals for further analysis and
development of a strategic plan.
The issues concerning management and organization were approached in a
non-traditional manner. A decision analysis model was created by identifying
a broad range of organizational options, identifying the most important factors
to be considered in choosing among options and then inviting senior
management to utilize the model by a process technically termed
Multi-attribute utility analysis.
Provided with the preliminary report of the Task Force and the insight
developed through the Decision Analysis model, the Executive Committee
developed a consensus on the future direction of organization and management
of information services. This consensus was used by the Task Force in
developing the final report.
The State of the "System"
Current information services in the Agency continue to be provided
largely by manual processes. Technology has historically been applied to
increase the efficiency and effectiveness of these manual processes, not to
achieve true automation. That these trends continue is evidenced by
continued growth of stand-alone word processing, copiers, and registry
automation.
Computer applications continue to grow both because of growing
familiarity with computer applications and the rapidly decreasing costs of
system capacity. Increasing communications capacities are making it possible
to extend the convenience of automation to employee workstations by
installation of remote terminals and high quality printing devices. This
growing intimacy of end users with the technology produces added pressures
for more and better technology. The pressures result in increasing strains
on the human resources of the providers since requirements grow more
rapidly than the available work force. The management problem that results
is the user perception that providers are less and less responsive to their
needs.
To gain relief from the short falls in central services, users are leaning
more toward "do-it-yourself" programming, establishing component positions
for dedicated programmers, and arguing more intensely for local resources
such as minicomputers. These initiatives provide local relief to components
that are successful, but raise Agency level questions regarding their impact
on higher level priority and resource allocation decisions. These initiatives
also raise questions from providers of central services who tend to view part
of their management role as fostering development of coherent Agency-wide
systems.
Providers of technologically based services are facing issues and frictions
amongst themselves. As digital logic rapidly diffuses through communications
and printing, traditional definitions of ADP, communications and printing fail
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 2006/11 F -RDP861300269R00)396E HR 11980
to adequately categorize new devices and concepts of service. This leads to
frequent disagreement over delineation of responsibilities. The astute user
occasionally gains advantage from this confusion by shopping in what appears
to him a competitive marketplace.
Despite the increased confusion and discontent, the Agency's priority
needs continue to be satisfied. A comparison of Agency systems and their
management with those of other Government and industry organizations allows
one to conclude that the same information handling issues and problems are
the contemporary focus of many organizations.
Scheduled Advances in Technology
Forecasting computer technology is chancey but not hopeless. A high
degree of accuracy is not needed for our strategic planning purposes.
Sadly, because of the long development cycles of our major systems, our
plans will seldom intersect technology at its leading edge. Moreover,
predicting the "where to?" of the technologies can be separated from the
"when?" of those technologies. Finally, it is even useful to document those
expectations which will prove wrong, as plans, spoken or unspoken, will be
based on those expectations, right or wrong.
Even in the absence of major scientific breakthroughs, an increasing rate
of change will occur in computer technology because of better communication
among engineers, the availability of methods for exploiting scientific
knowledge, the increasing priority given to R&D. The driving force will be
profitable exploitation by the private commercial sector, particularly
burgeoning sales of sophisticated consumer goods. At a price, the
government will reap the fruits of cheaper computing elements. The price
will be an industry less and less responsive to unique government needs as
manifest by formal programs like MULTI-LEVEL SECURITY, TEMPEST,
COMSEC, MILSPEC, etc. The price will also be disadvantageous competition
with industry for trained personnel.
The rapidly declining cost of computer components will cause explosive
growth in new computer applications and in the quantities of units produced.
There will be great demand for, and shortages of, computer system
designers, programmers, and technicians. There will also be a critical
shortfall in management personnel to oversee system development.
The capability which may be incorporated in a single chip doubles
roughly every two years and this growth will continue throughout the
planning period. The resulting reductions in price, weight, and power
consumption of semiconductor memories and logic elements will open the
possibility of many new applications and for great improvements in present
applications.
Sensor and communications systems will increasingly be designed to
output digital information and the rates of data flow can be expected to
increase greatly. Computers will be utilized to transform this data glut into
useful information. Increased data processing at the sensor location will
reduce the complexity of the problem at the central processor.
As has been pointed out 1 11979), micro's and mini's promise
1-6 SECRET 1-6
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/1$12CRE11a,-RDP86B00269R001SE E(t 1980
computing power to the end user, but do not compete with terminals
connected to traditional data processing systems. Who wants to use a
terminal to do a job which could be done on a pocket calculator? Properly
used, however, the computer does not compete with the pocket calculator.
The computer collects and stores information. Where and how the information
should be stored are important questions. Questions as important as where
the data should be processed.
Most pertinent of the major new applications areas in the commercial
sector is office automation. It is hard to think of an advance in office
automation, broadly conceived, which is not directly applicable to information
handling in the CIA.
As computers become cheaper and smaller, the tendency to use separate
computers to perform specific functions in large systems will increase. Some
may operate individual sensors or input/output devices, some may share the
computational tasks, and some may perform test and diagnostic functions.
Because of budgetary and political constraints, system acquisition cycles
and operational lifetimes will continue to be long (10-15 years) in comparison
with the period of significant technological change (2-5 years). Because of
the disparity in these periods, changes of requirements, modifications for
using the improved technology, and additions to capability will be
commonplace. Considerable stress will be placed on the requirements,
analysis, and design phases.
In the face of fast-paced technological development, a wise investment
policy must be based upon a relatively stable set of long range goals and
objectives. Early in the study, a tentative set of interlocking goals were
developed for EXCOM approval. And, while never officially adopted, the
goals were approved provisionally as the basis for developing the strategic
plan. Throughout the course of the study, the goals have had to be modified
only slightly, to improve their readability and make more easily
understandable their interelation.
The set of goals and objectives is presented graphically in the
accompanying figure. A distinction is made between "goals" and "objectives".
Objectives are viewed as action items whereas goals are understood to be
ideals toward which we strive. There is no guarantee that goals are
achievable, but there is the sense that the future will be better if we work
collectively toward common ends, even if those ends are not completely
achieved. A further structure imposed on the set of goals and objectives is
their division into primary and secondary objectives and intermediate and
strategic goals. Thus, a continuum of sorts is developed from the
short-term, achievable, to the long-term ideals.
The Task Force developed three primary objectives:
PO-1 Develop effective top-level coordination among managers of
components which provide information services... vital if we are
to proceed in step on the secondary objectives.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/1 1/JR(tkRDP86B00269R00 3Q RP1 R 1980
PO-2 Develop effective top-level coordination among managers of
components that use information services... to make hard
decisions on resources.
PO-3 Establish the means to accelerate the integration of communications
and centralized information services, particularly ADP services.
Assuming successful completion of the Primary Objectives and the
resultant establishment of an Agency IH planning and coordination mechanism,
the secondary objectives become the work plan of this "Systems Architect'''.
SO-1 Develop overall investment and resource guidance for Agency
information handling... needed for two reasons: pursuit of some
of the goals involve large up-front costs; and many of the
information handling goals are in conflict because of their resource
implications.
SO-2 Establish a career service which will be responsible for recruiting,
developing, ranking, promoting and assigning Information Handling
specialists. Design a Career Development Plan to overcome the
forecast shortfall of skilled information handling specialists.
SO-3 Establish system management standards... vital to the attainment
of goals IG-5 and IG-6.
SO-4 Achieve a consistent and natural Agency-wide standard for access
to information services... tailored to the needs of the person, not
the peculiarities of the system. Consistency is needed to reduce
training costs.
SO-5 Store information more efficiently... multiply-accessed, single-copy
file storage can improve accuracy, consistency, and economy.
SO-6 Aggregate information for managers and analysts. Better means
must be found to meet their information needs with the available
data by processing stored data into higher-level forms on an ad
hoc basis.
SO-7 Provide multilevel security access to data bases... essential to
achieving better access control for those systems that are not
single-level and compartmented.
SO-8 Develop cryptographic devices for user terminals and storage
devices... not only for end-to-end secure electrical transmission
but also for additional information storage security (goal lG-10).
SO-9
Provide a
information
desk.
single, universal network of user terminals. The
user should have one and only one terminal at his/her
SO-10
Provide the means to capture keystrokes. to eliminate tedious
and error-prone retyping.
SO-11 Communicate most information electrically between people,
wherever they may be. This includes Headquarters-field
communication, sending products to consumers, etc. This goal is
1-8 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Goals for Information Handling
IG-4
maintain
handling
professionals
CATEGORY I OBJECTIVES
MANAGEMENT
PERSONNEL
SYSTEMS
AND
SERVICES
SECURITY
/ PO-1
improve
information service
management
? coordination.I
PO -2
improve
user
management
coordination
GOALS
PRIMARY I SECONDARY 1 INTERMEDIATE I STRATEGIC
PO-3
integrate
communication
and central
ADP
SO-1 IG-2
develop eliminate
investment marginal
policy activities
S0-2
establish
career
standards
S03
establish
system
management
standards
50-4
develop
standard natural
means for
user access
50.5
store information
more efficiently
SO-6
aggregate
information for
users
S0-7
provide
multi-level
security
S0-8
develop
cryptographic
devices
50-9
provide
universal
terminal
net
SO-10
capture
keystrokes
SO-11
distribute
information
electrically
IG-8
improve
quality of
and access to
files
IG-1
ensure
that important
needs are met
IG-3
shorten
coordination
cycle
IG-5
improve
system
maintainability
IG-6
shorten
system
development
time
IG-7
extend HQ
sense of
community
IG-10
provide
secure
storage
IG-11
reduce system
life cycle
costs
IG-12
integrate
into office
work patterns
SG-1
improve
quality of
products
SG-2
improve
security
SG-3
improve
timeliness of
decisions &
products
SG-4
increase
productivity &
efficiency
SG-5
develop
community
compatibility
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/119Mf]7E-RDP86B00269ROC21lf0TMBHR 1980
central to the achievement of several others: achieving a sense of
community (IG-7), integrating information tools into office work
patterns (IG-12), and improving data base accessibility (IG-8).
The movement of information by means of paper is slow,
inefficient, and presents unique security risks. Still, paper has
singular virtues as a medium for the reader, so electrical
distribution implies the availability of conveniently positioned
printing and facsimile devices.
The set of Intermediate goals will enable an evaluation of progress on the
above objectives. They would be used to measure the effect or benefit of the
completed objectives. The Architect would be required to develop
measurement criteria for each of the intermediate goals and report progress to
EXCOM.
IG-1 Ensure, in the face of competing demands, that information services
are directed to the most important intelligence and administrative
needs.
IG-2 Eliminate information handling activities of marginal value vis-a-vis
their cost.
IG-3 Shorten the coordination, approval, and release cycle of both
intelligence and administrative actions.
IG-4 Maintain a cadre of information handling professionals with the
requisite skills to meet the needs over the next decade. . . finding
and keeping people who can reduce the life-cycle information
systems costs through goals IG-5 and IG-6.
IG-5 Improve maintainability of information handling systems, both
existing and planned... to stabilize the cost of keeping
production systems working effectively.
IG-6 Shorten information system development time. With a rapidly
changing technology we cannot tolerate a 7-12 year development
cycle with the attendant risks of having systems unwanted or
outmoded at IOC.
IG-7 Improve and extend the sense of Headquarters community to all
Agency components in all locations, overseas and domestic.
IG-8 Improve the accessibility of data bases and their quality with
regard to consistency and completeness.
IG-9 Provide better control over access to classified information,
including provision of individual accountability.
IG-10 Provide more secure storage for sensitive material.
IG-11 Reduce the life-cycle costs of existing and planned information
systems.
IG-12 Make information handling tools a natural, well-integrated part of
the office work pattern.
Approved For Release 2006/11/22 : CIA-RDP86BOO269RO01300060001-0
Approved For Release 2006/11kf-RDP86B00269R00J3pRM6PR 1980
Finally, the Task Force has identified five strategic goals which should be
used to channel and justify Information Handling activities over the next
decade. While nebulous, they are worth emphasizing lest we forget the real
purpose of advances in information handling: Information Handling
Technologies are a means to the real ends.
SG-1 Improve the quality of the Agency's products.
SG-2 Improve the security of our activities.
SG-3 Improve the timeliness of decisions and the responsiveness of our
products.
SG-4 Increase the productivity and efficiency of our people and
components.
SG-5 Agency systems should be developed with consideration for
community compatibility... future systems should be capable of
efficient and cost-effective interconnection.
The Architect would report periodically to EXCOM on the status of these goals
and objectives and identify additional ones as needed.
Information Systems Development Recommendations
It is recommended that five information system developments be
undertaken in the coming decade. In some cases these are not wholly new
activities but, instead, reconceptualizations of programs already forecast.
The system development activities recommended are:
A unified information distribution network whose nodes are
conveniently located throughout Agency facilities and which contain
facilities for storage, transmission, printing and sorting of
electrical information. Management of those nodes will emphasize
security, compartmentation and accountability for information.
Estimated costs are $15M for a ten year program. (recommendation
#6.3.1, ref. 4.2.6) (C 3d(3))
A universal terminal network that will provide wide electrical
interconnectivity with compartmentation and command privacy enforced
through cryptographic separation. Estimated costs are $40M for a
ten year program. (recommendation #6.3.2, ref. 4.2.7) (C 3d(3))
A centralized data base of dissemination requirements that allows
controlled, shared access to all Agency disseminators. Estimated
costs are $500K with expected completion in 1985. (recommendation
#6.3.3, ref. 4.2.8) (C 3d(3))
Modernization of the communications plant to expand capacity,
quality and interconnectivity required to support increased
electrical flow. Estimated costs $20M with completion at
Headquarters by 1985; completion world wide by 1990.
(recommendation #6.3.4) (C 3d(3))
1-10 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/19d2RVA-RDP86B00269RCZlMBTE
1~9 1980
Contingency Planning Policy should be promulgated to cover the
range of eventualities from brown-outs to natural disaster and
nuclear conflict. (recommendation #6.6.1, ref. 4.1.6)
A central, easily accessed repository of data regarding information
released to the public, the media, and outside the Executive Branch.
It is recommended that analysis of alternative means for
establishing such a system, including use of commercial
bibliographic reference services, be commissioned by EXCOM.
(recommendation #6.3.5, ref 3.8.e)
Personnel Resources Recommendations
Two recommendations are made to improve the supply of, and utilization
of skilled information handling personnel. See also, the recommendation below
that Directorates plan for centralized career management for information
service personnel.
Information handling familiarization training should be incorporated
in directorate career development plans. Such training should
include ADP familiarization, Office Automation, and information
management depending upon the nature of the service and the level of
the employee. (recommendation #6.1.1)
Indoctrination on available information services, should be provided
for all employees which will also explain the user's
responsibilities, e.g., establishing and maintaining dissemination
profiles. (recommendation #6.5.2)
Information Control Recommendations
Three recommendations are made in the area of information security. The
first recognizes a threat in the technology, the latter two recognize a promise
in the technology.
Control ALL storage media which are transportable, machine
writeable, and non-human readable, e.g., magnetic cards, tapes and
disks. Such media must be presumed to contain information of the
highest sensitivity. (recommendation #6.4.1) (S 3d(5))
Positively account for sensitive information by aggressive use of new
technology to implement complete audit trails on all Top Secret and
compartmented information within Agency computer data bases. The
Office of Security should implement systems and procedures to
frequently review audit information for anomalous accesses.
(recommendation #6.4.2) (S 3d(5))
Positively authenticate database accesses by encourging on-line
query, as opposed to second-hand query via telephone.
(recommendation #6.4.3) (S 3d(5))
Organization and Management Recommendations
1-11 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/111i1& DP86B00269R00110gp~I~ER 1980
Seven recommendations are made in the area of organization and
management. Two recommendations provide for a Systems Architect, and two
recommendations are directed at reorganization of information services
components in the DDA. A revision of the ADP review is recommended as is
mission budgeting for dedicated services, and directorate wide career
management for information services personnel. Specifically:
Create an Information Services Architect to maintain and publish an
Agency strategic plan for the development of information services.
(recommendation #6.1.1, ref. 4.1.2)
Assign to the Office of the DDA the Information Services
Architectural Function. (recommendation #6.1.2, ref. 5.)
Charge the Deputy Director of Administration with responsibility for
accomplishing within six months:
Establishment of a joint planning mechanism to produce a
unified plan for information services of OC, ODP, and OL/P&PD.
Creation of a plan and time table for restructuring DDA
information service components in accordance with the needs of
this strategic plan and with due consideration of the issuers
raised by this report. (recommendation #6.1.3, ref. 4.2.2,
4.2.3, 4.2.4, 4.2.6, 4.2.7, 4.4.2)
Expand the current EXCOM ADP review to incorporate all
information services and charge the Architect for Information
Services with management of the preparation and presentation of that
review. (recommendation #6.2.1, ref. 4.1.4)
Budget by mission component those capital investments required to
provide information services dedicated to them. (recommendation
#6.2.2, ref. 4.1.3)
Planning for centralized career management of information services
personnel should be developed and implemented by the Directorates.
Early attention should be given to centralized management of ADP and
registry personnel. (recommendation #6.2.3, ref. 4.1.5)
The Elements of an Information Handling Strategy
In summary, the elements of the information handling strategy proposed
1. Constant Buying Power
Excepting the necessary recapitalization of NDS and Mercury and the
planned SAFE & CRAFT programs, a constant spending profile
coupled with cost performance improvements in technology will allow
us to meet the information challenges of the decade.
2. Career Management
An aggressive career management program applied to an Agency-wide
1-12 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/1$!2 RCrA-RDP86B00269R021 }-61 E(R 1980
career service broadly defined as including all subspecialities of
information handling will be needed to meet needs for skilled
personne.
3. Training
A forward-looking campaign of reeducation will be required to allow
individuals to reappraise their jobs in more general information
handling terms so that the cultural shock of technological
improvement is minimized.
4. Information Security
The changing technologies of information handling allow a departure
from document accountability to personal accountability for all items
of information accessed. The new technology also permits dynamic
application of need-to-know. Broader applicability of encryption
techniques demands consolidation of now disparate organizations.
The changing technologies are accompanied by new vulnerabilities
requiring a change in the skills of the security officers and augur
for dedicated information security specialists.
5. Architectural Planning
The historical accumulation of current systems and the otherwise
undisciplined proliferation of new sytems ?threatens expensive
incompatibilities absent a firm, forward-looking responsive
architecture. In information handling, more so than in most areas,
the whole exceeds the sum of the parts.
6. The Information Access/Distribution Network
With some effort, the ideal of a coherent, integrated,
media-independent, data-independent network can be achieved within
the decade. This will be largely a matter of vision and planning
rather than otherwise additional capital spending.
7. The Space-Dollar-Person Equation
Continued modest diminution of personnel can be accomplished this
decade as in the last as a result of information handling technology.
Required, however, will be some exchange of more numerous,
less-skilled information handlers for more highly skilled specialists.
After the SAFE space allocation, dedicated space for information
handling should remain relatively constant, as computers, like cars,
continue downsizing.
8.
The Use of Technology
More and more we will realize that our information handling needs
are less and less unique. Patience and perspicacity will allow us to
make far greater use of commercial products.
1-13 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/111 G -RDP86B00269R00J39W6411 1980
9. Standards
As with any maturing field the need for standards will increase, and
the nature of the standards will become more apparent to us. We
must avoid a rush to Agency-unique standards which will entail
significant downstream expense. Standards for user interfaces
(which mirror his intuition) will be most cost effective.
The NAPA Report
Concurrent with the formation of this Task Force, the Executive
Committee was engaged in a series of decisions with respect to personnel
management in CIA. These decisions were a result of a study, "The CIA
Personnel Management System", completed by representatives of the National
Academy of Public Administration during the Spring of 1979.
While dealing with Agency personnel management in the broadest terms,
there were ultimately some more narrowly focused recommendations. One such
recommendation was:
"Establish some Agency-wide occupational systems across career
services or subgroup lines where several components employ
significant numbers in the same occupational family. For
example.. .data processing personnel..."
The Executive Committee deferred a decision on an Agency Career service
for ADP professionals pending results of the Information Handling Study.
Task Force recommendations with regard to career management were
developed without reference to the NAPA report. Task Force
recommendations have resulted from a focus on the projected critical shortages
of information specialists and the belief that a personnel management system,
in addition to the vacancy notice system, is required to equitably deal with
needs of the service vs. desires of the individual.
The Security Task Team Report
Immediately following the events of the Kampiles case, the Office of
Security constituted a Task Force to conduct an in depth review of security
systems. The final report, "A Security Review of the Central Intelligence
Agency", contains many recommendations for change in policies and
procedures for information handling. While a number of changes and new
initiatives resulted from Senior management review of the recommendations, an
uncomfortably large set of actions were not approved because of cost and
perceived impact on operations. (C 3d(5))
This Task Force was asked to address those remaining actions in
developing a strategic plan. The Task Force approached this charge by
giving heavy emphasis to elements of strategy that promise to capitalize on
technological innovation in overcoming concerns for cost and efficiency and
that provide more positive control and accounting than current systems.
ALL PORTIONS THIS CHAPTER UNCLASSIFIED EXCEPT PARAGRAPHS
OTHERWISE MARKED.
1-14 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20g#/QpyE$-: CIA-RDP86B002633F l0G,M 6CDOOO-0
2. SYNOPSIS OF INFORMATION HANDLING
For purposes of this study, information handling services were
categorized as:
- Recording of Information
- Acquisition of Information
- Dissemination of Information
- Distribution of Information
- Information Reference Services
- Reproduction of Information
- Security, Control & Accountability
- Computing Support Facilities
- Information Systems Development & Maintenance
- Miscellaneous Services
2.1. Recording of Information
This category includes all facilities or services which enable
the generation or capture of information in a media that will
support subsequent storage and exploitation of that information.
It encompasses the mechanisms by which Agency components can
put information into a retention media.
These retention media can generally be thought of as falling
into three classes: hard-copy documents, electronic or magnetic
based storage, and methods for retaining information in more
graphic forms such as film or maps.
The traditional methods for creating documents has been the
use of standard typewriters to create correspondence-quality
documents and the use of high-quality printing presses, such as
those provided by P&PD, to produce finished intelligence or
documents where significantly large quantities of copies were
required.
While these facilities still account for a substantial amount of
the documents produced by Agency components, automated
facilities are increasingly being used to support document
creation:
o Standard typewriters are being supplemented by devices
2-1 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 9JRi=rCIA-RDP86B002699O~ a91FQf 8
which provide automated support to the creation, editing,
and printing of documents. These facilities are generally
referred to as word-processing (WP) devices.
o Terminals connected to the central computer facilities
provide a WP service which enables a user to prepare
printed documents.
o A growing population of distributed, high-quality printers
which are attached to communications and data processing
systems, are being used to create quality documents using
information which is normally stored, processed, or
transmitted by these systems.
o Planned facilities under development such as the SAFE
system will offer additional document creation functions to
NFAC analysts.
Recording information in the various forms of electronic
media is also being heavily influenced by technological
developments. Early facilities for entering information for
electronic storage and processing were largely limited to
centrally supported keypunch (key-to-card) facilities and optical
character readers (OCR) which can recognize and convert to
electronic storage information represented in certain type fonts.
While central keying facilities are still provided by ODP
IMS, and OC utilizes OCR devices to capture cable traffic,
user-operated word processing devices and computer terminals
are increasingly being used to enter information into electronic
storage. Once in this media, the information is being
manipulated by an expanding array of software and hardware
facilities to edit, store, retrieve, rearrange, distribute and
display/print the data.
A prime example of recording information in a graphic media
is the extensive use of microfilm and microfiche facilities found
throughout the Agency but especially in P&PD, OCR, and IMS.
This use of micrographics to record information will shortly
reach a new technological sophistication with the implementation
of the ADSTAR and DORIC-W systems in OCR and IMS.
The creation of graphic and cartographic information is
supported by the central plotting facilities of OGCR and
increasingly by the remote terminals and plotters associated with
the ODP central computers. This range of facilities enables a
user to create graphic representations of limited complexity on
local CRT screens and plotters or request sophisticated,
publication-quality maps or graphs from OGCR.
Finally, a number of components provide facilities to prepare
graphics which are used primarily as briefing aids. The
mini-computer based GENIGRAPHICS system recently acquired by
OGCR provides a facility which assists a graphics artist in the
2-2 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 I{,T : CIA-RDP86B002E9I LJ VX)D6
creation of color viewgraphs and 35 mm slides.
2.2. Acquisition of Information
Acquisition refers to the receipt of information which has been
collected or generated by non-CIA resources and acquired for Agency
use. This category of service identifies the Agency windows or
portals through which externally produced information is made
available for Agency exploitation.
Existing systems and procedures provide a variety of classified
and unclassified data to Agency analysts that is remarkable for the
depth and breadth of coverage. Although several components are
involved, there is surprisingly little duplication. Agency employees
are apparently satisfied with the level of support as evidenced by the
singular lack of complaints concerning acquisition service in office
responses to the Comptroller's information handling memorandum of
November 1978 and in their subsequent responses to the IHTF
survey.
The primary offices which acquire data for Agency use and their
responsibilities are described immediately below.
o The Office of Central Reference is responsible for the
procurement of foreign publications, the provision of books,
periodicals and newspapers to Agency components, the receipt
and dissemination of intelligence information reports and
publications, the maintenance of specialized collections of
intelligence data, and response to requests for motion picture
film and video tape, An acquisition function is either implied or
stated in each of those responsibilities.
o The Office of Communications is responsible for dissemination and
delivery of CIA and non-CIA cables within Headquarters. This
responsibility carries an implied acquisition function.
o The Foreign Broadcast Information Service is responsible for
acquiring and disseminating selected foreign broadcast
information.
o The Office of Current Operations is the Agency terminal point
for the major commercial press wire services.
These four components provide the bulk of textual reporting to the
Agency. The division of responsibility is fairly clear. The
availability of increased amounts of information directly to consumers
via electronic networks promises to blur some of these
responsibilities. If duplication is to be avoided coordination of
requirements is essential. (S 3d(3))
2-3 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 (1iE i.CIA-R DP86B00269g0R1i 8 61 Of -8
2.3. Dissemination of Information
Dissemination is the process of determining the component or
individual that should be made aware of recorded or acquired
information. Dissemination may consist of automated procedures which
match the information content to a user interest profile or reading list
and/or manual procedures in which a dissemination analyst reads the
information to match content with user interest.
This "intellectual" dissemination process is contrasted with the
distribution function discussed in the next section, the process by
which information is delivered to users. We have found in our study
that many users fail to make this distinction, complaining about
dissemination delays, when, in fact, some of the delays are
attributable to delays in the physical movement (distribution) of
documents from place to place. The reader should keep this
distinction in mind when reading about the dissemination/distribution
process.
Two components are responsible for the bulk of document
dissemination in the Agency. They are the Office of Communications
(Cable Dissemination System) and the Office of Central Reference
(hard-copy intelligence documents and open-source publications). On
a more limited scale, OD&E, FBIS, OCC:) and RSG Watch Offices,
DO/IMS, various registries, and the originators of documents are all
involved in dissemination functions, as are those components who
acquire information in liaison. In some cases, members of this latter
group make the initial dissemination; in other cases, they do a
second-level and sometimes a third-level dissemination when the initial
dissemination needs to be expanded to assure delivery to a more
specifically identified consumer. (S 3d(3))
Although reasonably well satisfied with dissemination support,
users identify three types of dissemination problems. They are:
delays in user receipt of electrically received intelligence products, a
need for dissemination tailored to users (branch, individual)
requirements, and a concern that the various Agency components
involved in the dissemination process do not use the same set of
reading requirements with the perceived result that information is
missed. The greatest user dissatisfaction resides in NFAC
components.
For many years, dissemination was a manual process performed by
people. In the last few years dissemination has moved in the
direction of automated processing. OCR's Machine Assisted
Dissemination (MAD) led the way but was largely replaced in 1978 by
OC's Cable Dissemination System. OCR's Interim SAFE which offers
NFAC production analysts their own mail files will be followed in the
near future by the final SAFE system which will greatly expand mail
file support. With more and more data being created in electrical
form, in part a result of the word processing expansion, we
anticipate growing requirements for automated dissemination systems
linked together by communications networks. (S A9c(4.1))
2-4 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200& FRET: CIA-RDP86B002( F $ 1T60?6Q-0
There is little technical difference between (machine-assisted)
dissemination and (machine-assisted) retrieval. The user may see a
duality: in one case fixed requirements played against a changing
stream of incoming information; in the other, new requirements played
each time against a fixed store of information. Underscoring the
identity of dissemination and retrieval, a user frequently wishes to
search the (recent) past receipts of electrical information and then be
advised of new incoming information on the topic.
Distribution refers to the physical movement of information (in
whatever media) and to related registry, mail, courier, electrical and
pneumatic tube services provided by various information support
units.
Distribution functions are the natural follow-on to dissemination
activities. Dissemination decides who gets what. Distribution gets it
there. Responsibility for distribution is quite diffused. Distribution
functions are assumed by many individual components in order to
move information to where it is needed.
The Office of Communications is a major distributor of electronic
based information within the Agency through its Field Stations,
automated message switching facilities (MAX and DATEX), the Cable
Dissemination System, and an extensive network of communication
lines throughout the building. The Office of Data Processing also
distributes a high volume of electronic information through its
growing network of Remote Job Entry (RJE) facilities, Message
Routing Service (MRS), network of mainframe computers, and
extensive remote terminal and printing facilities. Because facilities of
both offices are becoming increasingly linked, the division of
responsibility for distribution of electronic information is blurring.
(S A9c(4.1))
Unlike electronic distribution where jurisdiction and activities
involve only a few components, the distribution of hard-copy,
primarily paper documents, involves practically every major and minor
component in the Agency. Organizational units either sponsor
registries, mail rooms or some combination thereof or have fixed
mailing addresses (see Agency telephone directory) at which a
secretary or clerk performs similar functions. The function is labor
intensive.
If distribution responsibility within Headquarters for electronic
information is blurred by increased linkage between communications
and computing facilities, responsibility for hard-copy distribution is
even more difficult to pinpoint, because of the number of components
involved. Technology promises to reduce this problem by creating
and moving more information electrically. These parallel trends are
readily apparent in the expansion of data creation in electronic form
2-5 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200t(E1d14EI-CIA-R DP86B0026990ADON999D9~kS
through word processing facilities and the planned acquisition of
automated printing and reproduction systems (e.g. APARS) for
distribution purposes. (S A9c(4.1))
2.5 Information Reference Services
Information reference services are those services that store
documents and/or information for subsequent retrieval. Responses to
the Task Force request for information directed to users and
providers of information services identified literally dozens of such
systems. The variety defies easy categorization. An earlier
inventory by the Comptroller led to similar findings.
Major systems include the DO's Record and Information Control
System (DORIC), OCR's subject/bibliographic index to intelligence
documents (AEGIS/RECON), OCR's manual biographic files, NPIC's
Integrated Information System (IIS), and the COMIREX CAMS files.
There are others. (S A9c(4.1))
Examples of smaller, more unique systems are OGCR's World Data
Banks, the IG Aticlit ' Automated Information Management System
(AIMS), OTS' ystem, OL's Agency Copier Management:
System (ACM 9), an OWI's MIX to mention a few. (S A9c(4.1) )
In addition to operational systems and files there are a number of
development projects under way or soon to start. OCR's Project
SAFE is scheduled to go operational in late 1982 and will offer NFAC
analysts access to major information files, the capability of building
their own private files, and a current dissemination/distribution
service for material that is in electrical form. A similar system is
tentatively planned for DO activities.
CRAFT for Clandestine Records Automated Field Terminal is a
system designed to provide automated storage and retrieval facilities
to overseas installations. The system is planned to support rapid
destruction and/or transfer of records in emergency situations and
later reconstitution of files when the emergency is over. (S
A9c(4.1) )
With few exceptions, Agency systems are designed and built
independently for specific users. Each system is undoubtedly useful
but most serve only the original requestor or a limited clientele.
Unique design is to be expected in mission oriented organizations.
Mission managers have a job to do, and quite understandably, they
worry about and plan for their own activities, not those of other
managers. Because this is so, information systems suffer from
parochial design. Planners are either unaware of, don't care about,
or don't have the time or resources to worry about related
requirements. Is this bad? Not necessarily. If the system
requirements are unique, that is if no other organization has similar
or overlapping requirements, then local design is probably optimal.
Many would argue, however, that information requirements are not
unique to one component and that separate design leads either to
2-6 SECRET 2-6
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20%ijr i2 : CIA-RDP86B002E; 3R-M1WD60Ml-0
overlap and duplication, or non-use of available systems because
potential users are unaware of their existence. The problem is to
manage system development to encourage the initiative and imagination
associated with independent design efforts while simultaneously
promoting adherence to standard languages, common protocols, etc.
2.6 Reproduction of Information
This category includes all facilities which enable the production of
one or more copies of an information item in the same media as the
original.
The most widespread media reproduction activity in the Agency
today involves the use of the ubiquitous 'Xerox' type copier
machines. While reproduction facilities are available to create copies
of information retained in electronic and graphic media as well, the
use of document or paper reproduction devices is an integral and
indispensible part of the daily operations of every component in the
Agency.
Copier devices in the Agency at the beginning of this year
numbered 267, an increase of three percent over the previous year.
Average monthly copy volumes in 1979 ran 11.6 million, also showing
a three percent increase over 1978. (S 3d(5))
One technological activity that is expected to dampen this need
for large volumes of paper reproduction is the growing use of
electronic based word processing and office automation systems. As
more information is created and retained using these facilities, the
amount of document based information that would require the facsimile
copying (as opposed to producing a new copy from the digital
representation) should stabilize and eventually diminish.
2.7 Security Control and Accountability
Subsequent to its formation the Information Handling Task Force
asked the Office of Security to describe its goals for information
security. Four goals were identified:
o to prevent compromise of information while permitting timely
access for those with an approved need-to-know;
o to detect failures in the control system;
o to assess damage in the event of penetration, defection, or
accidental compromise;
o and, to take remedial action to correct control system
deficiencies.
The question is whether the Agency information security program is
meeting these goals.
2-7 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006jE 'A -rCIA-RDP86B0026950~1MggocI%
In 1978 the Agency Security Task Force examined the personnel,
physical, and information security programs of this Agency. The
task force report published in November of that year described the
personnel and physical security programs as essentially sound and the
information control program as ineffectual. The Information Handling
Task Force is, for obvious reasons, concerned primarily with the
latter program. (S 3d(5))
Information control refers to those facilities or procedures
designed to enforce the need-to-know principle and to prevent
unauthorized access to, or unauthorized release of classified
information. Information control implies accountability. Information
accountability refers to facilities or procedures to determine the
location of information and to identify the components or individuals
who have been exposed to that information. Enforcement of
accountability has a direct impact on the control of information.
Control functions include the encryption of information, the
requirement for passwords to access computer-held information, the
use of classification and dissemination control caveats on documents,
the establishment of security compartments for sensitive types of
information, etc. Accountability functions include all the
record-keeping activities which permit the location of information or
the identification of people who have seen or who have had access to
the information, i.e., registry activities, logs, document and courier
receipts, document manifests, etc.
Is information properly controlled and accounted for in the
Agency today or does the 1978 Task Force conclusion still apply?
The IHTF found a variety of systems working to protect information.
Electrical message traffic entering and leaving the Agency is
encrypted. Most, if not all, computer data bases are protected by
controlled environments, where access is permitted only to those with
the appropriate clearances, or by the use of passwords to access
on-line systems. OC enforces emanations (TEMPEST) standards while
OS Information Systems Security Group controls the placement of
electronic devices to limit emanation problems. IMS, OC and OCR
exercise control over dissemination by requiring official approval of a
disseminee's need-to-know. A variety of registries throughout the
Agency are involved in information control insofar as they determine
who will see controlled documents.
Other steps have been taken in recent months to improve control
over information. Authority to remove classified material from Agency
buildings has been limited to approved couriers and to those
individuals authorized on a case-by-case basis by Agency Document
Control Officers. Briefcase and package checks help enforce this
rule. New systems being implemented and planned provide for
improved control of information. These include the Blacker
cryptographic system which will provide end-to-end encryption over
communications networks, ADSTAR which will authenticate
clearances against a copy of the OS Special Clearance Fil
and Project SAFE which will record the location of documents
SAFE or ADSTAR and the identification of dissemination addresses to
2-8 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20Q PIt22 : CIA-RDP86B0026 RWGMT611e6Q-0
which documents are directed. (S A9c(4.1) )
Another recent undertaking is the establishment of the APEX
Steering Group and appointment of a Special Assistant to the DCI for
Compartmentation charged with establishing a single integrated control
system for all compartmented classified information.
Accountability is the ability to determine where information is
located and/or who has seen it. Most Agency components keep
records which help that component trace lost documents and/or
documents for which there is some reason to conduct a search. The
reasons for maintaining such records vary from component to
component as do the kind of records kept and the length of time for
which they are kept.
OC maintains message journals for whatever length of time is
needed to assure that messages are completely processed through the
system. OC's Cable Dissemination System maintains a two-year file of
messages on microfilm on which is recorded the message's (primary)
dissemination. ODP's Automated Message Processing System (AMPS)
maintains copies of messages transmitted from CDS in order to
retransmit messages when so requested by the message recipients.
OCR maintains a three-year record of document request forms and a
five-year record of TK document request forms. The Office of
Security maintains an automated TOP SECRET Control and
Dissemination System (TSCADS) to account for Top Secret collateral
documents. The DO/IMS maintains permanent records of all name
traces, file and document chargeouts. (S A9c(4.1))
When operational, the SAFE system will provide a document
accountability record for all records in the SAFE system and will
record the dissemination and routing addresses to which the
documents were directed by the system. ODP plans to install a badge
reading machine and an optical wand reader at the Ruffing Center
control point to verify and record the release of highly classified
computer-printed information.
These are only a few of the operational or planned systems which
will either control information or account for its disposition.
(Additional information is available on this topic in Attachment B.)
Most of these systems were designed to support operational
requirements. It is largely accidental that security audit trails can
be constructed from the data stored for other purposes.
The control of and the ability to account for information remains
much the same as described by the 1978 Security Task Force. The
XEROX machine largely cancels out any control or accountability
advantage achieved by the existing systems. The availability of more
and more information in electronic form resulting from the increased
use of word processing equipment does however offer some promise of
improving future control and accountability through the use of
automated systems.
2-9 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200i~6/gi-r-CIA-RDP86B00269EORliRgyrg( ~S
2.8. Computing Support Facilities
This category of information handling service includes all
computers and the peripheral devices attached to those computers
which support the storage and processing of information. This
support includes the operation and maintenance of these facilities and
the provision of any systems (non-application) software needed to
insure efficient utilization of the hardware devices.
The primary sources of Agency computing services today are
found in the large general purpose, centrally supported facilities
provided by ODP and the large special purpose computers which
provide dedicated support to NPIC, the DO, and COMIREX
applications. (S 3d(3))
Of secondary but increasing importance, is the growing list of
user-controlled mini- and microcomputers being utilized to satisfy data
processing requirements that, for one reason or another, are not
being satisfied by the large general-purpose devices.
The backbone of ADP support is provided by the ODP computer
center located in the Ruffing Center in Headquarters. This complex
of machines, storage devices, and remote terminal/printers provides
service to about fifty Agency and Community components and satisfies
a wide variety of data and word processing requirements. In addition
to providing batch and interactive time sharing facilities to the
general user, this complex satisfies large data base management needs
and provides the processing support for the OCR AEGIS/RECON and
Interim SAFE services.
The ODP managed Special Center houses large dedicated
computers which support the COMIREX management system (CAMS)
and provide computing facilities for a range of compartmented DO data
processing activities collectively known as ALLSTAR. (S A9c(4.1))
NPIC operates its own large computer centerl
which is used to support photographic interpretation and Fr-0-vide data
reference services for information derived from that interpretation.
(S A9c(2.8))
Because of unique security, processing, or availability
requirements, many components have found it beneficial to utilize
smaller, locally controlled, minicomputers to satisfy some of their data
processing requirements. In the absence of Agency standards for
minicomputer hardware and software, a large variety of systems has
evolved to satisfy a variety of applications.
The inescapable trend that one observes in viewing the computing
facilities of the Agency is that of constant growth. Growth in the
capacity and flexibility of the central support computers, storage
capacity and availability of remote terminals; growth in the use of
large special purpose systems; and especially growth in the use of
component-based computers dedicated to unique user requirements.
2-10 SECRET 2-10
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 2t tn: CIA-RDP86B00269R@I0 E6 9&O1-0
Significant events on the horizon that will have an unmistakable
impact on the character and availability of computing resources in the
Agency are:
o The establishment of the SAFE computing center and the
availability of the Headquarters wide-band communications
BUS system to support SAFE and other data communications
requirements.
o The utilization of the new standard soft-copy terminal and
the added local processing facilities it will provide the user.
o The establishment of a minicomputer standard (such as the
IBM 4300) to reduce or eliminate the profusion of
incompatible computing devices and languages.
o The introduction of computing facilities in an overseas
environment as envisioned by the CRAFT concept. (S
A9c(4.1))
2.9 Information Systems Development and Maintenance
This category includes the analysis, design, implementation, and
subsequent maintenance of systems used to support specific user
requirements in information handling. This activity is primarily
related to the development and maintenance of hardware and software
but can involve non-automated systems as well.
Systems development facilities in the Agency have evolved to the
point where both centralized and distributed resources are utilized.
This has essentially mirrored the evolution of the facilities for
computing services.
Centralized facilities are made available by ODP and OC to
respond to virtually any Agency component which indicates a need for
systems analysis or implementation. ODP and OC will perform the
required feasibility studies or project proposals to determine if and
how a user information handling problem should be addressed. In
addition to systems development and documentation, ODP and OC
assume responsibility for maintaining systems as long as they continue
to satisfy user requirements.
Software development and maintenance services are performed by
several non-ODP components in direct support of their parent
organizations. The largest of these groups are found in NPIC and
the DO. The NPIC group i supporting the NPIC Data
System and related systems and DO/IMS/Systems
Group performs software support unc ions for the DO systems
running in the Special Center as well as several minicomputer
applications. (S A9c(2.8))
2-11 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%tJL42:.1.CIA-RDP86B00269F O bION 100,01$$
In addition to these two groups, there are a large number of
components which provide their own systems capabilities. These
component resources are relatively limited, rarely exceeding a half
dozen people. Offices such as OCR, OSO, OER, and OL are among
the organizations which include systems support personnel on their
staffs.
While there is a fairly widespread distribution of Agency
resources involved in systems development work, the efforts are not
as disjointed as one might assume. Two significant activities are
contributing to a closer degree of cooperation and uniformity among
the various groups; the use of ODP professionals on rotational
assignment, and the development of Agency-wide ADP software
standards.
Because of ODP personnel ceilings, a number of components have
found it advantageous to provide permanent positions or slots in -their
organization which are filled on a rotational basis by ADP
professionals from ODP. Under this arrangement, the ODP personnel
become functioning members of the component staff, working in the
user area in direct response to user established priorities while
adhering to ODP procedures and standards. Similar arrangements
exist between OC and some of its customers, notably major program
offices within DDS&T.
A recently established ADP standards committee has been
constituted to develop Agency-wide standards relative to defining
systems requirements and the preparation of documentation associated
with the design, implementation, testing and maintenance of computing
systems. All major Agency components having software development
capabilities are participating in this effort.
2.10. Miscellaneous Services
This category includes two services which warrant some
discussion but which do not logically reside in the nine categories
described above. They are:
o Formal training to support the various disciplines that
constitute the IH services
o Data Base Management and Support
Training
Training, like most of the other elements of Information Handling,
is highly distributed throughout the organization. While OTR
provides several general purpose records management oriented and
information systems survey courses, the majority of the-technical
related offerings are provided by the specific components that require
the unique skills. Even within a technical speciality such as ADP, a
2-12 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 208WRET: CIA-RDP861300261~13d t-46C 069-0
variety of components feel the need to conduct their own formal
training. This results primarily because resource limitations of the
central training facilities of OTR and ODP preclude the support of
many component-unique training requirements.
OTR does review component training programs and thus there is
no discernible duplication of effort among the available courses.
External vendors, tutorial conferences and educational
organizations continue to provide supplemental training where Agency
expertise is unavailable.
The Computer Aided Instruction (CAI) facility envisioned for the
SAFE system indicates a trend that will be more evident on the
development of large ADP systems. Under this facility, the user of
the system will receive the majority of his usage training from the
system itself. In addition to the more traditional 'help' facilities
which provide the user with explanatory comments on the use and
format of common commands and procedures, the CAI can conduct a
formal interactive training lesson with the novice or experienced user.
Using this technique, the user can request individual instruction on
selected functions of the system, proceed at his own pace and
experiment with the various system facilities.
Data Base Support
Associated with the establishment of large complex data bases has
developed the concomitant need to ensure that the data is accurate,
current and available for user exploitation. Normally, the user or
the owner of the data cannot devote the resources or the expertise to
provide these services. Consequently, a number of organizations
which have developed ADP systems for users, also provide the related
service of maintaining the data for production activities. NPIC, ODP,
IMS and OCR are the primary examples of components providing this
service.
In addition to data maintenance, these components also provide
periodic or ad hoc data base reports to the user based on the users'
specific requirements.
Users are, however, taking an increasing role in managing their
own data bases. OF's establishment of its Data Base Management
Branch to monitor the state of the FRS and GAS systems is a prime
illustration. (S A9c(4.1))
ALL PORTIONS THIS CHAPTER UNCLASSIFIED EXCEPT PARAGRAPHS
OTHERWISE MARKED.
2-13 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
t1 Z: CIA-RDP86B00269M0CWS BC
3. SAMPLING OF PERCEIVED ISSUES
This section lists information handling and management issues
identified by Agency component managers. Frequently, several
component managers identified the same issues. The task team
therefore elected to present a representative sample rather than list
every issue identified by every manager. Words enclosed by
parenthesis were added to improve readability.
3 . 1. Management of I H Systems
Planning:
a. Development and maintenance of a strategic policy for Agency IH
support.
"The lack of a comprehensive Agency Information Handling
Strategic Plan renders ineffective attempts to develop
coordinated, complementary information handling programs."
(OC)
"...the need for coordination of ADP, communications, and
other information handling mechanics should be viewed as
only a part of the broader need to develop policy and
organizational procedures to rationalize and control
information flow." (DO)
b. Establishment and prioritization of long-range goals or objectives
to support these policies.
"Agency management issues (include the) development of a
managerial structure to manage, develop, control,
coordinate, and optimize information-handling activities
without destroying individual office requirements and
creativity...." (OMS)
"(A management issue to be addressed is) Who should be
responsible for formulating objectives, policies, plans and
programs relating to the establishment of an Agency-wide
information handling system?" (O/DCI)
c. Assignment of organizational responsibilities, action plans and
schedules to accomplish these objectives.
"Charter conflicts between Agency components are presently
developing and promise to worsen in the future.
Technological advances have eliminated many of the
traditional functional boundaries associated with
information handling. Computer security and communications
security efforts are also becoming inseparable.
Consequently, many OC/ODP and OC-CSD/OS-ISSG areas of
interest and responsibility are in dispute or have the
potential of developing into conflict situations." (OC)
SECRET 3-1
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20Cft-L41 T CIA-RDP86B0026 %J8 }r 099g&
"The acquisition of adequate ADP resources to meet the
growing demand for data or access to existing computer
assets under the control of other organizations...." (OD&E)
d. The allocation of the necessary resources commensurate with
assigned responsibilities and schedules.
"There are areas of severe imbalance between work load and
resources. Customers, occasionally, are forced to accept
lengthy delays in service. This imbalance sets the stage
for information handling users to initiate their own
programs to acquire and implement equipment or systems to
satisfy their requirements. This situation has serious
managerial and security implications." (OC)
"Examine the issue of centralization/decentralization of
directorate and office control of resources." (NPIC)
e. Agency support to community requirements.
"(A significant information handling problem is) the use of
Agency resources to develop and support community-wide ADP
systems." (ODP)
"(One of the principal needs is) A small skilled
community-oriented organization to install, maintain, and
manage information handling systems and activities for all
IC components directly involved with RD&E. Since there is a
diversity of requirements and continual unanticipated
demands within the RD&E components, there must be some
flexibility built into any information handling system. To
best achieve this flexibility and to retain a semblance of
system or order, calls for a focal point specialist to
oversee the effort." (OD&E)
f. Overseas support to field station activities.
"The extension of ADP to the field will significantly impact
foreign telecommunications requirements in the future."
(OC) (C 3d(3))
Philosophy of centralized versus distributed IH resource
allocations.
"(An) Agency management issue (is the) expansion of
activities to utilize standard hardware and software so as
to derive the benefits of economy of scale and reduce
maintenance and training requirements...." (OMS)
"(An Agency management issue which needs attention is) the
degree of centralization or decentralization of effort to
3-2 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20t 12 : CIA-RDP86B00289A 4sIU O
bring order to the Agency and community information handling
problems." (OD&E)
h. Physical space for IH support devices/personnel.
"(ODP is concerned about) the allocation of adequate
physical space to house ADP and Communications hardware."
(ODP)
"We do not have a coherent policy on space allocation, which
should take information handling factors into account in the
positioning and modification of offices." (DO)
i. Jurisdictional responsibilities between ADP and communications
support components.
"Technological advances, primarily in electronic components,
have fostered integral system design. It is no longer
possible to identify the boundary between data processing
and telecommunications." (OC)
"The most serious problem identified by ODP has to do with
the gradual and inexorable blurring of the distinctions
which once separated ADP functions from communications
functions...." (ODP)
j. Extent of required information control and accountability.
"(A) Policy regarding data integrity and accountability
should also be developed." (OC)
k. Extent of recovery from catastrophic failure of IH facilities.
"We lack a sound Agency position on requirements for the
survivability of CIA information systems, on vital records,
and on the ability of computer and micrographic data bases
to serve as records." (DO)
"Decentralization of major IH systems (telecommunications
and ADP) will be necessary to improve the survivability of
local IH resources." (OC)
Control and Coordination
1. Insuring that established policies, goals, and plans are
coordinated, monitored, and evaluated.
"Reorganize organizational structures to minimize
coordination requirements encountered when developing and
maintaining information handling systems." (OF)
"Is there adequate project oversight and reporting at the
directorate level (to avoid ADP projects which go on forever
but never get completed)?" (OP)
3-3 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006~~t4k1CIA-RDP86130026910(Rt0B(6p%~
M. The establishment and promulgation of IH standards to enable
compatible and efficient implementation of plans.
"Acquisition of new information handling equipment and
systems should be tightly controlled to ensure compliance
with Agency operational, technical, and security guidelines
and standards. All new equipment procurement should also be
reviewed to ensure compliance with an Information Handling
Strategic Plan." (OC)
"Inter-office and inter-directorate coordination and
cooperation (is needed) when interfaces between the various
agency automatic data processing systems are required. The
issue generally arises as to which system will be modified
to allow for compatible interfaces. When neither party or
parties will modify their system, it means the storing of
extra data for identification purposes or extra processing
is required in order to make the data passed compatible."
(OP)
n. The interface to, and coordination with, other government and
community organizations.
"The role of NPIC in providing on-line access to the NPIC
data base from various Intelligence Community organizations
through COINS II and the usage of COINS II by NPIC to access
intelligence information at other IC sites requires
Inter-Agency coordination and planning of ADP and
communication resources." (NPIC) (C 3d(3))
"The Community... is actively pursuing programs that involve
shared data bases, common standards, assigned
responsibilities, and services of common concern. Often,
ignored or glossed over are the resource implications of
such proposals. The Office of Central Reference is under
increasing pressure to modify processing and file coverage
and currency, and to develop and maintain new automated data
bases to meet Community rather than Agency requirements."
(OCR)
3-4 SECRET 3-4
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20G$/li 22 : CIA-RDP86BOO269R U ID (60000-0
3.2. Recording of Information
a. Proliferation, control, and compatibility of word processing
devices:
"Our use of word-processing equipment to streamline the
production of finished intelligence is plagued by
incompatabilities between users' equipment and uncertainties
about future Agency standards." (OWI)
"A plan should be established which permits production
offices to efficiently carry out their own word processing
functions and at the same time be part of an Agency-wide
integrated word processing system. In the long run, this
approach will be less costly and will prevent the
proliferation of varying types of incompatible systems."
(OPA)
b. Integration of word processing and current ADP facilities:
"OER currently utilizes the SCRIPT facilities of ODP to
prepare finished intelligence documents and will participate
in the NFAC plan to introduce the NBI-3000 as the standard
NFAC word-processing device. They wish to avail themselves
of the benefits of both systems and consequently have
expressed a need for a communications facility between a NBI
and the VM systems such that VM data (including SCRIPT
files) can be included in NBI-produced documents." (OER)
"The proper organizational placement of control over word
processing, the relationship of that control to
organizational control over computerized printing, and the
relationship of both of those functions to the traditional
functions of communications and ADP, involve organization
issues which must be dealt with at the Agency level." (ODP)
c. Need to expand present word-processing capabilities to include
general purpose office automation facilities such as document
dissemination and routing.
"(An issue to be resolved is) should DDA analysts have
access to SAFE or SAFE-like capabilities." (OL)
"(A management decision is required on the) plans for a
wider use of SAFE and the SAFE-like concept to operating
elements of CIA." (OSO)
d. Need for additional document-to-electronic transformation
facilities:
"(Need for) development of a capability to transform
hard-copy information into a digital form." (OSO)
"...there has been mutual cooperation between Community
3-5 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?61C1 T' CIA-RDP86B0026 ~OjaM?OYRA&
library organizations for many years in the exchange of
books, documents and microfilms. There is, however, no
(electronic) communication systems available in the
Washington metropolitan area that can handle this large
exchange of non-digital intelligence material." (OCR)
SECRET .3-6
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 2Q. GIRLZY : CIA-RDP86BO02 RN9,Q tMTD6
3.3. Acquisition of Information
No significant problems identified.
3-7 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%/O&RJ--CIA-RDP86BO0269?oRuNgyiOq~~0
3.4. Dissemination of Information
a. Perceived delays in dissemination processing.
"Delays in dissemination of electrically received
intelligence products have become increasingly significant
since April 1978. ...The CDS does not include an automated
print capability... resulting in user receipt delays. In
addition, the CDS is unable to presort the document output
thus requiring rereading at centralized points before
analyst receipt." (OCR)
"Because of the time lag in the distribution process a
parallel operation has been implemented to speed delivery of
cables to OPA." (OPA)
b. Component responsibilities for dissemination need clarification.
"The Agency's present system for the dissemination of
classified documents is handled by four separate CIA offices
(OCR, PPG, Operations Center, and Cable Secretariat). In
addition, a few documents are disseminated by the Executive
Registry, SALT Support Staff, and others. None of these
activities use the same set of requirements to provide their
service resulting in disparate dissemination and no single
record on how documents were disseminated. This
decentralized approach to dissemination warrants review to
determine if one centralized activity might improve Agency
dissemination." (OCR)
"An information handling strategy should also address the
flow, dissemination, storage, and retrieval of cable
traffic. ORPA (OPA) analysts rely heavily on cable traffic
coming into the Agency as a primary information source for
political analysis. The Cable Dissemination System
developed by the Office of Communications is a beginning.
The SAFE project will further help. Any information
handling strategy should ensure that cable traffic is
available to analysts in a timely fashion and that the
information remain available for a reasonable period of
time, perhaps three or four weeks, in a computerized form
for further querying." (OPA)
c. Need for additional dissemination support.
"There is a need for improvement in methods for selective
and timely dissemination of substantive intelligence which
is tailored to the individual user requirements instead of
the present broadcast method of reporting this information."
(NPIC)
"We are working with the Cable Secretariat to develop
profiles to address all cable traffic to the branch level.
If we can accomplish this, we plan to install a dedicated
3-8 SECRET 3-8
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 t~,b k2T : CIA-RDP86B002OPCOGI -06i1}
printer in the OER registry to handle all of our incoming
cable traffic on a real-time basis." (OER)
3-9 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?~6I - CIA-RDP86B00269 OAOdaVE~O99A-J
3.5. Distribution of information
a. Limited capacity of current electronic distribution facilities.
"The probability of greater volume of digital
information to be handled within, to, and fro J
will place additional requirements on the comm
capabilities at NPIC." (NPIC) (S 9c(2.2))
"Here at Headquarters the DO needs an encrypted wide-band
bus communications grid which will facilitate flexible
growth in the number of convenient computer terminals to
handle data, image, secure voice, facsimile, and word
processing traffic. It is an ironic fact that we can today
send a message back and forth several times between
Headquarters and a field station in the same time that it
takes to hand-deliver a message within the Headquarters
building itself. An expensive communications network such
as that we seek is difficult to justify for any one
directorate. It must be justified as in everyone's
interest." (DO) (S A9c(2.1))
b. Reliability of current electronic distribution facilities.
"(There are) problems in maintaining reliable communications
circuits for outlying buildings." (OP)
c. Current limitation on the types of information that can be
distributed electronically.
"There needs to be a closer integration of manual and
computer- based systems, with perhaps greater reliance
placed on use of 'electric mail'." (OL)
"(An Agency-wide management issue which needs attention is
the) planning for the transition from predominantly
published report dissemination to electronic dissemination,
and filing and retrieval systems." (FBIS)
d. Need for communications standards to facilitate the distribution
of information.
"We should reduce the diversity or variety of data
communications protocols and character representations
throughout the Agency and Intelligence Community as well."
(NPIC)
3-10 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269ROO1300060001-0
Approved For Release 21l2 : CIA-RDP86B00269AMX!3l36Q061
3.6. Information Reference Services
a. Space to store increasing amounts of information.
"Technological advances have given us the capability to
collect enormous amounts of information. There is such a
proliferation of information and 'hard-copy' printout that
managers are being inundated with mounds of information."
(OL)
"Another management issue in information handling that in
our view should be of significant Agency concern is the
growth in the amount of information we are collecting and
perhaps unable to use. This issue applies to the growth of
our records both in hard-copy and computerized form. While
we have acknowledged this growth problem in the hard-copy
world, the compression capabilities of computers and
microfiche have tended to make the problem less visible in
these areas." (OS)
b. Standards for indexing and storing information to facilitate
retrieval.
"We see the lack of standardization of information handling
procedures now used in manual or semi-automated systems as a
significant Agency-wide problem. Standardization is
required for information security as well as for efficient
application of technology to the administrative office
environment." (DDA/ISS)
"There is a need for further standardization of terminology
used in reporting intelligence events and objects." (NPIC)
c. More flexible and user-oriented retrieval facilities.
"Generalized Information Management System (GIMS) does not
have a language which is easy for managers to use. Rapid
Access Management Information System (RAMIS) has file size
and multiple user constraints. OL would like to see a
management-oriented data base capability with good reports
and graphics." (OL)
"We maintain one of the world's largest libraries of
machine-readable statistics on international trade and
finance. In total, the library contains over a half-billion
statistics stored on some 4,000 reels of tape. We need to
be able to retrieve this information according to criteria
that we can program in a general language like APL." (OER)
(C 3d(3))
d. Need to establish and maintain directories or catalogs of stored
information and the facilities available to retrieve this
information.
3-11 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200:TCIA-RDP86B00269F0(R'?86P0P01$$
"Data resource banks are so fragmented... that it is
difficult to know where and what type of information is.
available for individual office use." (OTS)
"Our analysts are not adequately informed about existing
automated information handling systems, both within this
Agency and in other Intelligence Community agencies. This
is partly because these systems are poorly documented or the
documentation is not kept up to date." (OWI)
e. Limitations of existing centrally supported files of administrative
information.
"Current Agency data base support/utilization, from OC's
viewpoint, is characterized by dated information and
incorrect, incomplete reports. Such a situation results in
inefficiency and justification for a component to acquire
its own local system in order to overcome this problem and
to realize the advantages of automatic data processing."
(OC)
"(A major issue which needs attention is the lack of)
automated transfer of administrative information between
OMS, OP, OS, etc. to expedite case processing and research
studies, while protecting individual medical confidentiality
and privacy." (OMS)
f. Analysis required to review increasing amounts of information.
"The vast quantity collected is overwhelming our analysts.
They are forced to spend time sifting through irrelevant:
data, time which would be better spent analyzing relevant
data. And in the crush, sometimes important information is
overlooked." (OWI)
"Collection systems are presenting larger quantities of more
complex data which requires more analysis with concomitant
increases in Agency computer resources." (OSI)
3-12 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 1@tIk/JT : CIA-RDP86B002EH)Fii M1166096Q-0
3.7. Reproduction of Information
(The proliferation and unrestricted use of reproduction equipment is
categorized in paragraph 3.8. below because it is a security issue not
a reproduction problem.)
Requirement for better remote printing facilities to satisfy a variety
of remote printing needs:
"Will printer networks be established such that (components)
can satisfy a variety of remote printing needs?" (OER)
"RMS would like ... a multi-purpose printer/ graphic network
so that a variety of RMS printing needs could be
satisfied...." (ICS/RMS)
3-13 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2008/E1&RjtCIA-R DP86BOO2699OOl~O8y400( 80
3.8. Information Control and Accountability
Access Control:
a. Maintain a proper balance between the requirements for
compartmentation/confidentiality and user need-to-know.
"Determination of the requirement for compartmentation and
need-to-know protection in the electronic environment is a
prerequisite to major decisions about the direction of
future systems." (OC)
"(A major issue is the) protection of individual privacy and
medical confidentiality." (OMS)
b. Need for better security facilities to control information in
electronic form.
"Recent and perceived advances in end-to-end encryption
techniques, file encryption, and verifiable software (secure
operating systems) will enable processing systems to
simultaneously execute multilevel classification and
compartmentation jobs. The justification to operate
separate processor centers based on sources and methods
compartmentation is no longer valid." (OC)
"...It is the opinion of this Office that the most important
information handling issue facing the Agency and the
Community today is computer security. In view of the lack
of confidence and reliability in computer software and the
growth of computers into large systems and networks, the
threat of a major security incident is very real. Systems
have been proven to be vulnerable and in view of the
quantity of information we are now computerizing, the
potential penetration loss and compromise could be
devastating." (OS) (C 3d(5))
c. Need to record declassification and downgrading actions.
"It is essential that all decisions having to do with the
declassification of Agency material should be reflected in
(Agency) records." (D/NFAC)
Accountability:
d. Need for internal registry and document control systems.
"A growing problem is the handling of document control
records. This is now done manually in PPG and other
registries. Especially with the spectre of multiplying
requirements for recording the. handling of sensitive
material until now not subject to individual control, this
issue may mushroom." (PPG)
3-14 SECRET 3-14
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 2112 : CIA-RDP86BOO2B9PZU613OCTO8 1-0
"A (need exists for a) standard approach to a document
control system tailored to the needs of an organization,
program, or project oriented toward research, development
and engineering. This is not to imply that an Agency
centralized system is the answer to our foreseen problems.
Rather, we seek a community RD&E system that may or may not
be compatible with other systems in the collection and
production components." (OD&E)
e. Need for systems to record the release of information outside the
Agency.
"Coordination of CIA release of information to the public
remains the weakest element of information handling today.
Our unconcerted approach to information disclosure in
various forms via the Public Information Office, OGC, OLC,
FOIA/PA and declassification channels has the potential for
recurring embarrassment." (DO) (C 3d(5))
"Another problem that is symptomatic of our lack of strong
central Agency management in this field is the Agency's
present, decentralized ad hoc approach to monitoring the
release of information to the public. At present, there is
no centralized index where one can easily determine what
material has been requested; what material has been
released; and what material has been denied... It is
essential, as a first step, that all decisions having to do
with the declassification of Agency material be registered
in a single place and that central records be maintained of
these decisions." (D/NFAC) (C 3d(5))
f. Control of Reprographics
"Machine copying of documents in CIA is virtually without
oversight or restriction, except for self-restraint
exercised by individual employees. Under current practices,
anybody can copy anything." (OS) (C 3d(5))
3-15 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006' f1 E..ILIA-RDP86B00269F 0~UaU . 0Y018Q
3.9. Computing Support Services
a. Optimal division of central and distributed facilities.
"State-of-the-art and Agency policy are both changing. We
would like to consider a distributive system in which we
would do most of our work from a dedicated mini, but would
have access to mainframe support for storage and other tasks
which can be done in batches." (DDA/ISS)
"While a large proportion of data processing applications
require the power and storage capacity of a large computer
system, other applications might be better served through a
distributed processing approach. These applications would
involve text editing, or relatively simple computations,
which could be done locally, without tying up the main
computer. There are many types of terminals or small
computer systems which offer this stand-alone capability, as
well as the capability to communicate with the main computer
system, to transmit information or share data, for example."
(OSO)
b. Extent of required hardware standardization.
"(There is a) need to achieve Agency standardization in
dealing with a burgeoning hardware market which includes a
profusion of minicomputers and microcomputers." (ODP)
"Entering the mini- and microcomputer era, which has great
potential to assist us, we will need to guard against
unwarranted proliferation and duplication of effort. This
will require us to standardize to some extent." (DO)
c. Methodology for allocating (prioritizing) central resources to
component users.
"With the move towards minicomputer, is ODP taking steps to
assure they will be able to support customers in the
future?" (OP)
"We in OER occasionally have high-priority demands for
time-sharing services. To meet these demands, we would
willingly require all OER users except one to stop using the
time-sharing system. Under the current time-sharing system,
the step of choosing among users would benefit OER very
little. The computing resources that we would save would be
distributed among all remaining users of the system, so our
priority demand would get very little additional attention..
In contrast, we could get the priority service we need,
should we operate our own system. This same problem of
local versus central control occurs in many other areas of
information handling, such as batch processing and
centralized word processing for producing finished
intelligence." (OER)
3-16 SECRET' 3-16
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2096.t 0V22" : CIA-RDP86B002( FWO$ I-}6NW-0
d. Limitations in the availability, capacity, and responsiveness of
the central facilities.
"(An information handling problem is) the availability and
the allocation of user terminals (and) the availability of
an adequate communications network to support these
terminals." (ODP)
"The Office of Security views its most significant problem
as being in the area of computer downtime. This factor, in
many cases very subtle, has a cumulative effect that can
result in major losses in resources and program
effectiveness." (OS)
3-17 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%/g&kil-CIA-RDP86B00269?OklUNggqDg W-
3.10. Systems Implementation and Maintenance
a. Optimal division of central and distributed facilities.
"Because of their increasing workload, it is becoming more
and more difficult for ODP Central Services to provide
timely support." (OSR)
"To what extent should each organization possess organic ADP
support resources?" (OWI)
b. Extent of required standards for implementation methodology and
documentation.
"A problem facing this organization is the need for a
greater degree of standardization in the Agency's
development of ADP software." (ODP)
"There is the need, however for a central office or group to
coordinate and monitor data processing applications
throughout the Agency, if only to avoid duplication of
effort. They might also make an effort at standardization
-- of programming languages, data base management systems,
programming techniques, etc. -- among all user offices."
(OSO)
c. Need for the development of standard data accessing languages.
"The number of digital data bases (both commercial, such as
the New York Times Information Bank, and Governmental, such
as NSA's SOLIS) is rapidly increasing. This proliferation
of data bases forces OCR personnel to maintain a working
knowledge of a variety of command languages for
interrogating the various data bases. Some means must be
developed to enable an individual to query multiple data
bases in a single standard language which can then be
machine translated to fit the appropriate file." (OCR)
" A major problem is the standardization of user retrieval
languages for large systems such as COINS II." (OSR)
d. Need to develop data bases which can serve the widest
population of users.
"There needs to be a greater effort towards the integrated
development of information handling systems, with direct_Lon
and coordination stratified at:. the directorate level." (OL)
"OF has expressed concern that the development of large
administrative ADP systems within the DDA are commonly too
parochial in scope and design. The observation is made that
far too often data transactions must be processed (machine
and manual) by several different systems because each system
is designed to satisfy only the specific processing
3-18 SECRET 3-18
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 2 l : CIA-RDP86B0021fl9 8WD6
requirement of the sponsoring office. OF feels that
economies of processing would be achieved if there were a
DDA systems architect who would ensure that the design of
any new, relatively large, ADP system reflects the
applicable requirements of all DDA components." (OF)
e. The expressed need for additional graphic oriented data
manipulation facilities.
"Graphic terminals and business graphics have not been
adequately explored or exploited. OL would use these aids
if they were available and easy to use." (OL)
"The advent of sophisticated intelligent computer terminals,
more elaborate graphics capabilities using computer input,
and the introduction of a mass storage system to lessen our
dependence on magnetic tape for storage of data will
contribute to OSR's mission.... A graphics package capable
of tabulating and displaying order-of-battle data as well as
overlaying disposition of forces data on computer-generated
maps is being planned. This will rely on a micro-computer
to display output and make it available in color hardcopy
form." (OSR) (C 3d(3))
f. Insufficient analysis prior to implementation.
"With respect to the management issues, we feel that
successful planning for the acquisition of information
handling systems must be preceded by an analysis of the
requirements for these systems... The design of information
handling systems should encompass the procedures involved in
using the systems. It is not sufficient that an information
handling system merely automates the current work and paper
flow - a fresh look is required which will look at both the
procedures and the available technology." (ORD)
"Better organization is needed to ensure proper coordination
among CIA offices on information handling decisions that
impact on many other components. New information handling
systems too often are based on automation of existing
procedures rather than a detailed analysis of the problem
and its interrelationships to other components. Recent
actions in such areas as records management planning, cable
dissemination, and security markings on documents are but a
few illustrations of this deficiency." (OCR)
Resources required to maintain current systems.
"The increasing requirements to maintain existing systems
reduces resources available to respond to new requirements.
Old, costly, systems must be reviewed and either replaced or
terminated." (OL)
3-19 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200(/~t4:.rCIA-RDP86B0026950R1 OSg6p%Q 8
3.11. Miscellaneous
Personnel Services:
a. Insuring an adequate availability of IH professionals.
"I also believe that this study should focus to some degree
on the qualifications, or lack thereof, of the people
currently involved in the information handling process. My
own belief is that many of our current problems are caused
by such lack of qualified personnel." (DDA/ISS)
"(A problem for ODP is) the attraction and retention of
qualified ADP professionals given the inducements present in
today's marketplace...." (ODP)
b. Insuring that IH professionals receive the necessary training to
support current systems and are kept aware of the advances in
technology.
"Training is heavily booked and does not always match our
needs, either in the nature of the training or in
timeliness." (DDA/ISS)
"Skill profiles of employees required to design, install,
operate, and maintain new information handling systems must
reflect modern technological training... Significant
increases in training are projected if the Agency is to
effectively utilize its investment in newer/more
sophisticated IH systems." (OC)
Data Management:
c. Data management services: Optimal level of central versus
distributed support.
"(A major problem in IH is) should the Info Control Officer
staff include a data base management function?" (OP)
Research & Development:
d. Prioritization of support efforts in R&D.
"Often times information handling projects proposed by OCR
are overridden by other priorities in ORD. Long-term basic
research is a necessity to meet future Agency information
handling requirements." (OCR)
"(An Agency-wide management issue is) who will identify
Agency- wide research and development needs and promote
intra-component cooperation in research and development on
information processing?" (O/DCI)
External Implications and Constraints:
3-20 SECRET 3-20
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20{ t1RUF CIA-RDP86B0026iBRAMUW60 A0
e. Government regulations relative to procurement, records
management and other IH standards.
"Legal constraints are highly significant inhibitors to
efficient information flow, as we all have come to
appreciate. They dictate what information we store, how and
where we store it, for how long, how we may develop points
of access to it, who may have access to it, to whom we may
send it, and so on. In the DO, for example, we cannot
permit use of minicomputers solely on the basis of their
security or cost effectiveness because protection against
improprieties, such as unwarranted storage of information on
U.S. citizens, must also be assured." (DO)
"Despite the increasing availability and utility of
minicomputers as a viable alternative to large scale
centralized computers, restrictive procurement directives
and budgetary decisions have imposed limitations on ODP
which cripple its efforts to manage the development of this
alternative in a logical and systematic manner." (ODP)
f. Oversight and review by elements of the Community, OMB, and
Congress.
"Obviously, we are going to be measured against any
(information handling) standard adopted by OMB and therefore
the initial question is 'What need we do to maintain
management control of those areas of real concern to OMB'."
(DDS&T)
"An issue which will have an impact on ODP's ability to
continue or expand services (is) increased external
oversight." (ODP)
ALL PORTIONS THIS CHAPTER UNCLASSIFIED, ADMINISTRATIVE
INTERNAL USE ONLY, EXCEPT PARAGRAPHS OTHERWISE MARKED.
3-21 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
Ii Er: CIA-RDP86BQOS I
In this section, a series of analyses of discrete issues leads, in
some cases, to one or several tentative recommendations. Each
analysis intertwines technical and policy analysis. In many cases,
forecasts of technical trends underlie the analysis. These forecasts
are independently derived in attachment C.
For the most part, the analyses have been grouped, after the
fact, according to the nature of the tentatively proposed solution:
managerial, structural, policy standards, and
secu rity/compa rtmentation.
The analyses derive from the expressed issues of chapter three,
and the set of goals and objectives summarized in chapter 1. The
goals and objectives allow an integrated evaluation of management
alternatives, in chapter 5 with final management, program, policy and
security recommendations in chapter 6.
Each analysis is designed to stand on its own, independent of the
others, and they are so presented. Where the issues overlap in
substance, the presentations are somewhat repetitive. This is usually
flagged for the reader and is the price for guarding against
misunderstandings which could arise if an analysis were otherwise
taken out of context.
The chapter is divided into four major sections corresponding to the
four major issues in the original Terms of Reference (Att. A), i.e.:
Management
Structure
Standards
Compartmentation
Section 4.1, Management of Information Handling Services, provides a
series of analyses which stress the need for a top-level view, a
strategic plan, and an overall systems architecture. Conclusions
revolve around the management structures needed to support this
integration over the breadth of information services. Career
management and contingency planning are also discussed.
Section 4.2, Structure for Providing Information Services, presents a
vision of how information services will be delivered in the future and,
where appropriate, suggestions as to reapportionment of responsibility
and tasking. Major conclusions are the need for a pre-planned
integrated network with administrative and technical provision for
compartmentation. This section deals both with the technical
mechanisms and their organizational implications.
Section 4.3, Standards for Information Handling, recognizes the clear
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?J1C1 l?-CIA-RDP86B022S6RP ' aiw0f'60
benefits of standardization, tempered by a realization of the way in
which premature standards can pre-empt economical use of changing
technology.
Section 4.4, Compartmentation in Information Handling, Analyzes the
problems of control and accountability and the impact of changing
technology. Major conclusions are a suggested swing from document-
to information- accountability and a realization that, in spite of new
technical threats and new technical defenses, personnel security
remains the cornerstone. Technical discussions of the use of
encryption for compartmentation and overseas quick destruction
promise improved damage limitation.
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-2 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 209EO iEI : CIA-RDP86M)MEBITE MBB
In this study, Information Handling was broadly defined.
Included are: creation of information (keystroking, composition,
editing...); movement of information (courier & cable); dissemination,
storage, record keeping, reference & retrieval; and, ultimately,
destruction ... as well as the security and compartmentation measures
needed to protect information. This vast panoply of services was
bounded at one edge by excluding collection and the processing
intimate to it. Excluded at the other extreme is analysis. These
boundaries are meant to restrict attention only to those
non-value-added services. The emphasis is on the "handling" of
information.
This section deals with the management structures which might be
needed to deal with such a breadth of services. The need for a
top-level view, top-down strategic planning and an integrated, overall
systems architecture are stressed. Career management and
contingency planning are also discussed.
Section 4.1.1, PROVIDING CLEAR DIRECTION FOR IH, proceeds from
the broad concern within the Agency, expressed repeatedly to the
Task Force and its predecessor fact finding activities, for the orderly
development of information services. It proceeds, too, from a
maturing view of the role of technology and a recognition of the
increasing interdependence of systems upon one another. The
premise is put forward that the uniqueness of the Agency's
information handling needs is the exception, rather than the rule.
From this flows the conclusions that if patience supplants premature
development many of our needs can be met by commercial offerings to
come. Required, however, may be a redefinition and regrouping of
information handling tasks and concommitant organizational
realignments. Planning is seen as the key.
Section 4.1.2, THE ARCHITECTURAL FUNCTION, recognizes all
the human and organizational motives which conspire to yield designs
"in the small". These are rejected as being too costly in the coming
decade. Establishment of a clear authority within the Agency, to
clearly define the scope of individual systems and to provide the
blueprint for needed inter-systems integration, is recommended.
Section 4.1.3, THE ABILITY TO ACQUIRE NEEDED RESOURCES,
distinguishes between budget planning and defense by the provider of
an information handling service, and budget planning and defense by
the user of a service. Recent history demonstrates the efficacy of
the latter, mission budgeting, over the former. While relatively easy
to implement where the service is dedicated to a mission component,
this can be chaotic in the case of indivisibly shared, central services.
Section 4.1.4, THE ADP REVIEW PROCESS, discusses the putative
reasons for current EXCOM review procedures of ADP. Certain
deficiencies are noted in this year's execution of that review, and
alternate steps are urged. The exact nature of these, however, is
contingent upon larger managerial and organizational realignments
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%/d6I --CIA-RDP86B092tiF 1 g 0 '100
which may be contemplated.
Section 4.1.5, CAREER MANAGEMENT, proceeds from a shortage
of technically skilled, information specialists, which is predicted to
worsen over the decade. Because of the constraints we face in
competing for these skills, emphasis is placed upon a vital program of
career management. Emphasizing upgrading and refreshing of skills,
and a planned pattern of career growth, this should also serve to
lessen the "future shock" of the introduction of new information
handling technologies.
Section 4.1.6, CONTINGENCY PLANNING, addresses measures
which must be taken to ensure that our information resources,
gradually being entrusted to new, and perhaps more fragile
technology, can survive the broad range of potential catastrophes ...
which in variety and frequency may increase over the coming decade.
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-4 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 1 i E : CIA-RDP86B903G9 R1ZMI3ER 6tM-0
4.1.1 PROVIDING CLEAR DIRECTION FOR IH
Summary
The absence of top-level guidance and
coordination is contraindicated by the rapid pace
of technology, its concommitant fundamental
change in the nature of our jobs, potential
economies of scale, and the size of the capital
investment required.
A lack of direction is also at odds with the
quantum steps in the effectiveness of information
systems which can result from enlarging the
subscriber communities and enlarging the
information bases.
To reap technology's fruit in an era of tight
resources and a shortage of skilled personnel will
require top-down design, personnel management,
and foregoing the luxury of treating all our needs
as unique. Required above all is a well-charted
course and a deft hand on the tiller.
Background
A careful analysis of the preceding sections is at once reassuring
and discomforting. The activities and trends show a continuation of
the progressive and innovative spirit of Agency employees that is
commonly referred to as the "can-do" attitude. There is a broad
range of developments in information handling carried out by a major
percentage of Agency components, each intended to improve the
efficiency and effectiveness of some part of Agency information
handling.
The discomfort arises from the realization that developments and
innovations are occurring largely in response to local needs and
problems without benefit of higher level guidance that would ensure
all developments pull together for the common good. This problem
has been frequently identified by many of the Agency components
and, in fact, was the primary motivation for the formation of this
Task Force. The need for Agency-level guidance for the future
development of information systems and services is clear.
The need for this top-level view of the future is made more
urgent by the rapidity with which technology is changing the way
information services are provided and the large capital investments
those changes involve. People have grown accustomed to the
flexibility and adaptability of manual systems. Major changes in
manual systems can be implemented with comparatively little upper
management involvement. Mistakes in implementation are easily
detected and quickly corrected by the humans who form the system.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200g~V . CIA-RDP86B022 P,JU8ff0Q-0
By contrast, employing technology to an increasing range of
information services entails large equipment expenditures that
necessitate more upper management involvement if only because of the
budgetary impact. Application of technology also involves more
demanding discipline in the execution of change. Whereas manual
systems benefited from our most adaptable resource, the human,
machine systems are insensitive and unforgiving employees.
Misdirection and misapplication of technology can result in years of
undesirable service.
The issues expressed to the Task f=orce demonstrate the broad
concern within the Agency for the orderly development of information
services. The issues also depict a maturing view of the role of
technology in the delivery of services. While plans and programs still
address local needs and problems, the issues demonstrate the
awareness that systems are increasingly dependent upon each other
and that, in fact, many of the needs are more universal than local.
Hence, while senior management is concerned with the fiscal
effectiveness of information services and their development, the lower
levels of the Agency are concerned with the operational effectiveness.
Both parties point to the same need - the need for top-level guidance
and coordination to help ensure that developments in information
services are mutually supportive and directed toward common
objectives.
The management problem in information services for the 80's will
be to maximize the benefits of technology to Agency users in a
projected environment of relatively constant buying power and
increasing shortfalls of technical specialists required to develop,
operate, and maintain a growing capital investment.
To do so will require more emphasis on top-down systems design,
a centralized personnel management system for scarce technical
specialists, increased reliance on external contractors to offset
personnel shortfalls, and minimization of unique Agency systems and
their attendant support costs.
Suggested Solutions
Agency-level strategic planning for information services is a
viable and rational means of providing top-level guidance for the
development of Agency systems. If senior management can convey
desires and concepts for services and systems of the future and
reinforce those top-level views within existing management systems
such as MBO's, programs, and budgets, then positive effects on
system development will result. The degree and rapidity with which
these effects will be noticed will be in rough proportion to the
management and organization changes introduced to ensure Agency
response and in proportion to the degree of specificity contained in
the guidance.
4-6 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 CIRE : CIA-RDP86E2)tGERFFHMBRD9t 01-0
The specificity of the guidance that senior management is capable
of providing will be constrained by the amount of executive time that
can reasonably be devoted to services without detriment to
management of primary missions and by the need for prudent
restraint required to avoid stifling creativity and innovation. A
reasonable estimate of a strategic goals program that might be
managed by EXCOM is that response will be slow and erratic. The
network of thirty goals suggested later in this report has resulted in
only one substantive criticism, i. e. , it is too extensive. But, to
reduce the number of goals by any rational process leads to
significant loss of specificity.
This loss of specificity leads to a void in guidance between
top-level goals and lower-level planning that will largely perpetuate
the concerns and issues that exist today. Components will be left to
define their own strategies through the middle ground, insuring
continuation of component conflict and lack of systems compatibility.
What is suggested in addition to the Agency-level goals program
is creation of a systems architectural function to coordinate planning
at the Agency level and to help map the strategies between top-level
goals and component-level planning. This function is seen as the
answer to the broadly expressed need for Agency-level coordination
of IH planning. To be effective the architectural function would have
to be placed in the Agency hierarchy in such a way that meaningful
influence could be exercised over issues such as what systems would
be developed and when; assignment of organizational responsibility for
implementation and operation; the nature and number of interfaces
among systems; the location and structure of data bases; standards
for development, management, and delivery of services; and career
management of information service specialists. Also inherent in such
a central function could be a single Agency voice to the community
member and external oversight bodies concerned with Agency systems
and their management.
Whether such a function would be implemented as an Agency-level
staff function or assigned to an existing line function is largely a
matter of senior management style and the degree of impact desired.
It is reasonable to speculate that the function at any level will be in
continuous jeopardy without solid support of top management.
With a reasonably compact set of strategic goals endorsed by EXCOM
and the support of an architectural function coordinating the Agency
response to top-level goals, a strategic planning process can become a
continuing management system. Whether further organizational change
is required or desired is a question that can be separately addressed.
An estimate of the Agency resources devoted to providing information
services as defined in this study is 20% of the personnel and 40% of
the CIAP. These resources are distributed across communications,
ADP, reference services, registries, couriers, security, and
associated management functions. Allocation of these resources is
related directly to the evolutionary development of information
services. The current institutions can be said to have withstood the
test of time. Why then question the current organization? (S
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?/d61Ri-C-CIA-RDP86BO9299F 1 BQ0. 1o0
A9c(3.2) )
The answer to that question is that technology is driving us to
question our historical categorizations of information and hence
question our views on how to manage information. Stated otherwise,
until now we have confused the concept of information with the media
used to retain information. Our systems have been built around the
concepts of media. Documents are handled by registries and
libraries, messages are handled by communicators, data is peculiar to
ADP, etc.
When technologists suggest that, in the abstract, information is
independent of media and that technology can deal with information
without regard to media, there is an organizational identity crisis.
People begin to question why we differentiate messages from
memoranda and dispatches. The technologist responds there is no
need to differentiate when modern technology is at work. But that
suggests redundancy and inefficiency in the current organization and
raises questions of which systems should survive and which should be
absorbed or abandoned. Such issues will continue to surface over
the years as technology allows text, images, and voice information to
be moved, processed, stored, and retrieved within common systems
and procedures.
There are two management strategies for dealing with these
developments. The first is to continue with existing organizations,
dealing with the organizational issues as they arise and pursuing the
policy of gradual evolution. The second option is to forecast the
issues that are likely to occur and attempt to modify the current
organization in such a way that issues are avoided or at least
minimized in number and significance.
When permitted to focus on the questions of future services and
organizational change as this Task Force has had the luxury of
doing, there develops a clear preference for early and significant
change resulting from a confident view of the future. This
confidence derives from consistency of technology forecasts;
parallelism between development of Agency information services and
those of other departments, agencies, and industry; and the promise
of top-level strategic planning that can improve the effectiveness of
information services if properly supported.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
4-8 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20SECCRET: CIA-RDP86BP0S6PRW4l3 b6C l-0
4.1.2 THE ARCHITECTURAL FUNCTION
Summary
An architectural function which transcends
the design of individual information handling
systems is needed. The absence of this function
results in locally optimized systems which often
fail to meet larger Agency needs.
At present, no component representing an
Agency perspective is responsible for overall
system design nor are there incentives for a
systems designer to look beyond his immediate
component context.
Establishment of that architectural function is
recommended.
Background
CIA's information handling systems, large and small, are generally
designed in response to a specific need. Usually, that need is
expressed by a single component which subsequently becomes the
advocate of the proposed solution. In some cases, this is
satisfactory. Increasingly, however, we find that a single
component's needs are not independent of those of another component.
In those cases, a number of factors act in concert to prevent the
solution from rising above the specific need to anticipate larger
Agency needs:
The advocate component may be unaware of larger Agency
needs ... there is no overall plan;
- Territorial imperatives and the golden rule argue against
exploring problems outside a component's immediate sphere
of influence;
- Resources, or a perceived need for an immediate solution
constrain the amount of time which can be devoted to
such exploration;
Larger needs sometimes add complexity (at least from the
designer's viewpoint);
If a consideration of larger needs elevates the system
design beyond immediate jurisdiction, coordination can be
slow ... and sometimes unpleasant.
There are, then, mechanical and emotional reasons why systems in the
Agency tend to be designed "in the small". There are no incentives
for the designer of a particular system to examine its requirements
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?t1C1 f2e1-CIA-RDP86B012g2p 'Re 0 b0
within the context of larger Agency needs. Rather, there are
disincentives: the costs of a system may increase and its Initial
Operating Capability (IOC) may be delayed. This is not to say that
the system necessarily becomes more complex. Often as not a larger
view leads to a simpler overall conception (though this may not be
apparent from the component's perspective). Typically, however, a
larger view leads to* a system which crosses firmly established
institutional boundaries. This immediately raises questions: Who
should be responsible for the design of the larger system? for the
implementation? for the operation? These are questions we cannot
expect the designer of a particular system to answer. These are
questions we can expect him to avoid. Raising these larger questions
can be the responsibility of a systems architect inured to hardship
and properly situated.
The lack of systems architecture and the need for a systems
architect has been noted by previous students of the problem. The
ASPIN report in 1970, for example recommended "...a central
technical management review of major A.DP projects be created under
the present umbrella of Executive Director-Comptroller responsibility
for Agency ADP management, that a full-time position of ADP advisor
to the Executive Director- Comptroller be created to ... review the
various local plans, ... (and) ... develop a statement of long term
ADP objectives for the Agency . . . " The report emphasized that
..the most critical need in automatic data processing control is a
formal means for review of ADP activities."
Other agencies, too, have perceived the void and created a
systems architect. Most relevant among these are NSA with their
architectural board including data processing and communications
architects, and the Department of Defense with their WWMCCS
architect.
The term "systems architecture" is meant here to include:
- structure and interrelation of major hardware modules;
- interconnectivity of processes and processors;
- communications networks and protocols;
- structure and interrelation of major software modules;
- structure and interrelation of major data sets.
The term "systems architecture" is meant, here, to be unrelated
specific choices of hardware and software;
specific choices of communications protocol.
Instead, the focus of the Systems Architect is on functionality and
the flow of information.
4-10 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2( dFtE! : CIA-RDP86B3)(SESFPH QI }90601-0
Duties and Responsibilities
The duties and responsibilities of the Systems Architect include:
formulation of overall design (with help, of course); encouragement of
programs to achieve the design; and the design review of all new or
modified information systems whose procurement, implementation or
revision will require a major expenditure of resources. Specifically,
the Office of the System Architect will:
formulate overall architecture for information handling systems:
publish functional specifications showing the composition
and interconnections of major subsystems including, but
not limited to:
Central and Distributed Computing
Electronic Communications, Dissemination, &
Distribution
Word Processing and Printing
Micrographics
Graphic Display and Plotting
Remote Terminals
System and Applications Software
Substantive and Administrative Databases
- incorporate into the functional specifications, all available
strategic guidance, expressed user needs, and changing
technology.
encourage the formation of programs to implement the overall
architecture:
initiate planning and budgeting of programs required to
fulfill overall architectural needs;
- commission the design of information systems to meet
future needs;
- coordinate and represent resource requirements of overall
conduct a formal review of each proposed information system
to:
- explore the functional needs which the system is designed
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 ~E/ii rCIA-RDP86BOQ22% ~ Oyyg&
to meet;
- identify larger Agency needs which may be subsumed or
otherwise impacted;
- identify relevant interfaces with other current and future
systems;
- comment upon the information security of the proposed
design.
publish the results of the design review including:
- modifications recommended to meet larger needs;
- an estimate of additional resources required to satisfy
those needs;
- an estimate of benefits to be derived;
- recommendations for needed coordination.
Recognizing the importance of timely review, the Systems Architect
will ordinarily complete his review in sixty days.
The Systems Architect will represent Agency information systems'
designs as required in the larger community context. The Systems
Architect will also keep abreast of National Programs and the
interrelations of specific collection processing as these may impact
Agency information systems.
The Systems Architect will not design information systems, nor be
involved in the implementation of such systems. The Systems
Architect will neither certify nor validate the need for an information
system (except, of course, those which he commissions directly.)
The Recommendation
CIA/IHTF recommends:
establishment of a Systems Architect Staff;
the staff to consist of a Chief Systems Architect,
responsible for administration and coordination, and
Specialist Systems Architects, responsible for:
interrelationships of word/data-processing and
telecommunications hardware;
software macro-design, and data-base
interrelationships;
user interfaces, documentation and training standards.
4-12 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 20
(, ttET: CIA-RDP86BQ0S 1
The role of the Systems Architect will be advisory. Current
decision-making mechanisms are unaltered -- planning, budgeting,
designing and implementing. The design review conducted by the
Systems Architect will be public, thus available to all
decision-makers. The extent to which decision-makers rely on the
advice of the Systems Architects will depend upon:
the logic and persuasiveness of the advice;
the fervor of those advocates in opposition to the architect;
operational imperatives; and,
a sense of history on the decision-maker's part.
The clients whom the Systems Architect advises include:
user communities;
designers and implementers;
budget planners;
Office Directors;
The Executive Committee.
I n order to serve properly the advisory role, the Systems
Architect must have a master design against which new information
systems are measured. Achieving a realistic, agreed-upon,
forward-looking design will require:
as input, ENDORSED GOALS for information handling;
as building blocks, EXTANT INFORMATION HANDLING
SYSTEMS;
the DESIGN INPUTS of all relevant components;
publication of a PRELIMINARY DESIGN;
a round of COMMENTS on the preliminary design
interested parties;
iterations resulting in a FINAL DESIGN; and,
MANAGEMENT APPROVAL of the final design.
by
4-13 SECRET 4-13
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2008 j1C1h2JT CIA-RDP86B092~L9PWWRW6c
4.1.3 , THE ABILITY TO ACQUIRE NEEDED RESOURCES
Summary
Resources required to bring new
information-handling systems on-line, and to
operate and maintain needed information services
are frequently denied us by the budget process.
Where inappropriate, this results from a focus
on the aggregate of support services rather than
on the individual mission supported by a specific
information handling system.
It is recommended that budgeting for new
information systems be done by the "users", the
mission organizations who are the beneficiaries.
It is further recommended that, where possible,
this principle of beneficiary budgeting be applied
to operations and maintenance.
The doctrine encounters practical difficulties
with general purpose services or specific systems
developments where marginal enhancements allow
the system to serve broader needs. We cannot
afford to forego these economies of scale.
However, the principal benefit of beneficiary
budgeting, the user's opportunity to balance
information handling costs and benefits against
other program considerations, is substantial.
User budgeting, together with a sound, well
understood architecture for the development of
information handling systems and services will
enhance our information handling posture over the
next decade.
Background
b0
The pool of resources available to the Agency is shrinking. Many
factors are responsible, a worsening government balance sheet, erosion of
planned expenditures by inflation, competing needs of other agencies,
closer inspection of Agency programs, and occasional disaffection with the
Agency at large. In information handling, the general constriction of
resources is exacerbated by well-meaning but misguided attempts to
"control the growth of computers" or some similar malaprop. It is unlikely
that any information handling recommendation will cure the economy or
4-14 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20MaR : CIA-RDP86EWMSFVH 6 DQt l1-0
assuage the appetites of other, competing agencies. However,
recommendations which allow us to more fairly and clearly represent the
benefits of a proposed information system or an existing information
handling service do ease the Agency problem.
The Role of Information Handling
In the overall defense context, budget scrutineers enthusiastically
endorse the concept of intelligence as a force multiplier. Good intelligence
is worth a certain number of divisions; said differently, we can cut our
military force if our intelligence is good. As the concept is applied,
budget cuts have been accompanied by ratcheting up the force multiplier.
The mathematical beauty of tiny changes in the force multiplier displacing
significant military expenditures has been irresistible..
If there is validity to the concept, then information handling services,
the new technologies and new systems, surely qualify as force multipliers.
In fact, the Agency's record is quite good in this respect: a decade of
relatively constant dollar expenditures have allowed a steady reduction in
information handling personnel. Upcoming investment opportunities will
allow us to continue the reduction and/or greatly improve the quality of
information handling. When choosing between further resource reductions
or improved services, consider: small improvements in intelligence are
leveraged into large improvements in the nation's defense posture. We
must not shrink, therefore, from aggressively seeking the resources
needed to improve information handling ... for they are twice multiplied
into overall defense improvements.
Creating a Defensible Budget
Because of the importance of information handling investments, the
budgetary case must be made as clearly and persuasively as possible.
Capital and recurring costs must be well understood. More importantly,
the benefits must be clearly presented in the context of the mission. This
will:
permit weighing an information system investment or information
handling service expenditure against other mission budget
elements;
allow the ultimate intelligence contribution of that system or
service to be easily understood; and
- promote to the larger national level the benefits to accrue from
the outlay of resources.
Once having assumed its place within the overall mission priorities, the
budget item should be immune to frivolous challenge as a general support
item. The only legitimate reason for critical examination in the context of
general support would be to identify potential savings which result from
economies of scale. An integrated architectural plan will identify such
savings or preemptively demonstrate that none exist.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200(/~ea%. -CIA-RDP86BOa2% A OQgd&
This analysis emphasizes the importance of budget defense within the
mission context. In implementation, however, we would not want to err at
the other extreme -- i.e., attempt to defend technically complex items
without benefit of technical expertise.
An analysis of current budgeting practice shows an uneven record of
defending resource requirements. In part, this appears to be process
dependent. As an example, the Office of Communications calls for
requirements, validates and consolidates these, and puts forward an
integrated communications budget. This submittal necessarily prioritizes
requirements within the overall communications program, recognizes only
indirectly the priority of an individual mission, and does not specifically
address the priority of the communications requirement within the overall
mission plan. This process is magnified as the DDA places portions of the
Communications budget within the overall, prioritized Directorate program.
Thus, overall DDA guidance and priorities may heavily impact a mission's
communications. The effect has been to subordinate new communications
starts, in deference to ongoing activities ... even though the new
communication start thus denied may be an essential part of an ongoing
overall mission. This results in post hoc reprogramming of mission funds
in the current year thereby vitiating the original planning process. (C
3d(3) )
Within the same Directorate of Administration, the Office of Data
Processing offers an interesting contrast. Here, too, an Agency-wide call
for requirements leads to a consolidated ADP budget submittal. However,
the record shows an effective defense of resources required to take on the
new jobs while improving ongoing service. The differences seem to be:
- the size of the capitalization required
- the non-identifiability of the separate requirements
- the dividends of improving technology
Now, we can expect communications increasingly to reap the
cost-performance dividends of computer technology as the disciplines
coalesce. Moreover, communications functions, properly viewed as
applications on general purpose computers, submerge the individual
identities of underlying requirements. Both of these factors can be
expected to improve the communications resource picture. However, where
it becomes desirable to preserve the identity of an individual requirement,
or where the capital size mandates, closer ties to the mission may serve us
best. (C 3d(3))
The SAFE Project illustrates the principle of users budgeting for the
development of an information handling system. The project is
administered and technically managed by the Office of Data Processing.
However, budget requests have been carried in NFAC (formerly DDI)
submittals since the inception of the SAFE effort. Each year, NFAC has
weighed the benefits expected from SAFE against other intelligence
4-16 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269ROO1300060001-0
Approved For Release 20SET.Tt 2 : CIA-RDP86B00$6IFTWO
production needs. On balance, NFAC decided that SAFE's relative
priorities placed it on the margin between then current activity levels, and
high-priority enhancements. Subsequently, a vigorous budgetary defense
tied to intelligence production needs was successfully mounted. Excluding
the dust raised by questions about a SAFE-ADISS relationship, the only
serious chall E's fiscal health came early in the planning when
fff:ft plan was scaled back to a dangerously lean C
an ambitious
Ilan . c . J)
The Offices of Communication and Data Processing have experience
with the "user" budgeting for proximal personnel, OC with its field
communicators who man S&T networks, and ODP with its "outlander"
program. Other services, Finance, Security, Logistics, similarly have
operated for some time with "users" providing the slots for seconded
personnel.
Having the "user" budget for information handling services -- both capital
items and personnel slots -- has certain drawbacks:
the user may balk at funding a part of the overall architecture
whose short term local benefit is not obvious; and,
- the user may reduce needed information security expenditures and
security personnel.
Outlays for these "overhead" items -- security, standards, documentation,
interface to other systems -- may be traded-off against direct-benefit
information services or other program expenditures only within prescribed
limits. Doubtless, some tension will arise between the user and the
architect or the information security officer. No different from the
situation today, this highlights the need for overall management of
information services.
On balance, it is recommended that where possible, budgeting for new
information handling systems be done within the beneficiary's mission
budget. User budgeting for operations and maintenance of information
services is similarly recommended, insofar as possible. Where the
budgeting questions touch larger issues such as security, system
standards, the needs of other users, and intersystems architecture,
coordination will be required. The nature of this coordination is the
subject of other recommendations in this series.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT PARAGRAPHS
OTHERWISE MARKED.
25X1
25X1
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?E'(1 T? CIA-RDP86130~2?@P &60 &0
4.1.4. THE ADP REVIEW PROCESS
SUMMARY
Current EXCOM procedures for reviewing ADP
projects stem from two faulty assumptions:
insufficiency of, and contention for central ADP
resource; and, an increasing share of the Agency
budget devoted to ADP.
A third impetus was Congressional and OMB
pressure for tighter management controls.
Ineluctably, a disproportionate amount of
senior executive attention is fo used on ADP
which accounts for a f the Agency's
budget. Moreover, the ormat and effectiveness
of current review procedure is questioned. (S
A9c(3.2))
What EXCOM requires is a report on progress
toward established information handling goals and
a coherent budget briefing in the context of those
goals, highlighting the overall architecture at
which we aim. Life cycle costs and measures of
effectiveness of major ADP programs also need to
be discussed. Certain issues, with which EXCOM
must deal, would result.
For programs which are major consumers of
ADP resource, the mission managers should be
directed to discuss, in context, the support of
mission objectives via ADP, and measures of
effectiveness of that support.
Background
In his 28 March, 1977 memorandum, the Comptroller set the stage
for current EXCOM review procedures. Two primary issues, raised
on 16 December 1976 by the DDCI, were central to the formula:
How can we monitor month-to-month use of central ADP resources
to permit Agency-level resource allocation decisions when
contentions arise?
How can we plan for the future to ensure that the large ADP
budget increases we are experiencing are in the overall
interests of the agency?
In retrospect the assumed antecedents hardly materialized: major
contentions for central ADP resources did not arise, and we did not
4-18 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20960 Ri 1 : CIA-RDP866Z)0W8FF 1;3E
continue to experience large ADP budget increases.
At the time, the Comptroller stated that
"...ADP expenditures are not only continuing to increase
steadily, but are consuming an ever-increasing portion of the
Agency's total Budget..."
With the advantage of hindsight the portion of the Agency budget
allocated to ADP is relatively constant at:
This represents an inflationary, not a real-dollar growth. Moreover,
if we look at information handling services at large, we see no real
dollar growth over a ten year period, and a modest decline in
personnel which has resulted from the capital investment. This
longer and larger perspective pre-empts the supposition that EXCOM's
two years of reviews curbed an otherwise runaway ADP budget. (S
A9c(3.2))
As for presumed growth in demand for central ADP services, we
must distinguish demand for computing resource from demand for
programming resource.
Computing Demand
Excepting new initiatives such as SAFE, the growth in demand for
computation is an orderly, linear increase. Steady improvements in
price-performance characteristics of new hardware meet the rising
needs with a modest CPU and disk replacement strategy. Such a
replacement strategy would be indicated on grounds of maintainability
absent a forecast rise in demand. When SAFE comes on-line, the
apparent step-increase is more the result of procurement strategy
than disorderly demand outstripping technology's offering.
Denominating in doll
s demand for computation evidenced by
SAFE, and allocati
expenditure to software
25X1
development, leave
worth of computation demand
25X1
amortized across 10 years, 1974-34. A9c(3.2))
With regard to demand for centrally supplied software
development, the picture may be substantially different. ODP has
adopted the strategy of assigning the bulk of its in-house applications
software development capability to a very small set of projects. Two
or three projects occupy more than half of the applications staff.
This results in a 1-2 year backlog of documented projects, excluding
those where the customer is unwilling to wait in queue, and excluding
those whose initial investigation has been prohibited by personnel
scarcity. While quite serious, and worthy of EXCOM attention, this
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200Wde1Ri.rCIA-R DP86BO92~50&1Ag99 Oc doO
applications programming shortfall was not thoroughly vetted within
the current review procedures. More to the point, since the backlog
is measured in years, a month-by-month review would hardly be
needed. (C 3d(3))
Dealing with Significant Issues
A perceived failure of the current EXCOM review of ADP is its
failure to resolve, and sometimes even to recognize significant issues
when they arose in the course of the briefings.
One such issue was the question of whether ADP support to
National Programs should be provided for in the CIAP or the NRP.
This was raised explicitly by the IG on several occasions. It had
been dealt with by EXCOM on a per-project basis, previously. (S
A9c(3.2) )
Another issue, raised explicitly by the Comptroller in the context
of an accelerated CRAFT initiative, was the possible shortage of
skilled manpower. Because of the context in which the question was
put, the issue was narrowly addressed. However, the shortage of
skilled personnel is forecast to get worse, not better, as we must
compete with increasing industrial demand for a scarce supply of good
people. Among the questions which this raises are: how can we
recruit, train, and retain manpower in this area? can we compensate
them competitively? and, if we cannot compete for the scarce supply,
what ADP initiatives will be foreclosed? (C 3d(3))
A third issue, raised but hardly attended to, was the possible
need for ... or, at least the effectiveness of vastly increased
computational power. The DDS&T pointed out that certain
engineering design exercises, already big batch number-crunchers,
are in fact, shortcut approximations of more complete engineering
calculations and that there would be benefit in more complete
exploration of larger solution spaces. Moreover, there would be some
benefit in affording the engineers a higher degree of interaction than
is now possible with overnight, batch turnaround. (C 3d(3))
Another issue, one which was implicitly revealed on several
occasions was the lack of appreciation of total life-cycle costing.
This surfaced in discussions of Language Translation where the ADP
acquisition costs paled beside the human operator requirements, and
in the case of CRAFT aspirations which were presented independent
of substantial communications costs. Yet another example was the
apparent surprise to some that when PERSIGN comes online, a
substantial programming effort will still be required for the
foreseeable future.
An obvious incongruity in the EXCOM review of ADP is the
omission of any reference to Project SAFE. Disregarding the fact
that SAFE already has as many reviewing groups as programmers, it
seems that its absence misrepresents the context in which other ADP
activities should be viewed.
4-20 SECRET 4-20
Approved For Release 2006/11/22 : CIA-RDP86BOO269RO01300060001-0
Approved For Release 20Md:VVr: CIA-RDP86BQ08E1
One remedy for the foregoing is embodied in organizational
realignment options discussed elsewhere. If there were to be a clear
line authority for all information services, EXCOM could play a more
seemly upper management role, the setting of goals and the
monitoring of progress thereto. The manager of information services
could provide a context for budgetary review of a coherent program
by revealing the information handling architecture which he is
developing. (Absent an overall manager of information services, the
sytems architect, discussed elsewhere, could provide the needed
context.)
For some programs, ADP resources will comprise a substantial
fraction of the total cost. It is recommended, in such cases, that the
mission manager, in the course of normal management review of his
program, should be instructed to address the questions of: why ADP
resources of that magnitude are required, what alternatives might
have been considered, and what measures of effectiveness he intends
to apply to ADP contributions to his overall effort.
Finally, it is recommended that the individual charged with
conducting the review, (manager, architect, whoever) be directed to
flag a significant issue when it arises and prepare a coordinated
discourse of that issue, including a suggested resolution thereof.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200g~C1 7.. CIA-RDP86BO2%60P EW60ffib 0
4.1.5 CAREER MANAGEMENT
Summary
The Agency is faced with meeting the
challenge to provide qualified professional
information handling specialists who have the
training and experience to respond to burgeoning
information services. With increased emphasis on
developing technology, responding to FOIA/PA
and litigation requirements, and intensified
interest in managing information as a resource,
we must be prepared to meet these demands with
a cadre of information handling specialists who
have been identified, trained, and developed
within a career-oriented environment.
A well-defined career program would enable
Agency management to use more effectively the
scarce personnel resources which exist currently
in many categories of information handling
services. In addition, the Agency would be in a
better position to attract and recruit qualified
professional applicants from external sources if
able to present a comprehensive career
development program.
It is recommended that each Directorate
establish a career service for Information
Handling specialists which will meet current and
long-range needs of the organization as well as
foster the professional development of the
employee.
An Information Handling specialist is defined
as one whose primary job responsibility is
concerned with the management of data or
information. Computer programmers,
communications specialists, systems analysts,
document indexers, registry clerks, couriers, and
micrographic technicians are examples of
categories of personnel which may be identified as
information handling specialists.
A career service is not the panacea for all personnel management
woes. It will not solve all recruitment problems nor will it necessarily
4-22 SECRET' 4-22
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2QMaR9P : CIA-RDP86EZ)OGiBWH&6B09601-0
produce better ADP systems. A career service for Information
Handling (IH) specialists will, however, assign responsibility within
each Directorate for career management, i.e., establish and maintain
Agency standards for recruiting, developing, ranking, promoting,
and assigning employees of a common discipline.
Although a DDA centralized career service would be
considerably larger than others, we believe it is manageable and we
do not anticipate any significant problems beyond those posed by the
career service of managed by the Office of
Communication (prior to OC's reduction to its current ceiling). (S
A9c(3.2))
The estimates presented in the accompanying table are based on
our analysis of the "Agency's General Schedule Occupational Groups
and Series" where those positions involved primarily in the
management of data or information were selected and a total count
effected in each Directorate. Specifically of interest were those IH
activities concerned with recording and editing of information, e.g.,
word processing; acquisition of information, e.g., library acquisition
of periodicals; dissemination, e.g., cable analysis; distribution, e.g.,
mail and courier functions; communications, e.g., telecommunications
services; information reference, e.g., those functions supporting the
storage and retrieval of both manual and automated data bases;
printing, reproduction, and transformation, e.g., printing and
publication services; information security, e.g., communications and
computer security functions; information systems, e.g., computer
programs and computer technical services. Excluded from the list are
positions involved with collection, processing proximal to collection,
and value added services such as analysis.
In some cases the list may be too broad in scope since the
functions may vary significantly from one Directorate to another.
The duties of an electrical engineer in the DDA for example may be
cited as an IH activity while an electrical engineer in DDS&T should
be excluded from the list. We have attempted to identify these
unique positions and adjust the list accordingly. However, there are
IH services which do not appear on the list since the functions are
performed by personnel whose position title does not accurately
reflect the assignment of IH duties. In such exceptional cases, the
managers of these activities must assume the responsibility of
identifying the positions within their offices as IH-related. Obviously
there will be additional categories of personnel whose functions are
somewhat equally divided between providing IH services and some
additional speciality, such as production analyst. These cases will
require a review by the mission component and the career service to
decide which function takes precedence thereby determining which
career service will administer the employee's career. In the final
analysis, only Directorate management is in a position to review and
reconcile the list of IH positions to ensure its completeness and
4-23 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200E1Ri-rCIA-RDP86B0012%%PVPHAMOQygdO
accuracy.
CONCEPTS
Within a directorate career service, IH functions could be grouped
into areas which are further identified by the career service or
"functional" category. The assignment of functional categories
facilitates the competitive evaluation process so that the performance
of all members within a category can be evaluated against established
standards. These standards, coordinated Agency-wide for use in all
directorates and applied to all members of the IH occupational family,
greatly enhance the comparative evaluation system.
In addition, the assignment of functional categories serves to
correlate career paths. A functional category could logically include
all personnel involved in records management, e.g., records
management officers, records officers, archivists, etc. Another
category could group ADP professionals, e.g., computer
programmers, computer systems analysts, computer specialists,
computer engineers, etc. A third category might include computer
technicians, computer operators, technical writers, production control
specialists, and computer support personnel. Although career
progression would normally occur within the employee's career
development area, lateral movement into other areas could be viewed
as career enhancing for the employee and at the same time beneficial
to the organizational component. Additional specialized training would
be required, however, prior to assignment of a non-technical
specialist into a technical position. Given the projected critical
shortage of information specialists, especially computer personnel, we
must use the personnel resources available within the IH occupational
family as a feeder group into those areas plagued by personnel
shortages.
Benefits to the Organization
1. Assignments
A centralized career service is more aware of
Directorate and Agency-wide requirements and opportunities
than individual components and is in a better position to
respond quickly to demands for reallocation of personnel.
Having the ability to draw from a large pool of resources,
the Directorate would be able to respond to requests which
require more experienced personnel than a single component
controls. Indeed, centralized career management provides a
Directorate with the unique opportunity to recruit from
identified members of an occupational family across
Directorate lines in order to fill positions with the most
qualified personnel available. This is especially important
where overseas assignment is perceived as beneficial to the
employee's career development. The major benefits are
twofold: the field stations's IH services improve when
positions are staffed with the highest calibre of IH
4-24 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BO0269ROO1300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 c 1 E2 : CIA-RDP86B003H JaIBM6' l-0
specialist; and, the employee profits from the opportunity
to broaden his professional experience and further develop
his skills in a mission oriented environment. The role of
the IH specialist in an overseas station will, however,
change significantly in the future with the installation of
CRAFT. The OC-communicator will assume the new
responsibility of the technical maintenance of the CRAFT
system. This change will bring the communicator in closer
affinity with ADP professionals. It is especially important
in the development of costly systems, such as CRAFT, to
select personnel with the technical expertise most often
found resident in the component who is the major provider
of that technical service. (C 3d(3))
If an employee is to have optimal opportunity for career
advancement, he should be a member of an "occupational
family" which is represented by a career service with
responsibility for all members of that family. Unless career
development is focused on the occupational family rather
than the organization, we cannot achieve maximum benefit
from our career services. We believe that although career
management should encourage assignment of personnel
across directorate boundaries, compartmentation need not be
threatened. Good compartmentation dictates the restriction
of sensitive data to as few individuals as reasonable and
also the implementation of security procedures by the
mission component who has operational control. We conclude
that the individual operating in a secure environment,
regardless of which career service he represents, can be
made sensitive to the security considerations of the mission
component. As evidenced in the past by the long and
successful relationship between the DO and
OC-communicators in overseas field stations and, more
recently, the enhanced level of support furnished by ODP
in its operation of the DO Special Computer Center, it is
clear that compartmentation can be effectively administered
within an occupational family regardless of which directorate
controls the career service.
2. Training
The Agency continues to commit substantial capital
investments in information handling systems yet lacks a
coordinated plan for furnishing requirements and direction
to the Office of Training to ensure a timely, effective
training program which bridges the transition to new
technologies. A centralized career service would be the
most logical organizational entity to develop a coherent
training plan based on the skills required to support
current systems and project future training needs. The
benefits accrued would be reflected in the refinement of the
training courses offered which would more closely relate to
the skills needed to perform IH services and, in general,
result in better scheduling which fit the needs of both
4-25 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?9-f?CIA-RDP86B022?@P'J(0ft0
employees and managers. Indeed, in the aggregate, the
benefits that accrue would have a positive effect on all
users of IH services.
3. Establishment of Evaluation Standards
An additional benefit accrued from a centralized
approach to career management would be the establishment
of uniform evaluation standards for Information Handling
specialists and staffing of competitive promotion panels with
Information Handling personnel who have an appreciation for
the nature and value of the job performed.
Benefits to the Employee
Although the employee has to assume responsibility for
managing his own career, the Agency is well served by
providing him the training and career opportunities to allow
him to develop his skills so that he may advance into more
responsible positions. Amalgamating Information Handling
specialists into a career service at the Directorate level will
offer him some affinity with others of the same discipline
and as part of a larger forum, help him to achieve
recognition as a professional. As a member of a recogniized
and viable group with its own esprit de corps, one could
reasonably expect to achieve better morale and a sense of
professionalism within the group, as well as an overall
improved image of the Information Handling specialist. The
"professional" status allows him the opportunity to join
external vocational groups whose seminars and educational
information on the latest trends and technology would
contribute to his career development.
2. Career Development Plan
A well-defined career program for information specialists
is not complete without establishing a comprehensive career
development plan (CDP). Although some career planning is
administered by the Office of Personnel with its Senior
Officer Development Program (SODP) and its Annual
Personnel Plan (ADP), in addition to some localized
component planning, there is generally a lack of centralized
career planning focused on information handling specialists.
With the exception of DO/Information Management Staff
(IMS), component career planning traditionally focuses on a
very select group, e.g., ODP, OC personnel. The DO
has, however, a broad-based career development plan which
encompasses all information handling specialists within the
Directorate. Within the DO, information handling services
and the career management of the informer handling
specialists are centralized in iMS. Thel IH specialists
4-26 SECRET'
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20SECCET : CIA-RDP86130026BITElv1BHWB
are members of the DC career service and are home-based
in IMS. The Staff is responsible for establishing
recruitment requirements for new IMS employees as well as
the assignment (or reassignment) of all IH specialists within
the Directorate. The career management of all IMS
employees is a shared responsibility between IMS
management and employees played out through the career
development plan. This recommendation, based on the DO
model but projected at an Agency level, includes all
information handling specialists as members of a recognized
discipline. As such, it represents a significant effort in
career management. (S A9c(3.2))
A career development plan provides the architecture for
an intelligent, orderly preparation for career progression.
It is a tool intended for use by both managers and
employees in their attempt to balance individual career
interests and organizational goals. The objective of a
career plan for IH specialists is to develop a group of
skilled, versatile, and motivated professionals whose
development contributes significantly to the improvement of
IH services. To be effective, a career development plan
must be interfaced with other management systems, e.g.,
vacancy notices, performance evaluations, OTR's testing
facilities, career counseling, etc. A career development
plan cannot survive in a vacuum; it must be supported by
a strong personnel management structure.
The CDP, identified by a schematic, is a formal
document which outlines performance requirements,
training, and advancement opportunities in the field of
information management. Development of the plan requires
a considerable manpower investment to identify and perform
a task analysis of all categories of IH functions, develop a
career path structure for each functional category, and
provide descriptions of career development requirements and
advancement possibilities. Specifically, the plan should:
identify the information handling positions within the
Agency; describe the knowledge and performance skills
desired of one entering an IH position; list the formal
training courses to be completed while on-the-job; describe
the knowledge and performance skills to be attained while in
a position; and, describe the qualifications desired for the
next logical level of advancement. Once orchestrated, the
plan is personalized through career counseling sessions with
the employee. During these sessions, a commitment is made
by both employee and supervisor. Specifically, the
supervisor is charged with providing work assignments
which make optimal use of the employee's skills and
experience. The employee, on the other hand, must accept
the commitment to attain the skills needed to perform his
current job through training, rotational assignment, etc.
In addition, the plan is used to assist him make thoughtful
decisions on his career progression and future assignments
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200g/E 11121CIA-RDP86B0g2RF 1'MRIWOPW60
based on his skills, interests, and potential. An employee
having access to this comprehensive body of information
should be in a position to set achievable career goals and,
in general, assume responsibility for his own career.
Ideally, the plan represents a dynamic process which will
continue to evolve as an employee progresses through
various stages of his career.
Drawbacks of a Centralized Career Service
Although a career service offers the employee greater mobility in
job assignments, there is obviously some erosion of the operational
component's management control. In addition, mobility must be traded
off with some loss of continuity and increased on-the-job training.
However, the long term goal of developing the employee should
outweigh the short term objective of retaining personnel in a narrow
office environment.
It is recommended that each Directorate establish a career service
for Information Handling specialists. The career service, managed at
Directorate level, should be responsible for administering the career
development program for all Information Handling specialists. In
addition to providing career development opportunities and planning,
the career service should be charged with establishing and
maintaining standards for recruiting, ranking, training, and
promoting information specialists. A Career Development Plan should
be designed for all IH specialists.
4-28 SECRET 4-28
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
( REX: CIA-RDP86BQ08V 9 }6T l-0
Two trends, increasing application of
technology to information service and decreasing
confidence in the sanctity of the operating
environment, are elevating concerns for
contingency planning.
Such concerns are justified and imply a need
for resources over and above those required for
"fair weather" operation.
Future planning should address contingency
operations from outset and
budgeting/programmatic estimates should reflect
associated costs.
Coherent contingency planning requires
agreement on the range of operating conditions
systems are expected to survive. An Agency
policy statement is recommended as a first step.
Continuity and survivability have always been key elements of
communication planning. OC maintains detailed procedural
planning and necessary resources to insure that mechanical
failures and local disasters do not cause unacceptable
interruptions to communications. That office rightfully takes
pride from its repeated performance as an "only remaining
channel" in crisis situations. The concern for contingency
planning in OC systems is a direct result of the unstable nature
of the overseas operating environment.
This reflection of instability overseas is also very visible in
DO planning for CRAFT. In fact CRAFT may be viewed as a
contingency resource since one of its major reasons for being is
contingency planning. (C 3d(3))
By contrast, domestic planning has traditionally been "fair
weather". The U.S. environment has been politically and
environmentally stable. Probability of significant interruptions to
service have been associated mainly with the systems and not the
environment. Information processed by systems has always
existed in some form outside the system so that we could
"jury-rig" a process, bypassing the technical equipment to
maintain the most urgent services.
The future is conspiring against this relaxed view of
contingencies. The trend toward increased machine dependence
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200gi' i1 ?7' CIA-RDP86B024E9Pt JW0fb0
will continue with or without our planning. More and more
information will reside in machines, less in physical print. We
will continue to institutionalize human thought processes and
commit. them to machines. Employees will learn new skills
commensurate with new processes and, by default, lose
competence and proficiency associated with current processes. In
short we will continue to move toward total machine dependence
because "fair weather" operations will be greatly improved by
doing so.
Turning to the environment, there are at least two
troublesome developments that point to declining stability for our
systems. We have been quickly brought to face the possibility of
terrorism and sabotage domestically. The need to plan for such
domestic eventualities is now as much in our consciousness as the
same need in the foreign field.
The second concern is not yet upon us, but projected to
develop over the next 5-10 years. The energy situation and its
economic consequences are retarding growth of the power
utilities. Since the demand will inevitably continue growing even
with conservation, there will be cross-over points in many of the
country's power grids when demand exceeds supply. Planned
energy rationing and/or unplanned "brownouts" may occur with
increasing frequency. While this prediction is based on current
trends, there is nothing in view to suggest a substantial change
for the better.
If we have allowed ourselves to increase machine dependence
without making a parallel commitment to the stability of the
environment required for reliable operation, the Agency mission
may be in serious jeopardy.
Increasing use of machine systems for information handling is
not to be denied. The problem is to develop information services
capable of maintaining essential mission operations under adverse
conditions domestically as well as abroad.
1. Promulgate an Agency policy statement on contingency
planning for information services (suggested draft attached.)
2. Direct that future plans, programs, and budgets for new
machine systems overtly acknowledge the resource
commitment to contingency planning.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
4-30 SECRET 4-30
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2 R : CIA-RDP8613MMI01REMBER069601-0
POLICY FOR CONTINGENCY PLANNING
1. ' Information is a key resource in Agency operations.
Inability to move, access, and/or manipulate this resource
effectively negates our ability to perform the Agency mission.
For this reason, it is essential that information services and the
systems that support those services maintain contingency
capabilities to assure the availability of information under a range
of adverse conditions.
2. There are two major elements to be considered in
contingency plans: (A) the time criticality of the service to the
users it supports, and (B) the geographic dependence of the
users missions.
A. Information services and systems will maintain
contingency plans that will assure continued response
within maximum allowable times established by the
missions supported.
B. Information services and systems will provide a
contingency capability to support geographic dispersion
of Agency missions in instances of local disaster.
3. Contingency plans will consider loss of facilities due to
mechanical failure, sabotage, and natural disaster. The plans
may be based on the assumption that only one type of casualty
will occur at one time.
4. Contingency planning for information services during
general and nuclear war is necessary only when specifically
directed by the DC I .
4-31 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 dCVgii-CIA-RDP86B0929 119(90. 0
4.2 STRUCTURE FOR PROVIDING INFORMATION SERVICES
The rapidly changing technology foreshadows major changes in
the way we do our jobs. These changes may suggest a
reapportionment of tasking and responsibility. Section 4.2.1,
TECHNOLOGY'S EFFECT ON EXISTING ORGANIZATION, proceeds
from an understanding of how earlier technological limitations, and
capital spending, as well as desired flows of information have
configured the organization which we have today. It is suggested
that the organization needs to be continually revisited in light of
changing technological constraints.
Section 4.2.2, ADP AND COMMUNICATIONS, reviews historical
distinctions between data processing and communications, and the
manifestation of these differences in OtC and ODP. The Agency
orientation toward teleprocessing, and the inevitable resource
constraints with which we must reckon, are seen to indicate an
eventual merger between the providers of the respective information
handling services.
Section 4.2.3, INFORMATION DISTRIBUTION - THE ROLE OF
PRINTING, reviews changes in the way information is made available
on paper to consumers. The strong conclusion is that the nature of
the printing in this industry should be all around the periphery of a
generalized information distribution network. To prepare for this, an
organization merger of the now disparate components producing paper
output of information is felt desirable. As pointed out in the section,
this has provocative space implications, and beneficial security
implications for controlled "copying".
Section 4.2.4, INFORMATION SYSTEM SECURITY, points out the
growing technical threat which will accompany entrusting more and
more of our sensitive information resources to the new technologies.
It is desirable, therefore, for the relevant technical security,
information security, and communications security responsibilities to
merge under a single line management, which recognizes the
necessary professional career specialization required. The analysis
does not downplay the traditional personnel and security functions..
Quite the reverse, the fidelity and diligence of personnel permitted
access becomes all the more crucial.
Section 4.2.5, USER SATISFACTION, attempts to deal both with
the reality of how legitimate user-needs for information services are
met, and with the perception, as well. The starting point is a
perceived deficiency in training and knowledge about the range of
information services available, and the circumstances of their most
effective use. This is compounded by the fact that to use a variety
of services now requires dealing with a variety of components, even
at the most preliminary level. Providing a single point of contact, a
"customer service organization", is seen as desirable. An added
benefit of the early establishment of same is the insulation it may
4-32 SECRET 4-32
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20Q0bl# ' : CIA-RDP86BDc BWWEMIf:38(UE3
provide the user from subsequent organizational and/or technological
changes.
Section 4.2.6, INFORMATION DISTRIBUTION NETWORK,
reiterates the fundamental universality of information and recognizes
the benefits of enlarging the subscriber community, and the on-line
available information base. This is tempered by the need for
compartmentation, leading to technical recommendations, amplified
subsequently in section 4.2.7, as to how logical separation can be
achieved to support the "need to know".
Section 4.2.7, THE UNIVERSAL TERMINAL NETWORK, recites the
array of terminal networks already interconnected or potentially
interconnected, and differentiates between electrical interconnection
and logical (administratively approved) interconnection. Potential
security risks posed thereby are discussed, concluding that planned
interconnection, and an understood architecture, combined with
certain technical measures can provide relief. Electrical isolation, but
logical interconnection (via an exchange of magtapes) is not seen as
the preferred solution.
Section 4.2.8, CENTRALIZED DISSEMINATION AND REFERENCE,
distinguishes dissemination (who gets what?) from distribution
(physical delivery), and points out the similarity of dissemination and
reference (servicing a request for available or to-be-available
information on a topic). The plethora of dissemination services which
has materialized over time is deplored and an urge to re-integration is
urged, with attention to compa rtmentation .
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-33 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2001/I6/RJtCIA-RDP86BO92gi~gWg Op6800
4.2.1 TECHNOLOGY'S EFFECT ON EXISTING ORGANIZATION
Summary
Changes in technology typically have an
effect on existing organizations. In the case of
information handling technologies, changes can
heavily impact organizations:
organizations are often configured
around an apportionment of tasks whose
scope has been delimited by an earlier
technology;
- organizations are often built around a
level of capital investment or a
prescribed number of personnel; and,
- organizations are often configured
around the flow of information which may
have been limited by an earlier
technology.
As technologies change, particularly information
handling technologies, a former apportionment of
tasks may no longer be appropriate. New and
improved forms of communications, and radically
different task durations often suggest a new
breakdown or, more likely, a consolidation of task
segments. Moreover, the nature of information
handling technologies is that of capital investment
and a small cadre of skilled individuals displacing
a much larger number of less skilled workers.
Thus, organizational structure built around
formalisms of grade and span of control may no
longer be appropriate.
Many of the organizational changes which will
suggest themselves as technology changes can be
anticipated. A careful analysis of why an extant
organization's boundaries are as they are is
required. When coupled with healthy skepticism
and an appreciation of where technology might
lead, new organizational options can be explored.
Historically, this has been threatening because
change is threatening ... in part, because it has
been unanticipated and its motivations are poorly
understood by the affected.
It is recommended that, as workers are given
formal training in the information handling nature
of their present jobs, a continuing analysis be
conducted as to when organizational change will
be beneficial, given what changes in technology.
4-34 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
di2r: CIA-RDP86BQ0SVfIM
To retain (or regain) the vitality of the
Agency, we must recognize that organizations are
arbitrary social constructions to accomplish an
overall job under specific conditions. As the
conditions change, so must the organization.
Understanding the forces underlying the change
is the only why to receive the benefits with a
minimum of costly disruption.
6Q1O -0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20qj~U1kj-r CIA-RDP86BOO%EE f?JWPR6q%6-0
Summary
It has been recognized for some time that the
technologies of telecommunications and data
processing were gradually developing an
interrelationship that will eventually see their
convergence into one unified technology -
teleprocessing.
The management of both OC and ODP have
expressed a similar concern that they are finding
it difficult to identify the boundary between the
two disciplines. ODP, for example, has indicated
that "the most serious (IH) problem identified ...
has to do with the gradual and inexorable
blurring of the distinctions which once separated
ADP functions from communications functions..."
The Agency evolution towards a
teleprocessing orientation is clearly evidenced in
the growth in the use of remote terminals and
printing/graphic devices over the years. This,
together with the anticipated expansion of ADP
support to the overseas environment, necessitates
a significant dependence on the telecommunications
services of OC. Conversely, computers have
become an indispensable part of the
communications networks supported by OC.
The Task Force has identified a number of
advantages which support consolidation. The
functions of planning, operations, career
management and information security would all be
enhanced by an organizational realignment. In
addition, user satisfaction and our ability to
interface with external organizations on
teleprocessing matters would be strengthened.
On the negative side, we would anticipate a
number of problem areas that would be associated
with any merger; the size of a new organization
may be formidable, the integration of an
essentially domestic oriented ODP with OC's
worldwide responsibilities would create integration
barriers, and the combined budget would make a
tempting target for arbitrary budget reductions.
Approved For Release 2006/11/22 : CIA-RDP86BO0269RO01300060001-0
Approved For Release 20Qt k2a": CIA-RDP86B202fi IBO}61M-0
On balance, however, we feel that technology
is dictating an eventual merger. In an era of
increasing resource constraints, we can not afford
to support what promises to be a unified
technology with multiple, sometimes competitive,
organizations. While the two components have
shown considerable cooperation and mutual
support in integrating their support activities,
the justification for unique organizations seems to
be eroding.
Background
The worldwide communications services provided by OC and the
central ADP support provided by ODP developed in relative isolation
from each other until the advent, some ten years ago, of the remote
ADP terminal and printer devices. In that these remote devices are
linked to the host computer by communications transmission devices,
the coordinated functional disciplines of both communications and ADP
are required to support a growing demand for access to electronically
based information and the related systems which transmit, process,
and store this information. During the past decade, we have
experienced a rather dramatic growth in these distributed processing
facilities, primarily in the Headquarters area. Evidence would
suggest that this growth has yet to reach its peak. It is also
reasonable to expect that in the next ten years we will see a similar
rate of growth in the use of terminals in overseas locations as well as
domestic sites outside the Headquarters area. This burgeoning
requirement for telecommunications support will necessitate a high
degree of planning, coordination, and nonredundant activity by OC
and ODP if the users of their combined services are to be effectively
supported.
This growing technological dependence on communications facilities
by ODP is mirrored somewhat by an increasing utilization of
computers by OC to satisfy their mission. The MAX, DATEX and
CDS systems, for example, are all based on software controlled
computers.
This growing convergence of ADP and communications technologies
is of great concern to the management of both OC and ODP. OC has
indicated that "technological advances, primarily in electronic
components, have fostered integral system design. It is no longer
possible to identify the boundary between data processing and
telecommunications." ODP has stated that "the most serious problem
... has to do with the gradual and inexorable blurring of the
distinctions which once separated ADP functions from communications
functions."
It has been suggested that an organizational realignment which
placed all or selected portions of OC and ODP under a single line
manager would preclude any existing or potential areas of conflict or
duplication. The following discussion addresses some of the merits
and liabilities of any such restructuring.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?i1C1 -t" CIA-R DP86B024B9PWR60ffib 0
The advantages that might be realized by any OC/ODP merger are
examined from six functional attributes: planning, operations, user
satisfaction, career management, external oversight and coordination,
and security. Some negative aspects of any organization realignment
are also explored.
1. Planning
Probably the greatest potential for improvement that would
be realized by an organizational merger would be in the area
of long-range planning. While periodic planning sessions are
currently held between the two organizations, they are
primarily ad hoc in nature and deal with relatively
short-range issues. While there is general agreement on the
functional capabilities and responsibilities of such
forthcoming systems as MERCURY, the Headquarters BUS,
and the COMTEN terminal control devices, additional
longer-range problems such as the nature of the eventual
CDS follow-on system and its relationship to the forthcoming
ODP Message Processing System (MPS) need to be
addressed. While the creation of an Agency architect would
do much to alleviate this strategic planning shortfall,
establishing a joint planning function under a single line
manager would provide the best insurance against any
redundant or inefficiently competitive IH services.
2. Operational Control
a. Software Development and Maintenance
The discipline of computer software analysis and
development is an area where functional alignment
within a single organization could result in increased
efficiencies. The creation of software, whether for a
large general purpose mainframe or a more dedicated
message switching unit, requires generally the same
skills and can be enhanced by the utilization of the
same developmental and documentation standards.
ODP's experience in the development and use of
programming languages, test procedures, documentation
and other tools, is as applicable in the development of
such OC systems as CDS and the AFT terminal as in a
personnel or information retrieval system.
b. Hardware Procurement and Maintenance
Over the years both organizations have acquired a wide
variety of devices designed to support the distribution
and processing of information which has been recorded
in an electronic media. ODP has concentrated on large
general purpose computers which are used to support a
4-38 SECRET'
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 209e/Qpt1 : CIA-RDP86B2O26P l3 6 1-0
variety of Agency data processing applications. The
OC emphasis, appropriately, was to utilize processors
which were easily interfaced to communications
channels. Advances in technology are quickly
rendering the distinction moot. Economies of scale,
back-up facilities, common maintenance and operational
support are all areas where uniformity of processing
and storage devices would result in increased
flexibilities and efficiencies. Current plans for OC to
provide overseas maintenance support for CRAFT and
the ODP standard terminal is indicative of the evolving
similarities in hardware commonality and mutual support.
(C 3d(3))
a. Coordinated Requirements
Currently, the Agency user of ADP or communications
services is generally required to express separate
requirements to ODP and OC respectively. Annual
requirements surveys from ODP and OC are
independently levied on the components they support.
Under a single organization, user needs for
teleprocessing support would be handled as an
integrated requirements/planning activity. Routine
requests for terminals, for example, could be more
efficiently handled if a single organization had priority
scheduling and installation responsibility.
b. Single Point of Contact and Response
A joint OC/ODP organization would present a single
point of user contact for any perceived data
dissemination, distribution or processing problem. The
user should not be concerned, for example, if a system
failure is the result of a terminal, communications line,
encryption device, or computer failure. In addition to
problem identification, solutions and estimated recovery
times would be more accurate if a teleprocessing
'trouble desk' was responding to user complaints. A
joint organization would also be in a better position to
respond to users requests for system performance
improvements. The recent decision to supplement the
CDS distribution process by installing ODP driven
HETRA printers in OCO for NFAC and CDS-driven
APARS units for the DO appear to be two different
solutions to the same basic problem. Whereas each of
these solutions viewed independently may be valid, a
more coordinated design for cable
dissemination/distribution is required.
4. Career Management
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200616,jib.?CIA-RDP86B022~29P>'J(&0fb0
There would appear to be a significant degree of similarity
between several technical activities of each office. Because
of the advantages of central career management described
elsewhere, a merger of the following specialities would be
beneficial:
a. Computer software development and maintenance
b. Engineering, especially that which is associated with
environmental requirements
c. System operators
The past several years have seen a marked increase in
Anpnrx/ pport to Community ADP systems. The CAMS,
nd 4C systems are examples of operational, and
planned systems that support Community requirements on
Agency housed equipment. Communications support is, of
course, an integral part of each of these systems. Since it
is reasonable to assume that the Agency's involvement in
Community systems will continue to expand (including a
wider participation in COINS), an OC/ODP organization
would be in a better position -to plan for and respond to
additional requirements for Community support. (C 3d(3))
In addition, responses to inquiries relative to Agency
teleprocessing plans or capabilities from the Community staff,
OMB, or NFIB would be more efficiently handled by a single
organization which represents both ADP and communications
services.
6. Security
While there is a limited interaction today between OC and
ODP on information security devices and techniques, the
steady distribution of computer terminals and minicomputers
is stimulating an increased awareness of the need for
emanations protection and the use of encryption facilities. It
is felt that the communications security expertise developed
by OC could be applied most effectively to ADP applications
by a single service component.
Data processing dependence on security facilities will become
increasingly evident as ADP devices move out of the
protected Headquarters environment and play a more
integrated role in overseas operations.
7. Negative Aspects of Organizational Change
Countering the positive aspects of consolidation described
above are the likely problems and disruptive ramifications of
any such consolidation. The most significant of these
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
disadvantages are:
'ai'm-: CIA-RDP86BQ02 9tffMl3W061 l-0
OC is current) the largest office in the Agency with a
T/O of Merging an ODP work
force of additional people and encompassing
both communica ions and ADP functions creates an
organization which will tax the managerial capabilities of
a single line manager. (S A9c(3.2))
b. Budget Defense
There is a danger that the combined budget of the two
service organizations would be more susceptible to
arbitrary budget reductions by any of the various
echelons of budget review. It is felt that the service,
rather than mission, orientation of such a large budget
would make it more vulnerable.
The one obvious dichotomy in the functional orientation
of the two organizations today is the significant
overseas support provided by OC. ODP, except for
some small applications for OF and the planned use of
the standard terminal, has had an exclusively domestic
orientation. While not crucial, this historical and
cultural perspective would inhibit integration.
While it is true that the current relationship between OC and ODP
is marked by forthright communication and mutual support, it is the
view of this Task Force that consolidation is inevitable. During the
next ten years the technologies of communications and ADP will
continue to merge until there is but one technology - teleprocessing.
In an era of increasing resource restrictions, we can ill afford to
support a single technology with multiple, sometimes competing,
organizations. The current arrangement will become increasingly
inadequate as digital communications becomes the technological
standard. We recommend merger.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
4-41 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?g1C1 -j. CIA-RDP86B0~2S6L9p WJW6
4.2.3. INFORMATION DISTRIBUTION - THE ROLE OF PRINTING
Summary
Since Gutenberg, economies of scale have
dictated highly centralized printing and a physical
distribution system which delivers packages of
paper to which the information is largely
incidental. New technologies are changing the
equation, however. To take maximal advantage of
improvements attendant on these technologies, we
must consider printing in the more global context
of information distribution.
It is important, then, for the Agency to
juxtapose printing with other information handling
disciplines. This will allow us to:
view requirements in a broader context
and design the needed integrated
system;
recover capital resources otherwise spent
on needless duplication;
preserve our human resource through
comfortable transition to new technology;
and,
provide overall improved quality,
timeliness, and security of service.
It is recommended that the management of
printing, photography and duplication within the
Agency be consolidated within the overall
management of information services. It is further
recommended that a transition be made from the
present disconnected system(s) for printing to a
coherent information distribution network with
printing nodes liberally distributed in locations
convenient to the user. These user pickup
points shall perform an information control and
accountability function as required.
It is further recommended that the P&P
building be dedicated to information services
equipment, freeing HQs space.
4-42 SECRET' 4-42
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20MCIRET : CIA-RDP86EZ)(M9TFH6'I1 BI3OA?601-0
Background
As, computing and communications have matured, their interface to
the users, printed output, has swelled in volume and improved in
quality. These increases in quality and quantity have been both the
cause of, and the result of increased computer storage, processing
and retrieval of text. As the amount of textual material on-line
exceeds a critical mass, the manipulation and re-manipulation of text,
and its retrieval based on full-text search, lead to superior products
with a more economical use of human resources.
Wet Ink Printing
Historically in the printing industry, the high initial cost of
typesetting and the relative economies of large scale press runs
tended to centralize the process, the capital investments, and the
personnel training. Within the traditional printing industry itself,
many factors have conspired to change this:
rising labor costs, especially skilled (unionized) labor;
increasing cost of physical distribution ... rising energy and
postal manpower costs;
- competition from other more timely information distribution
media ... radio and TV;
- competitive advantages of customized, short run printing.
Technology has responded with a steady schedule of improvement:
cold type, linotype, photo-typesetting, photo-offset and imaging
plate-makers, and most recently laser plate-making. Most interesting
in this discussion is the emergent emphasis on an optical image and
the new, raster-scan methods for producing that image. This allows
direct conversion of computer compatible information into plates
needed in conventional printing. It allows an almost-direct interface
between computing and printing. However, the necessity of making
plates and mounting them is not interactive (in the computer sense)
and therefore undesirable.
Xerography and Related Technologies
Xerographic and related "printing" techniques allow an optical
image to be converted to an electrostatic "charge" image on paper
which differentially attracts dry "ink dust" (toner.) Heat then fuses
the ink into the paper and results in a permanent "printed" page.
The optical image can be produced by mirrors and lenses from a
"facsimile" original as in ordinary office copiers. Alternatively, the
optical image can be produced by CRT or laser, controlled by the
computer. This allows the "copier" to produce copies without an
original ... every copy is an original. (This has important security
4-43 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 200(~~6/g%1-CIA-RDP86BO022%pH~MOQygbO
implications to be considered below.)
Computing naturally gravitated to such optical methods for
outputting information on paper as they had for film output (COM).
The result is a more interactive method for producing high quality,
human readable output. Moreover, because the production process is
not labor intensive (and therefore not driven to concentrated capital
investment to offset labor costs) and not intrinsically centralized
(because the copier market has fostered small, low volume units) this
paper output process lends itself to distributed printing -- i.e.,
electrical distribution of the information and local printing of the
paper, as opposed to centralized printing and physical distribution of
the paper. This distributed printing feature nicely complements
remote terminal access and/or distributed computing.
Today and Tomorrow
Today, we see an ever-narrowing gap between printing
traditionally derived, and printing whose genesis is computing and
copying. High volume, ultra-high quality, and full-color are, for
now, the exclusive province of "iron press" printing, and may remain
so for years to come. Customization, interaction and electrical
distribution are otherwise. Color copying and large-bed copiers could
narrow the gap further at a rate dependent on the whim of the
marketplace.
To take advantage of the technology trends, it is essential that
joint planning occur between the data processors, the communicators,
and the printers. The goals of this joint planning should be:
elimination of unnecessary duplication (of information as well
as facilities);
- elimination of intervening manual operations between original
text input and final paper output;
continuation of current high standards of appearance;
- increased security and accountability of output;
interconnection of relevant sources of input text and
convenient access points for pickup.
The Recommendations
Pursuant to the above goals, it is recommended that:
a. Organizationally, the currently disparate printing,
duplication and photography functions be consolidated within
the overall information service element.
b. Programmatically, the newly consolidated output services
group plan, design, implement and operate a highly
4-44 SECRET 4-44
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
d1 E2: CIA-RDP86B1303E9FTU 1 6 1-0
interconnected, universally accessed network of conveniently
distributed output points, each of which would provide
security, compartmentation, and accountability features.
c. Spatially, as printing facilities disperse to
user-convenient nodes, and as ADP/Communications
inventories roll over, central ADP and Communications
relocate from HQs building to the "P&P" building; when
feasible, a second story be added ... fully shielded to meet
now and future TEMPEST requirements; special perimeter
defenses be emplaced.
The Organization
Implementing the organizational recommendation will remove from
the Office of Logistics the current P&PD and combine with these
personnel those ODP and OC personnel responsible for printing and
COM output (exemplified by HETRA and APARS operation).
The newly combined, multi-media output services function will be
responsible for planning and oversight of (human-readable) output
services, operation of shared-use facilities, and cognizance over all
dedicated facilities. The output services function will also maintain
cognizance over facsimile copiers.
Insofar as output services are a subset of customer services, it is
recommended that the organizational hierarchy of the consolidated
information service element reflect this. This will put output services
organizationally and technically close to input services and to the
reference and dissemination services which it supports.
It is recommended that design and development begin on an
integrated information output network which will be:
- built upon the fully integrated, multi-level secure,
cryptographically isolated information distribution network;
provided with a large number of convenient pickup points in all
Agency buildings, posts, bases, and stations;
able to provide quick turn-around, high-quality, individually
sorted and addressed copies of text ; and,. on paper, film, or
other media; and,
collocated with, and operated as an integral part of registry/mail
rooms.
It is anticipated that as the network develops over the next decade,
and as the bulk of our information goes on-line:
4-45 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2O 0?L'd1 -r CIA-RDP86B422 p9iRW(I
distribution of documents will largely shift to electronic
distribution and local reproduction;
all copies of documents will be new, serialized originals so that
today's uncontrolled facsimile copying will disappear; and
the perceived easy retrieval of copies of documents will allow
individuals to purge their major paper holdings; so that
a "read and destroy" caveat will have much broader operational
applicability ... so that compartmeritation access controls can
become dynamic.
Irrespective of internal network procedures, the system will provide
end-to-end acknowledgement (receipting) and end-to-end privacy
(super-encipherment) where required.
The Space
We now have an opportunity to right the irony which
inconveniently distances printing output from users while remotely
accessible computers reside in the HQ's building:
0
the printing technology is swinging toward smaller-scale,
higher quality "printing" devices which output electronically
communicated information;
- new security policy, in league with new technology, suggiests
individual accountability and unique serialization for printed
documents.
Taken together with user convenience, which will facilitate decreased
personal paper holdings, these factors suggest a migration of printing
from its centralized location to peripheral locations. At the same
time, we face:
increasing demands for ADP equipment space . . . which
already occupies a distressing fraction of the HQs building;
stiff competition from components who recognize the
intangible benefits of close encounter; and,
- growing security awareness which suggests sequestered
computers with EM shielding, and secure perimeters.
In aggregate, these factors argue for an exchange whereby the bulk
of printing services be dispersed to convenient "registries" and ADP
and communications equipment relocate to the current P&P building.
Naturally, this should not, indeed could not be a precipitous
exchange. The specialized need for iron-press printing -- high
quality color, and very high volume -- may remain for some time to
come. However, as part of a long-term plan, it makes good sense to
start the distribution of printing, as recommended above, and as new
4-46 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20$ dFt2 : CIA-RDP86E2)(SSTREEME)PDEINQ1-0
ADP and signals equipments are procured to receive them in the P&P
building. If modest new construction in the HQs compound becomes
practicable, a second story on the building is attractive, electrically
shielded during original construction and built economically, not
having to accommodate people. In fact, such a modest construction
option competes favorably in cost with retrofitting TEMPEST
shielding, or special TEMPEST engineering of otherwise commercially
available equipments. And, while this study did not address any
explicit community information services, perhaps we should reserve
the third floor for these.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200~/E11C' Z CIA-R DP86BO92~gy~Mg O~0?8 O
4.2.4 INFORMATION SYSTEM SECURITY
Summary
The ability to provide adequate protection to
Agency information is a vital part of the
management of information services.
In spite of the importance attached to this
function, there is an enduring tendency to
minimize the resources devoted to the security
function in order to maximize the productivity of
the missions.
When the information security problem exceeds
the capability of traditional low cost physical and
personnel security techniques and requires
high-cost technical solutions, the tendency to
sacrifice security for efficiency becomes markedly
more pronounced.
With increasing investment in technical
systems for provision of information services will
come heavier pressures to ensure that maximal
benefits are delivered from limited resources made
available for information security.
Placing the several functions devoted to
information security under single management
would facilitate optimum allocation of security
resources, minimize the negative effects of
disparate national policy organizations, and
expedite technological transfers across several
disciplines.
Background
As technology rapidly changes our concepts of information and
information handling, so does it change our perceptions of security
threats and effective countermeasures. No longer can we be content
to assume that the presence of physical barriers such as safes, vaults
and guard posts will provide sufficient information security.
While traditional physical and personnel security measures are no
less important, technology has added new disciplines such as
computer and emanations security. These new disciplines require
different skills and larger resource cornmittments to keep pace with
technological development. Modern information security personnel
should have a depth of technical understanding that rivals that of
4-48 SECRET 4-48
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20Gc11YEa-: CIA-RDP86B2026PRTE IBMt}6C%1-0
systems designers, engineers and programmers and need a wide range
of technical equipment to carry out their function.
Information security functions in the Agency today are divided
because of historical developments of national policy.
The Office of Security is responsible for all information security
except communications security. The Office of Communications is
responsible for communications security primarily because of national
policy decisions that have maintained national policy bodies composed
of representatives from communications elements. Secondarily, the
discipline of communications security has been highly technical and
the OC personnel system has been uniquely qualified to provide the
specialists required. (C 3d(3))
Computer security has developed within the Office of Security in
parallel with the growth of Agency ADP. The Office of Security
represents the Agency to the Community through the DCI Security
Committee.
In contrast to the OC personnel system, the OS personnel system
is not well suited to provide technical specialists for systems
security. The security generalist assigned system security duties is
well qualified to deal with policy issues but disadvantaged in dealing
with questions of technical implementation that arise in profusion from
systems designers.
As might be expected, the merging of computing and
communications technologies also raises issues regarding computer and
communications security. ADP systems are being networked through
communications in ways that raise jurisdictional issues between the
disciplines. Computers are increasingly applied to communications
functions in applications that resemble traditional ADP. One clear
example combining both problems is the CRAFT program. While
intended to provide ADP support to field stations, it is planned to
connect to the communications system and perform communications
functions. (C 3d(3))
What is suggested is an amalgamation of those technical security
functions devoted to protection of information systems. An integrated
information systems security organization would ensure consistent
protection across all systems, mitigate the negative effects of conflict
at the national policy level, and, most importantly, allow freer flow of
technical security techniques between ADP and communications
technologies.
In most amalgamations there is one party who is relatively
advantaged and one relatively disadvantaged. Amalgamation alleviates
this disparity by reallocation of resources. In this case, the Office
of Security has been severely understaffed and underfunded with
regard to computer security. The Office of Communications, by
comparison, has a large resource investment in communications
4-49 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?L11k2El??CIA-RDP86B092g2p'ai10b0
security. Integrating the two functions has the potential to provide
improved computer security programs at the expense of security of
communications.
It is recommended that those technical security functions involved
in protection of information systems be merged into a unified
Information System Security organization. Staffing of the organization
should be accomplished by drawing from those career services capable
of providing technical specialists qualified to deal with questions of
policy implementation. This organization should be placed close to
those components responsible for system design, operation and
maintenance to facilitate policy implementation. In the interest of a
unified security policy, systems security policies should be
promulgated by the Director of Security.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
4-50 SECRET' 4-50
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 201@dai : CIA-RDP86Bf(3V0P J39WeJ 1-0
Summary
User perceptions of IH services today are of
a growing variety of computer terminal and word
processing systems each different from the other,
each operating under different rules and using
different languages. Users perceive a multitude
of organizationally disparate systems, difficult to
use, characterized by dated and incomplete
information. The perception all too frequently
mirrors reality.
Given these problems and regardless of the
degree of centrality of any organizational
solution, a customer service function is needed to
assure users quick and easy access to all
information services.
Background Discussion
User satisfaction is defined as the degree to which individual
employees find information services meet their requirements.
New employees are made aware of information services available to
them through orientation training, on-the-job training in their new
components, contact with counterparts in other components, through
various functional directories (Agency telephone directory, DO
telephone directory, OCR Bulletins describing available information
services), through progressive experience on the job and sometimes
by sheer accident. Few formal training courses are available.
There is no formal training course describing official information
services available in the Agency or the procedures for using those
services. There is no training course available covering informal
information resources and channels. Individuals are largely left to
their own devices in trying to tap the information resources in this
Agency related to their needs.
Once aware of the service, employees in need of information
normally go directly to the component(s) offering the service. For
ADP support the procedure is to request the service through
officially established channels.
Responses to various information studies and user satisfaction
polls are replete with complaints about the quality of the information
service, or the currency of the information. Users frequently cite
the difficulty of obtaining good service and inevitably question the
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200(/g~1Ri.rCIA-RDP86BO92w ONA~%DN01 dog
relevance and or completeness of responses. Are the complaints
justified? Certainly there are cases of documents lost or delayed in
the dissemination or distribution process, reference service that has
been slow, printing support unresponsive, ADP support delayed.
The opposite view holds that users often levy unreasonable
demands on the information system. Here too, there are cases of
users demanding faster dissemination service and then failing to pick
up the disseminated material when the faster service was provided.
There are cases of urgent user requests with close-of-business
deadlines, with the response made by the deadline only to find that
the requestor had gone home without waiting for his answer.
Although individual complaints are real, one gets the feeling that
deficiencies are frequently more annoyance than serious. Where the
deficiency is recognized as serious, corrective action is usually taken
by the responsible organization.
We believe that a more significant problem is the user's difficulty
in coping with the richness and variety of information services
available. The user must not only become acquainted with the official
and unofficial services but is faced with the task of learning how to
use increasingly complex resources. This entails much more than
surface appearances would suggest.
To illustrate the extent of the problem with more specific
examples one has only to look at the multiple points of contact a user
must exploit for needed information. Dissemination requirements are
negotiated with OCR for hard-copy documents or Cable Secretariat for
cables or with other disseminating components for more specialized
material. The user obtains open-source publications from OCR's
Acquisition Branch, maps from OGCR's Map Library, communications
support from OC, computer support from his own shop or from ODP,
data base management support from ODP, etc. Many more specialized
support services are also available such as OCR's RSM system, the
various automated systems in OCR's TAP room, the OGCR
Genigraphics system, ODP's RAMIS system, etc. (C 3d(3))
Finally there are the information resources owned by the non-IH
Service components; data bases and information systems that are
created by operating components to satisfy their own requirements
but which because of the non-unique nature of information are of
potential use to many others, e.g., Office of Finance and Office of
Personnel Policy Planning and Management require many of the same
data elements in their work.
We have no measure of the extent of these information resources,
though several surveys have attempted to catalog them. Neither do
we have a good measure on the actual and potential population of
users of these resources nor on the depth of their knowledge about
the information base. Managers of any future information service
should collect information, possibly by questionnaire, to resolve these
unknowns and to determine minimum training requirements for both
new and old employees.
4-52 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 20 c1i 2 : CIA-RDP86BId0S? dtHMBW06'i l-0
The Task Force (CIA/IHTF) cataloged responses to the 1978
Comptroller questionnaire concerned with information services and
subsequent responses to its own questions concerning the type of
service provided by current information handling components.
Because the responses were prepared at Office level the extent of
individual concern is unknown. Without extensive polling, it is
impossible to determine whether many of the problems identified are
real or simply perceptions resulting from bad but isolated
experiences. The sum of the complaints, however, suggests that a
large number of users find it increasingly difficult to master their
own work while simultaneously developing proficiency on available
information systems, each one of which satisfies only part of the
users requirement for information.
Major Agency information handling components have long
recognized this problem and the utility of customer service units.
The Office of Communications, Current Activities Branch, for
example, assists users with any problems they have with the
communications network, helps customers formulate requirements
statements, and directs customers to appropriate contact points within
Similarly, ODP has established a trouble desk to help customers
with problems such as terminal outages. A control point provides a
human front-end interface to the computer systems in ODP's
Operations Center. A customer support staff prepares and publishes
ODP Tech Notes and responds to user questions about the kinds of
service offered by ODP.
}
OCR does not label similar functions as customer service activities
but the concept of one-stop customer service is clearly built into the
system. The most widely advertised customer service directory in the
Agency is provided by the Office as a one-page outline of OCR
services found just inside the front cover of the Agency telephone
directory. The CIA Library offers a reference service that provides
either the answer to a question or a referral to where the information
might be found. The library also offers on-line information service
through several commercial and classified information systems and
provides the trained staff to operate the terminals thus relieving
requestors of the need to learn several additional systems. The OCR
Country Reference Analyst provides one-stop service against a
variety of files and data bases. Finally, OCR has published four
bulletins which describe in considerable detail the various information
resources available in the office.
The DO/IMS has no component assigned specifically as a customer
service contact point but the availability of the IMS functional
directory in the DO telephone book, the functional organization of IMS
itself, the DO training program and the long existence of IMS as a
service unit obviate the need for any special customer interface.
The only other formal mechanism for identifying information
services is the functional directory found in the back of the Agency
telephone directory. The functional directory, however, is neither
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200gi~C1 T'CIA-RDP86B022 2gp gi(&0fb0
complete nor current.
The existing Agency organizational structure and people who have
worked in that structure for some time constitute an institutional
memory which functions as an informal directory of available
information resources. Informal institutions, however, are deprived
of any long-term continuity by transfers, retirements, etc.
To summarize, the users of information services have a variety of
customer service contacts available to them none of which can provide
definitive information on all available information services. The user
understandably has reservations when searching for information as to
whether significant information has been missed.
Is it possible to create a customer reference service that will
assure users access to all available information services? Why hasn't
such a service been installed? Should such a service be established?
Where should it be located? How should it be staffed? Will users use
it? Can it be kept current?
The need for a customer service function is unquestioned. OCR,
ODP, OC and IMS all provide a level of customer service that is
dictated by experience. ODP at one time created a user support
division to assist do-it-yourself programmers in their work but the
organization atrophied as users learned how to exploit terminal
systems on their own. Catalogs or inventories of files and systems
have been created in the past but were little used whether from lack
of awareness of their existence or because they were not current. A
referral service was an integral part of the CHIVE task force proposal
but the concept was dropped when that. project was terminated.
Enthusiasm for such a service seems to rise and fall with some
regularity.
A single point of contact for access to all customer information
services is on the surface an attractive idea. If a customer wants a
new terminal, a document, a subject search, a new software program,
a change in dissemination profile, a word processing system, etc. the
customer service would oblige. The service point could provide
information directly to the customer, act as an intermediary between
the user and the many available information systems and services, or
function as a central referral service. Which of these functional
configurations or combinations thereof is created depends on a number
of factors. Certainly creation of a new Directorate of Information
Services will result in different customer service requirements than
will a decision to create an Office of Information Services in the DDA
or in NFAC. Questions which require intermediary intervention to
access large manual files preclude separation of the service person
from the file and therefore limit assignment of the person to any kind
of central service component. It will also be difficult to place
individuals in a customer service component who have other duties in
addition to their customer service responsibilities, e.g., a biographic
analyst. On the other hand the increasing availability of documents
and data in electronic form which can be recovered quickly makes
possible the creation of very sophisticated technologically advanced)
4-54 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20SECREF : CIA-RDP86EZGM8T9Ml5130dl 1-0
customer service systems. Referral services too appear more
attractive in this environment. Many IH activities take place
throughout the Agency of which most people are unaware.
Compartmentation, organizational change, and just plain parochialism
conspire to restrict awareness of such information resources. A
refe'rral service would help overcome these barriers.
How much it would be used is unknown. Such a service would be
useful to new employees. Experience suggests that need would
diminish as users acquired a working knowledge of information
resources. This argument is countered by a continued need for such
a service by individuals whose knowledge of resources fades with less
frequent use. Where should a customer service component(s) be
placed organizationally in the Agency? The answer depends on what
organizational option is selected for Agency management of information
services. Placement of customer service components is discussed in
each of the organizational options descriptions provided in the
Executive Committee Decision Analysis package.
A customer service should be established. Its placement and
configuration should correspond to the service described in the
organizational option selected by the Executive Committee.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%(g(+/Itl-CIA-RDP86B0$2%(1~01O0
4.2.6 INFORMATION DISTRIBUTION NETWORK
Summary
We have ignored the universality of
information as organizational structure and
technological limitation fostered development of a
variety of information distribution networks.
Compartmentation reinforced the diaspora by
requiring "special channels".
It is recommended that we transition from the
welter of (electronic and other) networks to a
universal information distribution network which
will achieve compartmentation and command
privacy by cryptographic separation. Although
this integrated network will continue to have
"manual" (i.e., pouch and courier) links, the
electronic distribution should bear an
ever-increasing fraction of the load, including
facsimile transmission. Electronic authentication
and release procedures will support command and
control, and originator control. Formal APEX
controls will be supported on a per-document,
per-subscriber basis. Irrespective of internal
network procedures, the system will provide
end-to-end acknowledgement and privacy where
required.
Background
Both theory and practice remind us that information, in whatever
form it originates, can be commonly represented. Once reduced to
some canonical representation, the encoded information can be realized
in a variety of media for communication and storage.
Suppose we have a series of discrete bits of information, say,
sequences of yes/no decisions. With some convention about which
bits go where, this binary information can be communicated as
electrical impulses, flashes of light, puffs of smoke, sequences of
tones, etc. The information can be stored as marks on paper, film
and the like, magnetic regions on a magnetizeable surface, hills and
valleys in a deformable plastic, etc.
Suppose we have discrete letters, numbers or punctuation marks.
A simple coding scheme allows the representation of each character as
a short, agreed-upon sequence of bits. Now the characters may be
communicated/stored in all the ways to which we have previously
4-56 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20QM t1 r: CIA-RDP86BQ0 181 6
In the case of Shakespeare's Sonnets, messages from the COS, or
editorials from Pravda, they are simply well-formed strings of
characters. Thus, composed in turn of a series of bits, the sonnets,
messages and editorials can be handled as previously described.
In the case of reconnaisance photos or renaissance paintings, a
facsimile representation can be derived much like the
"paint-by-the-numbers" schemes. Scanning the numbers in a
well-defined way, say left to right, top to bottom, we can generate
our familiar string of characters and, so, handle these as before.
In the case of operatic arias, telemetry signals, or political
broadcasts, a similar facsimile representation can be established by
periodically sampling the waveform and measuring it. This string of
numerical measurements, our familiar string of characters, after all,
can now be handled as before.
In facsimile schemes it is important to know how fine-grained is
the real information in the original. The fineness of the sampling and
the precision of the measurement are not at all constrained by the
numerical representation. Therefore, no sensible information ever
need be lost in the process; the danger is the reverse: we can be
overwhelmed by uninformative detail. Any constraints in the process
are those of the physical production processes.
Using a numerical representation scheme allows preservation of
any desired degree of precision using a sufficiently long series of
relatively imprecise physical quantities. This ultimate superiority of
the numerical representation over the precision attainable with
analogue physical quantities underlies the preference for digital
encryption as opposed to any other forms of "scrambling". Thus,
security, in addition to elegance, results from utilizing the underlying
informational commonality of various forms of data.
Information Security and the Pouch
A number of personnel and physical security measures are taken
to preserve the integrity of the pouch, or, failing that, to detect its
compromise. In addition, a number of purely "informational" measures
are employed, one inadvertently, and several, perhaps unofficially:
levels of indirection: personal and impersonal identities are
protected by use of pseudonyms, including transient
"I DENS", and cryptonyms;
split transmissions: the paper realization of a sensitive
message is ever more finely halved until no single piece of
paper is adjudged sensitive; then, with each containing
instructions for reassembly by the intended recipient, the
pieces are shuffled out into separate pouches;
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 ,1 Jf CIA-RDP86BQ2%Tffjk}2R6qN6-0
signal in noise: the more the pouch is abused, by carrying
non-official materials, the greater the cost and difficulty an
intruder has in sorting wheat from chaff in a brief interlude
(... presumably, this concept is not officially endorsed); (C
3d (3))
Closely allied with the signal-in-noise concept are two informational
security measures, the practice of which is unconfirmed:
disguise: wherein all other applicable, sensible information
security measures are deliberately not employed in hopes
that the supremely sensitive message will be overlooked;
and,
- "defensive" disinformation: whereby the subsequent
revelation of falsity calls into question the veracity of other
transmissions in the same channel, thereby "protecting"
those not independently confirmable.
In spite of such information measures, and in spite of physical
security measures taken for pouch protection, cable transmission is
regarded as more secure because of an additional information security
measure, encryption of the information. However, encryption is not a
property restricted to electrical transmission. Rather, it is a derives
from the digital encoding incidental to cable transmission. As we
have seen above a digital representation can be derived for any sort
of information. Hence, encryption can be applied to pouched
materials as well as to cables. Instead of sending a paper copy of
the plaintext, we could send encrypted keystrokes captured when the
material was originally typed (in the case of a dispatch, say) or
digitized facsimile of materials otherwise acquired.
Recommendations
It is recommended that the extant bits and pieces of our
information distribution systems be sewn together into an integrated,
world-wide, multi-media, encrypted network.
Further, it is recommended that administrative mechanisms for
compartmentation and command privacy be integral to the initial
design, and fully supported by strong technical measures including
dynamic electronic key distribution (EKDC) for cryptographic
separation as required.
Finally, it is recommended that the network, insofar as possible,
be geography independent and distance insensitive -- at least from
the end user's point of view -- so that the headquarters area
transmission system and the worldwide network are indistinguishable,
excepting administrative impositions.
The blueprint for this, presumably the work of the System
Architect, and coordinated with affected components, will include:
- the physical interconnection (backbone communications)
4-58 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 -BaR,z : CIA-RDP86EZt f6BFFEMl5B00?t 1-0
network;
the logical networks superimposed upon the backbone;
the administrative and technical measures (e.g.,
cryptographic separation) which will keep logical networks
distinct;
the administrative and technical procedures for passing
information (through a "gateway") from one logical network
to another, including convenient "pouch" interfaces, i.e.,
interfaces to off-line exchange media (magtapes, cartridges,
floppy disks, etc.)
the clear apportionment of responsibility for implementation
thereof.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2OO /gJ %.-CIA-RDP86BO92~ 1 g Oc16160
4.2.7 THE UNIVERSAL TERMINAL NETWORK
Summary
Functional specialization, compartmentation,
and organizational structure, in the absence of an
overall architecture, lead to a proliferation of
disjoint terminal networks. However,
specialization, structure, and compartmentation
are neither absolute nor eternal. People's
information needs are dynamic and the terminal
network, as it becomes our primary access to
information, must accommodate.
We must rediscover the universality of
information, recognize administrative and
substantive data as indistinguishable except by
application, and distinguish between the access
controls for information and the interconnectivity
of the underlying network.
It is recommended that a blueprint be
developed for the universal terminal network and
that current and planned equipments be
reconfigured in accordance with it.
It is further recommended that the
convergence between word- and data-processing
be accelerated: that the majority of our
administrative memoranda be reduced to the data
base transactions they really are ... a clear
opportunity to do more with less.
The benefits in reduced numbers of terminals
(in the aggregate and on any one desk), the
attendant standardization of user interfaces and
resulting simplifications in training, and the
enhanced utility and flexibility of the network will
be substantial rewards. The universality of the
physical network should not preclude the
superimposition, where necessary, of
administratively discrete logical networks upon it.
Background
Like Topsy, information processing in CIA just grew. Now,
disjoint applications run on a single mainframe computer, several
mainframes are networked together, several dedicated minis are to join
the network, while others stand alone running one or several related
or unrelated applications.
4-60 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BO0269ROO1300060001-0
Approved For Release 20(XEtl T CIA-RDP86B0J DOMMR60080-0
A variety of terminal networks serve these applications:
- ODP's network of Delta Data terminals which access, via
COMTENs, the general purpose mainframes in the Ruffing
Center;
- A network of Delta Data terminals accessing the CAMS
application in the Special Center -- this network is logically
and administratively distinct from, but electrically
interconnected with the above network via COMTENs;
- A network of Delta Data terminals accessing DO applications
in the Special Center -- logically and administratively
distinct from, but electrically interconnected to the
aforementioned networks via COMTEN interconnection;
- A network of STAR terminals tied directly to mainframes in
the Special Center ... and therefore electrically but not
logically interconnected to all preceding networks;
- A group of four-phase input devices now on-line to Special
Center mainframes ... and therefore electrically but not
logically connected to all above networks;
- A forthcoming network of SAFE terminals tied to segregated
SAFE mainframes ... which will be electrically
interconnected with, and provide a logical gateway to general
purpose Ruffing Center mainframes ... and therefore
electrically but not logically connected to all preceding
networks;
A network of CDS terminals tied to segregated CDS
mainframes ... which are electrically and logically
interconnected with GC03 mainframes ... thence to
preceding networks;
A network of Ann Arbor terminals serving two crisis
management computers in the Office of Current Operations
... which are connected to GC03 mainframes via COMTEN
and to CDS (receive only);
A network of ETECS terminals connected to a P&PD
mini-computer network will be connected to VM GC03
mainframes ... and therefore generally connected to above
networks;
A network of System 6 terminals are connected to OCO/PPG's
System 6, connected in turn to VM GC03 mainframes via
COMTEN network ... and therefore generally connected to
above networks;
- A network of Delta Data terminals dedicated to the NPIC
Data System ... logically and electrically connected through
DATEX. (S 3d(3))
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20qfk~-11 CIA-RDP86B(~D%gWP1 7k6Q@ga-0
To understand the interconnections of these terminal networks, it is
useful to introduce some computer science argot: "virtual", "logical",
and "transparent". The terms virtual and logical, nearly synonornous
in this context, imply that the functional description of a device can
be divorced from its physical implementation. In this same context,
transparent means that the user of a (logical/virtual) device should
be unaware of the incongruity.
In the case of a communications network, then, we can have an
underlying electrical interconnectivity upon which we can superimpose
a number of different logical networks. The logical networks may be
distinguished from one another by:
- use of different communications protocols; or
- administrative access controls; or
- the ignorance of subcultures of the overall community of
subscribers.
In turn, this suggests that if one wishes to compartment the various
logical networks, keeping subscribers to one logical network from
accessing another we can:
i. implement the logical networks so that they map one--to-one
onto separate physical networks;
ii. utilize different communications protocols ... which the
individual user must be unable to modify;
iii. utilize a more general protocol which enforces
administratively set access controls;
iv. hide the existence of a larger network from subscribers.
The last strategy, depending upon secrecy, is a risky one at
best. It is overcome by curiosity, accident, and the sheer number of
subscribers. Worse, having kept the very existence of a larger
network secret, the discoverer will not appreciate the gravity of
trespass.
The first strategy, physical separation, is technically foolproof,
but operationally awkward if some subscribers are privy to more than
one compartment and therefore must access more than one logical
network. Specialized interconnections merely return us to the
original problem, albeit sometimes disguised. The alternative is an
array of specialized terminals for that user, and expensive,
error-prone manual transport of information from one network to the
other. (note that the more we automate the manual interconnection --
say, by a tape-carry -- the more we lose the original benefit,
namely, the mind of the knowledgeable human serving as the gateway
between two otherwise disconnected networks.)
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20WIOR12T : CIA-RDP86BZ(M8TF66'I Il56061 01-0
The second strategy, depending upon different protocols, also
disadvantages those subscribers common to more than one network.
Its success, moreover, depends upon a user being unable to modify
the protocols. The present state of the computer security art
cautions that this is hard to prevent if the protocols are implemented
in a general purpose, time-sharing environment. Thus, such
protocols must be the province of specialized, dedicated
communications processors. Simply moving protocols into hardware,
while appealing on the surface, probably will collide with industry
trends. Developing a protocol control chip costs about $250,000,
making impractical the single protocol chip. The forecast is that
commercially available chips will, therefore, handle many protocols;
protocol selection will be based upon CPU control signals. If the CPU
from which the control signals are derived is time-shared,
general-purpose, then hostile-user code can abrogate the intended
separation, again arguing for a specialized, dedicated communications
processor.
The third strategy accomodates overlapping communities of
interest, but like the second, today depends upon the access controls
mechanisms being sequestered in a specialized, dedicated
communications processor. A variant on this theme is the use of
cryptographic separation, with dynamic key distribution on a per
transaction basis; the Key Distribution Center (KDC) is responsible
for enforcing access controls. Less operationally responsive,
super-encipherment with static keying also can enforce logical
separation; peripheral nodes must be intelligent enough to add
communications headers after encipherment ... we might refer to this
as a Private Line Interface (PLI).
The Universality of the Terminal
The functionality of terminals is steadily increasing. They have
more local processing power, allowing more efficient communications or
stand-alone processing. Higher resolution, multiple character sets
and graphics, including color, are all examples of the increased
functionality. The base price of terminals of interest to the Agency
continues to be dominated by the cost of CRT, keyboard,
tempest-proof enclosure and power supply. Given this rather high
fixed cost, functions which can be software-derived --local processing
power, graphics and multiple fonts -- add little to the cost. Marginal
costs for higher resolution and color will be noticeable, however.
Because of the increased processing power which could be
available, at small marginal cost, in all our terminals, there is no
reason why terminals need to be dedicated to applications, excepting
needs for high resolution color. Of course, certain configurations --
keyboards, for example -- might be optional for some applications.
However, judicious procurement will allow a high degree of
interchangeability. Thus, most of our terminals could be universally
applicable to most of our applications. This is true even were the
Agency to retreat from its ideal of a single standard terminal (Delta
Data 7000).
4-63 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006~~t4k-TCIA-RDP86BOt 2% O9@g00
The Universality of Data
The encoding of information for machine manipulation does not
distinguish between substantive and administrative data, nor between
word processing or data processing functions. At root, then, there
is no reason to have separate networks for administrative data and
for substantive intelligence data; in fact, there are good reasons to
merge these. Similarly, we should strive to eliminate any distinction
between word processing and data processing terminals. Insofar as
these distinctions occur today in commercial offerings, they result
from historically different starting points in the development of the
two functions. Irrespective of starting point, word processing and
data processing terminals (and the processes themselves) are
converging. As word processing matures, the file management,
communications, and sophisticated text processing algorithms of data
processing (Key Word in Context, etc.) will be inextricably
incorporated. Similarly, as data processing matures, loosely
formatted strings of text become an increasingly important data-type.
Perhaps the most compelling evidence of the similarity, and the
richest prospect for economies as a function of more automated
information handling, arises from an inspection of adminstrative
memoranda and forms. To communicate administrative information,
request information, seek concurrence, or accomplish coordination, we
compose a memorandum. As a particular species of communication is
required over and over, human creativity overlays the few bits of
data with poetic variation. The addressee must strip away the
semantic disguise to recover the few data bits. Sometimes the
process is noisy and the recovery flawed. Additional noise is
introduced as the data included by the initiator may not be exactly
congruent with the needs of the recipient. Ultimately, a form may be
created which structures the communique. Thus, many of our
adminstrative memoranda are basically simple database transaction,
which, if the truth be recognized, could proceed directly from
keyboard to data base much more efficiently. That is, much of
today's word processing is really data processing gone agley. If ever
there was the opportunity to "do more with less", it is here.
In the terminal proper, word processing will benefit from the
incorporation of graphics (maps, charts, etc.), while data processing
will benefit from the full page displays (50-60 lines of text) which
exemplify the best word processing devices. The local processing
power now being included in terminals accommodates word or data
processing algorithms insofar as they may be distinct, as well as
general communications protocols.
Access Control and Authentication
To achieve compartmentation, ensure command privacy, and
bolster security it is essential to control the access of individuals to
information. A quantity of information can be given only to an
4-64 SECRET 4-64
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 20 t l i E2 : CIA-RDP86B0026 t }6tM-0
individual with a predetermined need-to-know. The three parts to
this process are:
authentication of the individual-- Who is he? Is he who he
claims to be? In what capacity is he acting?
identification of the information-- What information is being
requested? (Or, what process is being initiated?)
validation of the permission- May that person access that
information or initiate that process?
In essence, then, compartmentation is an incontrovertible decision
based on an unimpeachable function which maps individuals to a
quanta of information. The process can break down in two generic
ways:
- the mechanism can be bypassed-- The information can be
obtained outside the purview of the access control process
the mechanism can be suborned-- An individual can
masquerade as another, disquise the information requested,
or tamper with the mapping function of individuals to
information.
Drawing upon the computer science distinction between procedure and
data, bypassing the mechanism is procedural while suborning the
mechanism is a function of data. In considering ways in which the
mechanism can be suborned it is useful to consider individually the
data required for authentication, identification, and validation.
Basically, all schemes for authenticating the individual come down
to known information which can be supplied uniquely by that
individual. This information can be a password, the bitting of a
conventional key, a derived function of the fingerprint or speech
pattern, information recorded on a badge, etc. The password can be
elaborated to include an extended inquiry where the individual is
randomly required to supply personal history details, the aggregation
of which is probably known only to him and the system.
The authenticating data can be acquired by a malefactor from
three sources: from the individual himself, from the system's records,
or the malefactor can alter to a known state the system's records.
An individual can reveal his password, or (temporarily) lose
control of his key or his badge. The malefactor needs a means of
copying that information for later production . . . easy for a password,
and not hard for key or badge information. Copying information
carried in fingerprint or voiceprint is technically no harder for the
malefactor than for the system, and does not really require the
cooperation of the individual. However, the capital investment
required for fingerprint information currently exceeds badge and
voiceprint, while no capital investment is required in the case of the
4-65 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?L1C1k2el?CIA-RDP86B022ERP 'aJO&
password, and little in the case of a conventional key. The mix of
such authentication devices must be based upon a threat analysis
which reveals the casual or determined nature of the potential
malefactors and the protective custody which can/will be exercised by
the individual.
It is recommended that a blueprint be developed for the universal
terminal network and that current and planned equipments be
reconfigured in accordance with it. The blueprint, presumably the
work of the System Architect, and coordinated with affected
components, will include:
the physical interconnection (backbone communications)
network;
the logical networks superimposed upon the backbone;
the administrative and technical measures (i.e. cryptographic
separation) which will keep logical networks distinct;
the administrative and technical procedures for passing
information (through a "gateway") from one logical network
to another, including necessary authentications;
the clear apportionment of responsibility for implementation
thereof.
This will require a vigorous research program to further the
principles of dynamic electronic key distribution to support
cryptographic separation of logical networks.
It is further recommended that all new terminal acquisitions, and
word processing devices (for as long as the two remain distinct) be
procured so as to serve multiple function, and equipped with
compatible communications options. It is not recommended that the
terminals be provided with local storage; instead, it is recommended
that the network provided storage ... distributed as required in
vaulted "registries".
Finally, it is recommended that the convergence between word--
and data-processing be accelerated: that the majority of our
administrative memoranda be reduced to the database transactions
they really are. At this point, conventional typewriters should begin
to phase out (unless we institute a robust, conveniently distributed
OCR interface to the general information distribution network.) A
particular target for replacement should be those with local magnetic
media storage.
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-66 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2096 R(EI: CIA-RDP86BB0269R1fflMBUM6i ?l-0
4.2.8 CENTRALIZED DISSEMINATION AND REFERENCE
Summary
To its detriment, the Agency has permitted
development of a disharmony of information
services. Acting as if the media were the
message, different dissemination systems and
different storage and retrieval systems service
different incoming information streams. Thus the
Agency denies its roots as coordinator of
.information and impedes fulfillment of its
all-source analysis role.
Providers of the disjoint dissemination and
retrieval services needlessly duplicate the design,
development and operation of systems to satisfy
user needs. Worse, would-be users must
supplicate many suppliers, never sure of the
completeness of their inquiry.
Task Force analysis of dissemination sharpens
two distinctions and blurs one:
- distinguish dissemination (cognitive,
who gets what?) from distribution
(physical delivery)
distinguish centralized data base of
dissemination requirements, from the
centralization of disseminators and/or the
centralization of release policy
- recognize the similarity of dissemination
(requesting to-be-available information
on a topic) and reference (requesting
available information on a topic).
It is recommended that the Agency
recentralize dissemination and reference services
as these are increasingly done "on-line", and that
an integrated database of dissemination
requirements be kept, accessible to all would-be
disseminators. Where security/compartmentation
dictates, levels of indirection may be used.
Two components are responsible for the bulk of document
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?/I~/Iil-CIA-RDP86B092?if MBJWGMO0
dissemination in the Agency. They are the Office of Communications
(cables) and the Office of Central Reference (hard-copy intelligence
documents and open-source publications). On a more limited scale,
OD&E, FBIS, OCO and RES Watch Offices, DO/IMS, various
registries, and the originators of documents are all involved in
dissemination functions. (C 3d(3))
Although reasonably well satisfied with dissemination support,
users identify three types of dissemination problems; delays in user
receipt of electrically received intelligence products, a need for
dissemination tailored to users (branch, individual) requirements, and
a concern that the various Agency components involved in the
dissemination process do not use the same set of reading requirements
with the inevitable result that information is missed.
As in the dissemination function, many components are involved in
storing and retrieving information. OCR manages the AEGIS/RECON
Subject file, Biographic files, files, Rapid Search Machine files and
Interim SAFE. OC maintains reference and archival files on Agency
cables. DO/IMS manages, among others, the Special Trace and
Retrieval system, the Documentation Reference System, the COMET
Cable file and the Walnut Microfilm file. The Exploitation Products
file, the Objects Data file and the Installation Data file are major
NPIC data bases. Hundreds of files are maintained by other Agency
components as data bases in ODP systems oron dedicated mini and
microcomputers located in Agency components. (C 3d(3))
Users of reference systems see a need for more flexible and user-
oriented retrieval facilities and a need for directories or catalogs of
stored information and information handling systems.
User Difficulties with Multiple Systems
Agency personnel in need of information can request that
information from one or more of the several reference systems. All of
the dissemination and reference systems, however, operate
independently. The user must first learn what dissemination and
reference systems exist and what source materials each disseminates
or stores. The user then must go through the bureaucratic drill of
levying information requirements against each of the separate
dissemination systems and requests against each of the separate
reference systems to be sure that he has obtained all available
information on his subject.
This partitioning of dissemination and reference systems, while
understandable given the evolutionary development of information
handling over the life of the Agency, pressures for compartmentation,
isolated locations, etc., makes the job of the user considerably more
time consuming. Partitioning inevitably raises doubts in the user's
mind as to whether all available information sources have been fully
exploited.
4-68 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
a1 E : CIA-RDP86BQ0S? BUD61' l-0
Simplification Needed
We assume the average user is able to cope with the multiple
systems available to him once they have been identified. But, each
additional system demands more of his time. There are other
pressures, too, for simplicity and standardization of dissemination and
reference systems. The sheer cost of developing and operating
overlapping systems ... including multiple indexing and data entry,
on occasion ... pushes us toward standardization and integration in a
time of fiscal austerity.
There is an obvious need to simplify the user interface with
dissemination and reference systems, to reduce training costs,
provide more information on what is available, and to combine systems
where possible. Simplification is not easy to achieve, however.
Functionally related systems, dissemination, for example, exist in
several organizationally autonomous components of the Agency.
Combination of systems would require not only that technical barriers
be overcome but organizational barriers as well. Two alternatives, a
requirements registry and a catalog of reference services provide
some relief and avoid the organization issue.
Requirements Registry
Rather than submit redundant requirements to each of the many
organizations having dissemination responsibility, the user would
submit his requirements (e.g., subject, area, source, category ...)
to a reading requirements registry. The requirement would be
entered into an automated requirements database to which controlled,
shared access would be available to all would-be disseminators ...
who would be required to use it. Such a database would save the
user time, assure higher quality, and help the disseminators, as well
... assuming the latter had remote terminal access. Giving the
disseminator a search capability against this data base would simplify
the matching of requirements with incoming material. The
requirements could be automatically run against stored collections of
material.
The on-line system would provide tools for the maintenance and
updating of the database so that flows of information could be easily
terminated when no longer required. Also provided would be
clearance and compartmentation data about the requestor.
Reference Service Catalog
The interface between users of intelligence information and the
various reference services must be simplified. A catalog of available
reference and dissemination services has been suggested on a number
of occasions. Inventories of reference systems have, on occasion,
been completed, sometimes for other purposes. These have not,
however, been widely enough circulated nor have they been
maintained, thus quickly falling into disrepair and, understandably,
disuse. Nor has thoroughness always been the goal, again
diminishing the usefulness of past inventories. Maintaining such a
4-69 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200~jf~4 it. CIA-RDP86B0~2 F9JWJW60ffib 0
catalog should be recognized for the time-consuming job it is.
Automation of such a catalog would help keep it current, and remotely
accessible.
Combining Dissemination and Reference Service
Because both dissemination and reference functions are, today,
labor intensive, combining the two to save manpower is attractive.
Conceptually, the two services are alike. Both attempt to match user
requirements for information with available information. The
dissemination process attempts to match user requirements with
newly-arrived information. The reference process attempts to match
user requirements with stored (previously received) information.
Historical Developments
One of the earliest attempts to combine dissemination and
reference activities took place in June 1949. At that time the
Agency's Office of Collection and Dissemination conducted an
experiment to determine the feasibility of having one person do both
coding for retrieval and reading for dissemination of documents. At
that time the reference function was already supported by an IBM
punched card system. A two week test proved little except that all
agreed that keeping current with changing reading requirements was
the hard part.
A later (mid-50's) test explored the feasibility of automatic
dissemination based on a match between punched card subject/area
code representations of documents and reading requirements indexed
with the same codes. Accuracy of dissemination was good but
dissemination was slowed because of delays in coding the documents
(which equation, presumably changed with electrical receipt and
computer advances ... culminating in MAD).
Looking forward to increased electronic receipts and holdings,
including internally produced, word-processed documents, and
incorporating modern computing technology makes possible what was
formerly only desirable.
The Continuing Present
OC's Cable Dissemination System, CDS, is now the primary
dissemination vehicle for electrical messages (cables). CDS
incorporates, vitally, the MAD automated dissemination concepts (and
execution). To support electrical distribution to current analysts,
the distribution portion of the MAD software has been reborn in
ODP's Message Routing Service. Electronic delivery of selected
messages to NFAC analysts is provided by Project SAFE (which, in
its selectivity is a dissemination/reference system.) NPIC's installation
of the High Speed Text Search (HSTS) machine will provide key word
in context dissemination/retrieval. The DO-OC plan for remote
APARS will incorporate second-level dissemination at the periphery of
the distribution network (in the registries) whose terminal
mini-computers and human ingenuity will create irresistible pressures
4-70 SECRET`
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20960CIFRr@T : CIA-RDP86BZGM9Ff= MI5E
for automated dissemination. (C 3d(3))
Finally, much reference activity has been automated. OCR's
Rapid Search Machine (RSM), Interim SAFE, RECON, DO's COMET,
NPIC's Integrated Information System (IIS) are examples of successful
automated information reference systems. All are independent systems
created to meet individually perceived needs which are, nonetheless,
common. (C 3d(3))
Recommendations
It is recommended that:
dissemination and reference be considered together for
planning and technical design;
a consolidated requirements registry be instituted to maintain
an on-line database which will be remotely accessed by all
would-be disseminators;
a more rational blueprint for the (system of) dissemination
and reference systems be promulgated;
- a catalog of information dissemination and reference services
be compiled and maintained on-line.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
4-71 SECRET 4-71
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200WgCVRJt.CIA-RDP86B0F%WPJqj
Q( 0f7qe
4.3 STANDARDS FOR INFORMATION HANDLING
At the inception of this study, there was the belief that were
standards adopted, many of our perceived difficulties would be eased.
Certainly, this is true of good standards, but the simplicity of the
statement may serve to mask the need for an infrastructure of
planning and architectural design. Inasmuch as these needs have
been dealt with previously, this section concentrates on the perceived
benefits of good standards, while cautioning against premature
standards which can pre-empt economical use of changing technology.
Section 4.3.1 develops this general theme, observing that
promulgating a standard may be merely an acknowledgement that
standardization has occurred.
Section 4.3.2, NETWORKING STANDARDS, discusses the disarray
of national/international network standards, concludes that for the
near future we will have to manage a variety of protocols, and
suggests that the set can be kept smallest by a solely responsible
component.
Section 4.3.3, DATA BASE STANDARDS, (to be supplied)
recognizes the highly leveraged growth in usefulness as data bases
are inter-related, and therefore the desirability of standards. Also
recognized, however, are the (motivated?) incompatibilities in the
market place. As previously, the conclusion is that focusing
administrative responsibility in the organization will limit the number
of protocols we must concurrently support.
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-72 SECRET 4-72
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
t1MZ : CIA-RDP86BQ0Sfi7RMABER6
4.3.1 INFORMATION HANDLING STANDARDS
Summary
Well chosen, well designed standards
contribute to efficiency, cost effectiveness,
uniformity and, often, security. Unfortunately,
the reverse is also true.
The question of technical standards for
information services is not what but when.
Throughout this report there is the underlying thesis that little
is unique to the Agency in the use and provision of information
services. When addressing the subject of standards this thesis is of
great significance. If we are to achieve maximum effectiveness from
limited resources then we will fare better with no standards than
Agency standards that are unique from those widely accepted in the
rest of government and industry.
Unique standards will commit the Agency to sole support of
design, production, and maintenance and, hence, unnecessarily sap
resources. Conversely, adopting standards that meet essential needs
and that are widely accepted by other organizations will lower costs.
While these thoughts state the obvious, they belie the difficulty
of implementing a good standards program in a rapidly developing
area of activity such as information services. Our ability to invent
new devices, applications and services far outraces our management
ability to reach consensus across a wide enough population to
describe associated procedures and specifications as standard. The
time interval between invention and standardization frequently exceeds
a decade. When standards are agreed upon they may appear at any
one of several hierarchical levels; community, government, national,
or international. It is not uncommon to see the same function
addressed by disparate standards from different hierarchical levels.
The problem of standardization for the Agency then is more that
of timing than substance. Recognizing that standardization in a given
instance could improve effectiveness is not sufficient. Knowing when
standardization becomes economically attractive is key.
One pragmatic observation of the standards process is that formal
acceptance of a standard is frequently an anticlimactic
acknowledgement that standardization has been implemented.
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-73 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200gi1C1k2il??CIA-RDP86BO92~E9p1 1 6
4.3.2 _ NETWORKING STANDARDS
Summary
Networking of computer systems requires
agreement on conventions for the format and
content of messages to be exchanged.
Standardization of these conventions, or
protocols, will greatly enhance our ability to
maximize return on investment in information
services.
While a number of protocols have achieved
popular acceptance, emergence of one
overwhelming favorite remains in the indefinite
future.
For the near term, the Agency will be best
served by managing a minimum set of protocols
rather than striving for a single standard.
While the desirability of a standard protocol for
intercommunication among machines has long been recognized,
development of that standard has been painfully slow. There now
exists an international standard protocol developed by the CCITT and
referred to as X.25.
Unfortunately, the U.S. market was not content to await a
standard. To gain the benefits of distributed processing, U. S.
industry proceeded in the absence of standards. The result is a
variety of protocols that are, for the most part, vendor unique. The
common complaint heard that one vendor's computer cannot talk to a
second vendor's product is usually a result of incompatible protocols.
Major vendors find a marketing advantage in unique protocols
since customers have yet one more compelling reason to stay with a
vendor's product line, i. e. , communication compatibility. Hence, the
prospect of quick agreement on a U.S. standard is bleak. Resolution
will likely occur as a result of the competitive market forces and not
organizational fiat. One will see a lengthy period of evolution marked
by the appearance of specialty firms who will exploit incompatibility
by marketing conversion or translation systems that will negate the
need for the computers at either end of a link to be modified. In
parallel will develop an option set of protocols from the computer
manufacturers that will resolve incompatibilities between vendor
protocols at added cost. Over a period of several years there may
4-74 SECRET'
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
develop a discernible movement towards one standard as evidenced by
the pattern of protocol options offered.
How the Agency deals with this fluid situation can have a
significant impact on how rapidly development of systems occurs.
Resources expended to deal with incompatibilities are obviously lost to
development of new services. On the other side, economies gained
from forced standardization can quickly evaporate if history proves
our anticipatory efforts in error.
For the near term there appears no alternative to accepting
multiple protocols within the Agency system. What is indicated is a
strategy that will minimize the number of protocols we are forced to
live with. The X.25 protocol mentioned earlier will become standard
in international communications. Therefore OC's decision to implement
MERCURY with X.25 protocol is reasonable and establishes one
standard for overseas operations. Whether X.25 will ultimately
become a domestic standard remains questionable. In the interim the
Agency will be well served by assigning responsibility for networking
standards to one organization with a charge to minimize the cost of
networking by evolution to standards emerging in industry.
Responsibility for network standards should be assigned to one
organization which will attempt to minimize the costs of networking by
limiting the number of protocols within the Agency and evolving
Agency standards in consonance with industry trends.
Approved For Release 2006/11/22 : CIA-R?P86B00269R001300060001-0
Approved For Release 200?6'UR--CIA-RDP86BQQ2 ~qjff0J-0
Summary
Databases are the stock-in-trade of the
intelligence process. Nonetheless, the computer,
with its changing software, has lured us from the
database standards of our manual files. Each new
datamanagement system brings with it unique
database "standards".
Theory tells us that new datamanagement
systems should be able to separate the user's
model of the database from the storage strategy
used by the system. Until recently, however,
datamanagement systems did not fulfill this
promise. More importantly, the introduction of a
new datamanagement system is, historically, the
occasion for a reformatting of the database, a new
conceptualization by the users, and a recoding of
the elements of the database. As a consequence,
database conversions are extremely costly ... out
of proportion to the benefit, often. Moreover,
interchange between databases is difficult and
costly. The result is separately maintained copies
of a database, each in its own format, and
generally out of synchrony with the others.
Occasionally noticeable analytic differences are
derived therefrom; the result is somewhat
diminished credibility ... of the analyst to the
policy maker and of the datbase to the analysts.
As we come to recognize how many component
functions are, at their root, database
administration ... with management or analytic
reports derived therefrom .... and as new
datamanagement systems are introduced which
accord with new DBMS theory, we have the
opportunity to make substantial improvements. A
process for setting, maintaining (and changing
when necessary) the standards for databases in
the Agency will become crucial. As we recognize
the benefits of integrated yet distributed
databases, whose parts are separately
administered as required by security or logical
task breakdown, the need will become yet more
crucial.
Unfortunately, the commercial world is not
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 206E(CPIE2 : CIA-RDP86BI30S6 MD 6 1-0
moving as fast toward standardization in the
database area as in, say, the telecommunications
area ... although they share our exact needs for
standardization of databases. It will, then, be
tempting to move out smartly and set standards of
our own. The attendant risk of diverging
irreconcilably from the commercial, (cost
effective) trend is obvious. The Systems
Architect will need to keep a weather eye on
commercial movements.
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-77 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200OL14JW-t- CIA-RDP86B0~2g2p'ai(060
4.4 COMPARTMENTATION IN INFORMATION HANDLING
Previous sections have discussed benefits of inter-relation of
databases, and inter-connectivity of networks of subscribers. These
discussions have been coupled with technical discussions as to how
separation, for compartmentation and/or command-privacy might be
accomplished. This section analyzes the problems of control and
accountability in light of the changing technology and the changing
operational concepts, suggested in previous sections, which will
result. Underlying this section is a projected policy swing from
document accountability to personal information accountability.
Section 4.4.1, INFORMATION SECURITY AND
COMPARTMENTATION, lays the policy and cost benefit tradeoffs for
instituting new information security measures. A distinction is
drawn, insofar as possible, between security and compartmentation.
While admitting the increasing technical threat which may be posed by
the new technologies, this section reminds us that personnel security
must lay the firm keel, and physical security the sound hull on which
a technical security superstructure may be erected.
Section 4.4.2, COMPUTER SECURITY, alerts us to certain generic
technical threats, promotes the value of audit trails, and concludes
that in computer security, as in other areas of information handling,
our needs may not be so unique as once thought, and might, thus,
be met by commercial offerings. Uniform personnel and physical
security standards for the Community, and development of and stress
on damage limiting techniques for databases, may allow us to maximize
networking and its associated benefits.
Section 4.4.3, ENCRYPTION, STORAGE, COMPARTMENTATION AND
DESTRUCTION, analyzes the context in which overseas ADP can
promote quick destruction, highlights conditions which might make
quick destruction illusory, and concludes that encrypted storage may
provide an extra margin of safety, both in normal operation by
supporting compartmentation, and in emergency operation by
supporting quick destruction and reconstitution.
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-78 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 lRE : CIA-RDP86EZJCM01RB %BB0M01-0
4.4.1 INFORMATION SECURITY AND COMPARTMENTATION
Summary
The information security program should
strive to:
o Prevent unauthorized disclosure
o Prevent accidental or purposeful damage
to information
o Quickly detect failures of protective
systems
o Provide quick, accurate and complete
damage assessments
o Provide rapid recovery from system
failures
The foundation of information security is a
personnel security program that verifies the
trustworthiness of employees and a physical
security program to assure information is available
only to trustworthy personnel.
Compartmentation is an administrative
formalization of the need-to-know principle
intended to restrict access to a minimum essential
core of personnel within the total population of
trusted employees.
The fundamental vulnerability of information
security is the fact that information is not
physical property, i.e., paper, magnetic media,
microfilm, etc. Information is knowledge which
can be transferred without benefit of physical
media.
Therefore, any investment in systems
designed to protect the physical representation of
information must be balanced against the state of
our defenses against loss of information through
the abstract channel represented by the mind.
An effective information security program will
address personal accountability for knowledge and
its disposition. To the extent that technical and
administrative systems can aid the individual in
responsibly and accurately fulfilling his
obligation, they should be valued.
Systems whose purpose is damage assessment
and/or recovery should be transparent to the
employee. Procedures that reduce the efficiency
of employee job performance in order to allow
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200'd&kil-CIA-RDP86B0F%W( 1A 0?69o0
after-the-fact analysis of loss are to be avoided.
Technology can provide substantial cost benefits
in this instance.
Background
While those at the center of security policy may have always
appreciated the subtle difficulties of protecting information, the line
components responsible for policy enforcement frequently have not.
This can and has resulted in establishment of systems and procedures
that are expensive, cumbersome and obviously vulnerable.
A system to protect documentary information that requires an
employee to take positive action to place himself on the record as
having accessed information is so patently vulnerable that the most
conscientious employees will view the procedure with disdain.
An improvement to that system which requires a second person to
be accountable for recording accesses to information substantively
increases respect for system effectiveness but without substantially
improving absolute security. Knowledge still transfers without benefit
of accountability other than personal accountability.
It is the employee's willingness to uphold and defend the trust
placed in him by management that provides the only effective
information security. As employees perceive management imposing
inefficiencies on job performance in the name of improved security,
the effectiveness of protective systems will decrease.
Since, in the final analysis, it is each employee's commitment -to
personal accountability that provides effective information security,
gains from management and control systems to increase security of the
physical media containing information should be weighed against gains
from equivalent investments in employee indoctrination and
repolygraph programs that reinforce individual commitment to personal
accountability.
It is more appropriate to view investments in formalized systems
of information control as aids to investigative procedures and damage
assessments. These systems exist to allow us to detect and correct
failures, accidents and malevolence. As such, they are ill-conceived
if effective operation is based on overt acknowledgement by an
individual who does not recognize or who does not want to have
recognized the results of his actions. Effective systems require
independent, competent and trustworthy monitors.
The Headquarters Security Task Force embodied this thought in
their recommendation that sensitive material be contained in registry
reading rooms along with copy machines under independent and,
hopefully, competent supervision of information specialists. Our
collective reluctance to accept such a recommendation can be
interpreted as an intuitive understanding that we were being asked to
pay a high price to prepare for a low probability event. We were
asked to invest in protection of physical media without measurable
4-80 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 206/ii E2 : CIA-RDP86BQ03l 6
gain in protection of knowledge. We were asked to impose
inefficiencies on job performance for a control system that the
employee recognized as vulnerable. (C 3d(5))
Technology-based systems hold promise for improving the cost
effectiveness of information control. While technology will do little
more to protect knowledge, it will provide ways to detect and correct
accidents and failures in administrative control of physical media at
reasonable cost and with minimal impact on employee efficiency.
There will also be new ways to protect employees from mistakes.
While technology will not prevent malevolence, it promises to reduce
the probability of occurrence and contain the effects as well as
present manual systems.
The major line of defense in information security is personnel
security and individual commitment to the principle of personal
accountability.
Management artifices such as compartmentation and document
controls are, in the final analysis, only of value in detecting and
correcting failures after the fact, assuming failure is defined as
passage of knowledge to personnel whose trust is open to question.
While technology will not appreciably improve our ability to
protect information, it will greatly enhance the effectiveness and
efficiency with which physical media can be controlled.
There is no reason to believe that technology will guarantee
protection from the malevolent person but every reason to believe that
technology can limit damage to the same extent as current systems.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
4-81 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200ft1C1Rj-t. CIA-RDP86B022S6~PMEW% k0
4.4.2 COMPUTER SECURITY
Summary
Computer security can be defined as all
physical, personnel and technical security
measures taken to protect a computer system and
its information. The more common definition is
those measures taken to protect the instructions
and data within the computer hardware. This
paper assumes the common definition.
From a historical perspective, the
development of computer security can be viewed
as paralleling development of physical and
personnel security. The end objective in each
case is achievement of acceptable cost vs. risk
trade-offs that allow Agency operations to proceed
at acceptable costs but with finite probability of
compromise.
An impressive inventory of protective
techniques already exist for safeguarding
computer software and data. The major remaining
obstacle to wider networking is damage-limiting
technology for sensitive data.
Within a homogeneous physical and personnel
security environment as exists in the Agency
today, multi-compartmented networks are
achievable within acceptable costs vs. risk
boundaries.
Development of damage-limiting techniques
combined with careful construction of policy can
present acceptable cost vs. risk options for
multi-level secure networking and wider
Community networking within the planning period.
Background
The security disciplines came to an early realization that
impenetrable defenses could not be designed. The security problem
inevitably reduced to cost vs. risk. When further improvements to
one protective technique became too costly and difficult, the concept
called rings of security allowed lower cost protective systems to be
chained together to further reduce risk at acceptable cost. In this
fashion we have arrived at a highly developed set of physical security
standards that, given a particular operating environment, allow us to
4-82 SECRET' 4-82
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 /(tRET: CIA-RDP86BQ0S BU06 1-0
quickly determine what combination of guards, vaults, safes and
alarms will reduce vulnerability of sensitive documentary information
to an acceptable level.
The creation of large electronic data bases and computer
networking has literally short-circuited decades of physical security
development. The ability to move information electronically has
created the need to devise new rings of protective systems.
There are now access controls that are as adequate as badging
systems for authenticating individuals requesting access to computer
systems. Extensions of the access control mechanisms allow the
computer to ascertain those categories of data the individual has a
need-to-know.
Data Base Management systems provide users capability to
prescribe in detail requirements for privacy of their data.
Audit routines are capable of recording with unprecedented
accuracy and detail the nature of information accesses. The huge
volumes of audit data recorded can be thoroughly searched by
security routines to point out anomalous patterns of individual
behavior.
While instructions controlling system operation are expected to
remain vulnerable, efforts to date have developed an inventory of
techniques for trapping and alarming unauthorized transgressors that
can make attempted subversion of systems an intellectual challenge of
high order.
The largest area of concern remaining is damage limitation. Given
the new rings of security as described above, there is still the real
probability that penetration can and will occur by accident or intent.
Therefore, the task before technologists is to devise ways to minimize
losses. There are analogues available in the document world that
suggest answers to this problem.
One approach is to geographically distribute information so that
any one failure results in loss of an acceptably small part of the data
base. This is translatable to relatively small computer systems and
data bases distributed throughout the Agency, each logically
disconnected from the other.
Another approach would be to emulate safes and vaults, i.e.,
distribute a large data base within one geographic location into a
large number of security containers, each of which requires a
significant effort to open. This principle is translatable to electronic
data bases by application of encryption. By encrypting suitably small
subsets of the data base under different keys (combinations) one will
have emulated a large number of safes each with the potential to
withstand attempts at forced and surreptitious entry of much longer
duration than the physical analog.
As in most areas of information service there is little unique to
4-83 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200gi1~ figT?CIA-RDP86BO22~E9pt 1
the Agency on the subject of computer security. Industry, banking,
and virtually every sector of society is increasingly concerned with
computer security. The prevalence of computer crime and its impact
on the economy are great incentives to development of protective
techniques.
Adequate protection exists to permit multi-compartment networking
within the Agency today. This protection is a combination of
homogeneous physical and personnel security systems combined with
currently available computer security technology.
Networking can proceed within the Community with further
standardization of security procedures and/or development of damage
limiting techniques for computer systems.
Multi-level operation within acceptable cost vs. risk considerations
will depend on development of damage limiting technology.
By taking advantage of protective systems developed within the
commercial sector, we will be able to achieve acceptable cost vs. risk
tradeoffs with modest investment.
1. The Agency should take the initiative to establish uniform
physical and personnel security standards for the Community.
2. Emphasis should be placed on developing damage limiting
techniques for data bases so that the efficiencies of networking
can be maximized within the Agency and the Community.
ALL PORTIONS THIS SECTION UNCLASSIFIED
4-84 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2: CIA-RDP86EZ)c P MER090801-0
4.4.3 ENCRYPTION, STORAGE, COMPARTMENTATION
AND DESTRUCTION
Summary
Recent events have re-emphasized the need for
quick destruction of sensitive material. The use
of computers has been suggested in order to
replace paper files with computer files thought to
be more easily destroyed.
This paper examines the premise of easily
destroyed computer files, and illustrates some
practical limitations. Two scenarios are examined:
the use of an on-site minicomputer; and,
interactive use of a remote computer. More
importantly, the hypothesis underlying the need
for quick destruction are examined from a
decision theoretic viewpoint. This provides an
interesting viewpoint and argues for
cryptographic protection of computer files as the
most effective way of providing quick
"destruction".
Unarguably, there exists a need for the safe and rapid
destruction of sensitive material under emergency conditions. Recent
events have prompted a re-examination of the use of computer
technology to provide that emergency destruction capability. The
hypothesis is that reliance on computer management of information
will: effectively eliminate paper files; and, the computer files that
replace these will either: be located remotely in safe haven; or, be
easily destroyed. These assumptions are examined in detail, last
first.
Easy destruction of computer files springs readily to the mind
of anyone who has had to rely on computer storage of data. A
confluence of factors make the accidental "destruction" of our data a
too-frequent occurrence. Whether these accidents are caused by
hardware "glitches", software "bugs", or operator error, the
incidence of unusable data is quite real. It is worthwhile to look in
more detail at such events, and at the normal procedures which
protect against such accidental destruction, thus minimizing the
impact on everyday work. When the computer informs us, arcanely:
"Abend / parity error / file not found" or the like, it is saying only
that the data is not normally recoverable (i.e., it may not be
recoverable in its entirety, and extraordinary techniques might be
needed for its retrieval.) Such examples of quick "destruction"
4-85 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200( /gUVR%-rCIA-RDP86BO92~ 0i1A~9098~00
provide little comfort in the face of a determined, and modestly
sophisticated foe with reasonable time to recover the data.
More importantly, however, the frequency of such accidental
unavailability of data leads to operating procedures which keep
"backup" copies of the files on "backup" disks, with "backup" tapes
and, typically, with hard-copy, paper "backup". We should not
lose sight of the fact that the computer is the largest generator of
paper in any organization.
Suppose, however, we have conquered the accidental
unavailability problems, (an important design constraint for such an
application) thus obviating the need for extensive paper backup.
Now we can concentrate on purposeful destruction of computer stored
data. Three major types of destruction are considered: electrically
altering the appearance of the data; electrically/magnetically
destroying the data; and physical destruction of the storage media.
electrical alteration refers to the practice of overwriting the
data with new, meaningless data which obscures the
original. This technique can be used with (nearly) all
types of computer storage (solid state memory, core, disk,
tape) and requires the storage to be on-line (another
important design constraint).
electrical destruction depends on the fact that some
computer storage retains data only when powered ("volatile"
solid state memory) so that powering down the memory
destroys the data.
magnetic destruction refers to the degaussing of magnetic
storage media (disk and tape) and works best with
demountable storage media.
physical destruction is the mechanical/chemical
disintegration of the media upon which the data are stored,
and works best with smaller, less dense storage media, the
less rigid (floppy disk as opposed to hard Winchester
technology) the better. The storage media must be
demounted.
Procedurally, each form of destruction would proceed in turn for
ultimate assurance against determined recovery: electrically alter,
demount and degauss, and then disintegrate.
The reconstitution would, of course, depend upon the stage to
which destruction had been carried. The media might have to be
replaced, perhaps from stock. Replacement of information, however,
puts a severe demand upon the telecommunications, precisely at the
time when other demands are being placed upon it, for command and
control, and reporting, and precisely at the time when it is likely to
be severely degraded, due to environment or host government
4-86 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 20S [at'B'Z: CIA-RDP86BIa0SIE t MBM61 1-0
actions. Ponder the notion of writing a disk memory over a 100wpm
teletype circuit shared with other traffic, and with message overhead
and error control which effectively halves the bandwidth. At an
effective 25bps, a modern 300mb disk would require over 3 years to
re-create.
The preceding analysis has been largely directed to on-site
computer use. Operational considerations attendant on use of remote
ADP, traditionally dictate reserve paper files as well as redundant,
high-bandwidth (expensive) telecommunications.
Otherwise, inevitable communications outages seriously degrade day to
day operations. Remember, too, that good telecommunications are
least likely to be available precisely during the periods in which it is
necessary to have a quick destruction window, and there will be an
irresistible temptation to keep backup paper files. Thus, the quick
destruction goal must be achieved in harmony with adequate normal
operation, and acceptable, if degraded emergency operation. This
must mean quick reconstitution, or guaranteed all-weather remote
access to safe haven computing, which again implies expensive
telecommunications.
As we have seen, destruction and reconstitution must be
considered together. Let us formalize this slightly. There ultimately
will be a decision between two alternatives: DESTROY, or RETAIN.
Applicable to that decision are two states of the world: Destruction
Really Required, or Destruction Not Really Required. In the face of
imperfect knowledge, and imperfect decision makers, four outcomes
are possible:
a. We destroyed when it was required;
b. We retained and destruction was not really required;
c. We retained when destruction was required;
d. We destroyed when destruction was not really required.
Costs/benefits can be assigned to each outcome. The first two
outcomes, a and b, were good; the last two outcomes, c and d, were
unfortunate. This is shown below.
4-87 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20066'~kjT. CIA-RDP86B0~26ffJWRR69(A6 0
a decision is made to:
when, in fact,
Destruction REQUIRED
probability = P
DESTROY RETAIN
(a) GOOD OUTCOME (c) BAD OUTCOME
Loss prevention Possible loss of
assets & other
grave damage
Destruction NOT REQUIRED
probability = (1-P) (d) BAD OUTCOME (b) GOOD OUTCOME
Cost a function Normal operations
of time/expense unimpaired
to reconstitute
Current events focus our attention on the cost of outcome c.
However, it is just as important to focus on the cost of outcome d
because our decision as to whether to destroy or retain is influenced
by the entire outcome cost/benefit matrix as well as our apriori
assessment of the probability that destruction will really be required.
Uncertainty in assessing the probability that
destruction will, in fact, be required, coupled
with the cost of outcome d (the cost of
reconstitution) tempts us to postpone as long as
possible the actual decision. And, the desire to
postpone "as long as possible" the decision to
destroy, forces us into demanding, say, a
reduction in holdings to a one-hour destruct
cycle.
Thus, reducing the reconstitution time is a very important, sometimes
overlooked design constraint ... not only because it impairs
subsequent operations, but because it impacts our decision as to when
to destroy.
Encrypted storage of information allows us to add a new type of
"destruction" to our list above:
Key destruction - destroying the crypto keys which had
been used to encrypt a data file renders that data
unintelligible; the key volume, being much smaller than the
volume of total information allows quicker destruction by
any of the previously discussed techniques. More
importantly the small volume of key material can be quickly
reconstituted, thereby quickly reconstituting the
information.
Encrypted storage of information, no matter the media on which it is
stored (disk, tape, cassette, etc.), also affords much better
4-88 SECRET'
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20MORET : CIA-RDP86EZO PTFE 86D(3 1-0
protection overall, inasmuch as it is the smaller amount of key which
must be most strongly protected.
In assessing the utility of encrypted storage, several constraints
must be examined. First, there is the question of how secure the
encrypted material is? How resistant is it to concerted attack? If not
resistant to attack, we would certainly not wish to hand to a
determined adversary a disk-full of data. For the field station,
however, it is useful to remember how the bulk of the data was
received, or sent ... by encrypted telecommunications. Any realistic
threat assessment must assume that the determined adversaries
already have disks full of our encrypted data. We are, then, no
more constrained by the encryption algorithm's robustness (or lack
thereof) for static storage than we were for communication of that
same information.
A second constraint is the increased key management which
would be required. Today, the domain of keys managed (generated,
indexed and stored for retrieval, and destroyed) is limited. Use of
cryptography for static storage would, perhaps: double the amount of
key which would need to be generated (and, perhaps halve the
design life of an algorithm); double the amount of key which would
need to be destroyed, in steady state; and increase more markedly
the amount and velocity of index, storage, and retrieval.
Another constraint which would need to be examined is the
possible difference between keys for static storage, and transient
communication use. (Although the image of our adversary's National
Storage Agency full of statically stored, encrypted data should
provide the Occam's razor for this perceived dilemma.)
A third constraint is the granularity with which keys are
assigned to data. Some alternative assignment strategies include:
- key per physical storage space ... key per disk
- key per logical storage device
- key per physical/logical record
- key per entity/attribute in a database
We move from the former to the latter strategies as our goal changes
from simply overall protection and quick destruction/reconstitution to
compartmentation and command privacy at an elemental level.
Another design factor is the use of a master key to encrypt the
individual keys required by our choice of granularity, which enforces
the command privacy and appears to reduce still further the amount
of material which needs immediate destruction. Whether this weakens
the overall security afforded is equivalent to our faith in deterministic
key generation by (presumably) known algorithm from a starting
seed. (A blade for Occam's razor.) The desirability of repeatedly
changing the master key is a function of the depth of the algorithm.
Another constraint to be investigated is the problem of updating
data files and retrieving a portion of a file if a key of coarse
4-89 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200WgC1ACIA-RDP86B0012%11~M0y$d&
granularity has been decided upon. Choice of design strategy here
is the same as the dilemma of having a sequential-access device of
finite speed serve as a random access memory, and the same blocking
issues suffice. We need be no more constrained in using an
encrypted disk than a clear text disk, inasmuch as the disk is, at
best, block-sequential. (Another blade for Occam.) Another proven
strategy for dealing with the update problem is that used with
write-once media (from paper tape to optical disks to journals) or
extremely large, sequential files -- i.e., update by "posting"
transactions, and (infrequent) batch reorganizations.
A first cut design, then, argues for a policy-high, red computer
with all dynamic, solid-state memory; all other memory devices are
I/O devices with crypto on the red side of error control protocols
(e.g., CRC calculation.)
ALL PORTIONS THIS SECTION UNCLASSIFIED ADMINISTRATIVE.
INTERNAL USE ONLY.
4-90 SECRET 4-90
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 209111@2: CIA-RDP86B00269RW16099Q-0
5. ALTERNATIVE MANAGEMENT STRUCTURES
In addressing alternative management systems for information
services, the consideration is to what degree management of
information services should be centralized or decentralized.
However, the problem cannot be dealt with in such global form. One
must decide what is to be centralized or decentralized. The
management alternatives that follow are derived by viewing the
problem from three levels of management control. This analysis
technique is employed by IBM in their methodology for business
systems planning which is in turn based on a method of organizational
analysis developed at Harvard.
The methodology speaks to three levels of control:
Level 1: Strategic Planning - the process of deciding on
objectives of the organization, on the resources used to attain
these objectives, and on the policies that are to govern the
acquisition, use, and disposition of resources.
Level 2: Management Control - the process by which managers
assure that resources are obtained and used efficiently in the
accomplishment of the organization's objectives.
Level 3: Operational Control - the process of assuring that
specific tasks are carried out effectively and efficiently.
As applied to Agency Information Handling, the questions become:
o How should we organize to set goals for information
services, decide investment strategies, and set policy on
system acquisition, use and disposition?
o Who should prepare and defend, budgets, control positions,
and manage the careers of information service specialists?
o Who should be in day-to-day command of operational
systems and their staffs?
If one considers the possibility of placing each of these controls at
different organizational levels, i.e., Agency, directorate, or office
level then many options are made available for evaluation. Adding to
the possible list of line options is the concept of addressing strategic
planning through staff organizations.
The option tree shown in Figure 5-1 depicts the range of alternatives
selected by the Task Force for study. This tree identifies six
families (enclosed in boxes) of options that are described in some
detail in Attachment C.
5-1 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?g64j-CIA-R DP86B00269RO02F Oo( GOS -
5.1 Executive Committee Guidance
The DCI's Executive Committee has reviewed all options presented in
Attachment C of this report. In selecting the preferred option, the
major factors considered were:
A. User Satisfaction - the degree to which information services
produce satisfaction both internally and externally.
B. Planning and Budgeting - the degree to which an
organization allows us to assess the current state of affairs,
forecast the future, defend and allocate resources rationally.
C. Disruption - the degree to which an organizational change
will interfere with the provision and use of current
information services.
D. Information Control - the degree to which an organization
allows us to insure that information is provided only to those
with an officially approved need-to-know.
E. Personnel Resources - the organization's ability to recruit,
train, and maintain a skilled cadre of information specialists.
The findings of EXCOM were:
A. There is a need for a central planning function in CIA to
provide a more coherent development of future information
systems.
B. While there may be justification for structural change along
the lines recommended by this report, creating a total new
directorate is judged undesirable due to the decrease in user
satisfaction that results from the inertia and insensitivity of
an overly large organization.
C. An increase in Agency level career management was judged
to be unwarranted at this time. Furthermore, at least one
senior manager views authority over career services as a key
element in maintenance of effective compartmentation.
D. There may be virtue in greater use of mission budgeting for
some forms of information services. However, rapid shifts in
budgeting strategy can have negative effects in terms of
external relationships. For the near term, it is judged
better to maintain the central service budgets but with a
more relaxed view toward mission budgeting as a means to
capture necessary resources when central services are
unable to adequately defend the total Agency need.
I n sum, it was the consensus of the Executive Committee that the
only change in Agency level management justified at this time is the
creation of a System Architectural function to plan for future
information systems from the broader Agency viewpoint.
5-2 SECRET 5-2
Approved For Release 2006/11/22 : CIA-RDP86BOO269RO01300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Organizational Options for IH Management
INCREASE
IN AGENCY LEVEL (CENTRAL)
MANAGEMENT
PE2 o Agency Planning Network
PC DENOTES:
Agency flartning and
Component Qonsolkiatlon
PCB a DDA Only
PC2 a DDA, NFAC
PC3 a DDA, NFAC, SETT
NO DENOTES;
A New Qirectorete
ND9 a Mission Budgeting and Tasking
ND2 a Agency Budgeting
e Mission Tasking
ND3 o Agency Budgeting and Tasking
DECREASE
IN AGENCY LEVEL (CENTRAL)
MANAGEMENT
DA DENOTES:
Directorate Independence
with agency Level Planning
DAA a Strong Agencv Planning
o Directorate Budgeting and Tasking
DA2 a Strong Agencv Planning
e Mission BrAgeting and Tasking
DA3 a Weaker Agencv Planning
e Directorate Budgeting and Tasking
DA4 a Weaker A,iency Planning
e Mission B idgeting and Tasking
DD DEENOTES:
Qirectorate tndeperud?nce
with Directorate Level Planning
DD1 a Directorate Budgeting and Tasking
DD2 a Directorate Budgeting
e Mission Tasking
DD3 ? Mission Bodyetints and Tasking
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2096ORET : CIA-RDP86B00269RGJ 1A@f6
Further organization and management change that may be indicated by
the results of this report and the establishment of the Architect is
the responsibility of each Deputy Director.
The remainder of this chapter addresses itself to regulatory
establishment of a Systems Architect.
Performs Agency level planning for Information services with
particular emphasis on application of technology.
1. Publishes Strategic goals and objectives for purpose of
program guidance.
2. Monitors progress toward goals and objectives and reports
state of Information Handling to EXCOM (incorporates ADP
review).
3. Consolidates requirements for IH to maximize commonality and
minimize unique development.
4. Conducts design reviews during conceptual design phase.
5. Maintains technology forecast and reports trends to
management.
6. Acts as Agency focal point to Community on matters of IH.
7. Commissions system designs to fulfill architecture.
8. Initiates studies and analyses for the purpose of identifying
ways to improve effectiveness and efficiency of IH.
9. Maintains a current data base on the status of information
systems and their interrelationships.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?~61ki1.-CIA-R DP86B00269R002FCIAO BO9%-&
5.3 The Appeal Mechanism:
The reasons for appeal are:
1. Failure of the Agency plan to satisfy Directorate
requirements.
2. Failure of a Directorate to adequately program for fulfillment
of the approved plan.
3. An irreconcilable policy difference between or among the
Architect and the Directorates that impedes planning and
implementation.
The process of appeal may be initiated by the Architect or a
Deputy Director. The appeal will be addressed to the DDCI and will
contain a well defined statement of the issue, a succinct statement of
the rationale supporting the originator's position, and a recommended
alternative course of action. A copy of the appeal will be provided to
contending parties who will prepare respective position papers for the
DDCI.
The DDCI may refer the issue to EXCOM for further advice and
may refer the issue to the DCI for resolution.
5-4 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 206 'cli'E2 : CIA-RDP86B00269R(11 G60?6O-0
5.4 The Architectural Staff
The Architectural Staff should consist of a Chief Architect, four
technical specialists, and clerical support.
*The Chief Architect should be of senior grade, have substantial
experience and interest in management of technical activities, a
proven record of high calibre representation and ability to maintain
good interpersonal relationships with subordinates, peers and
superiors. Broad technical background encompassing communications
and ADP is highly desirable. The position is expected to demand
aggressive advocacy of controversial concepts. The incumbent should
have a knowledge of Agency organization and management processes.
The technical specialists should consist of:
1. A systems engineer widely knowledgeable of
telecommunications, ADP, and word processing technologies.
This person should have reasonable experience in project
management of large systems, exhibit good interpersonal
relationships, be articulate, capable of producing well
written correspondence.
2. A software specialist widely knowledgeable of operating
systems, applications, and have experience with project
management of software development. Personal
characteristics should be similar to those above.
3. A database specialist broadly knowledgeable of principles of
information storage and retrieval regardless of media,
familiar with Federal regulations concerning storage and
disposal of official records, and having personal experience
with design and maintenance of electronic data bases.
Personal characteristics as above.
4. A human factors specialist with a wide-range of experience
in dealing with man-machine interfaces, knowledgeable of
system documentations systems and procedures, and capable
of providing guidance on user training courses and their
construction. Personal characteristics as above.
5. A senior clerical with broad knowledge of Agency
administrative procedures, qualified operator of word
processing and computer terminals, capable of performing as
a para-professional to Staff Officers in addition to
performing normal secretarial functions.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 &kf-f.. CIA-R DP86B00269R09J3 M0? o0
5.5 Positioning the Architect
There are two organizational locations considered for the Agency
Architect. One location is the Office of the DCI and the other is
within an existing Directorate.
Within the Office of the DCI the Architect could be directly
supervised or seconded to an existing staff organization such as the
Comptroller or EXCOM Staff. From the Architect's perspective there
will be a desire to have the DCI as organizationally close and
accessible as possible in order to enhance power and authority over
the planning function. However, placing the Architect immediately
under the DCI is judged unsatisfactory because it inevitably diverts
DCI time and attention to highly technical subject matters in greater
depth, out of proportion to other areas of DCI responsibility.
This leads to examination of other possibilities within O/DCI that
would provide a supervisory buffer between the DCI and the
Architect. One possibility is the EXCOM Staff. But, while the
architectural function may bear some similarity to the Agency
strategic planning function recently installed in that Staff, the
architectural function has a vital need to be institutionalized in a way
that guarantees more permanence than historically exhibited by staff
organizations at the DCI level. The Office of the Comptroller
represents an O/DCI organization with permanence. However, there
is wide concern that seconding the architectural function to the
Comptroller will result in overriding emphasis on perceived resource
constraints as a planning criteria.
In sum, it appears that the advantages of positioning the
Architect in O/DCI accrue only to the Architect in terms of enhanced
prestige and implied authority. The disadvantages are excessive
demands on DCI time and attention for lower level technical issues or
questionable survivability of the function beyond the tenure of
current Agency leadership or over-riding emphasis on resource
constraints in the planning process.
The second option, delegating the architectural function to a
Directorate appears to avoid the major disadvantages associated with
placement in O/DCI. However, this advantage is at least partially
offset by the lesser prestige and potential diminution of authority and
influence inevitably resulting from competitive forces among the
Directorates.
If delegation to a Directorate is considered, then the logical
candidate is the DDA. This Directorate has the bulk of the resources
and expertise peculiar to the IH function. It also holds a unique
responsibility among Directorates to ensure equality of service
Agency-wide.
5-6 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2t dlR : CIA-RDP86B00269RMD1At1 }6t P1-0
From the DDA perspective there is advantage to having a staff
function that can provide impartial advice and assistance to
Directorate management on the large number of technical issues
arising among DDA components in provision of information services.
Placement in the DDA will be seen as a disadvantage by users
since they will reasonably expect planning efforts to reflect the
dominant concerns of DDA support elements at varying degrees of
sacrifice of user satisfaction. To ensure a proper balance of user
and provider concerns, there should be heavy emphasis on meaningful
user participation in planning and well defined appeal mechanisms.
One means of redressing the perceived provider/user imbalance is
a larger committment to mission budgeting which gives users increased
resource control and hence, more influence in the planning process.
In fact, mission-budgeting implemented in its most extreme form could
over-compensate the system to the detriment of both central services
and architectural function.
In lieu of significant shifts in budgeting responsibility, the best
candidate solution for providing provider/user balance is formalization
of a user group that can deal with requirement consolidation,
requirement priorities, and critical review of architectural plans.
Representatives to the group would be Directorate spokesmen. The
Architect would assume the role of arbitrator amongst users and
providers. Appeals above the Architect would be first to the Deputy
Director level, and beyond that, the DCI/EXCOM level.
The alternative of legislating inter-directorate representation on
the architectural staff itself is considered too constraining on the
personnel selection process to warrant serious consideration. This is
not to say that all expertise should be drawn from within the DDA,
but that the selection process should place prime emphasis on job
qualification without regard to current career allegiance.
ALL PORTIONS THIS CHAPTER UNCLASSIFIED
5-7 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 1REP : CIA-RDP86BDCMPTZ5611F DB09?001-0
6.1 Organizational Changes
6.1.1. Create an Information Services Architect to maintain and
publish an Agency strategic plan for the development of information
services. (ref. 4.1.2)
Approve: Disapprove:
6.1.2. Assign the Information Services Architect to the Deputy
Director for Administration. (ref. 5.)
Approve: Disapprove:
6.1.3. Charge the Deputy Director of Administration with
responsibility for accomplishing within six months:
A. Establishment of a joint planning mechanism to produce a unified
plan for information services of OC, ODP, and OL/P&PD.
B. Creation of a plan and time table for restructuring DDA line
components in accordance with the needs of this strategic plan and
with due consideration of the issues raised by this report. (ref.
4.2.2, 4.2.3, 4.2.4, 4.2.6, 4.2.7, 4.4.2)
Approve: Disapprove:
6.2 Management Change
6.2.1. Expand the scope of the current EXCOM ADP review to
incorporate all information services and charge the Architect for
Information Services with management of the preparation and
presentation of that review. (ref. 4.1.4)
Approve: Disapprove:
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 H6I -CIA-RDP86B0R2?6 1~g( 0 1O0
6.2.2 Mission components should program, budget and defend
capital investments required to provide dedicated information services.
(ref. 4.1.3)
Approve: Disapprove:
6.2.3 Directorates should develop and implement plans to centralize
career management of personnel devoted to provision of information
services. Early attention should be given to centralized management
of ADP and registry personnel. (ref. 4.1.5)
Approve: Disapprove:
6.3 Programmatic Objectives
6.3.1 Assign responsibility to the DDA for design and
implementation of a unified information distribution network whose
nodes are conveniently located throughout Agency facilities and which
contain facilities for storage, transmission, printing and sorting of
electrical information. Management of i::hose nodes will emphasize
security, compartmentation and accountability for information.
Estimated costs are $15M for a ten year program. (ref. 4.2.6) (C
3d(3))
Approve: Disapprove:
6.3.2 Assign responsibility to the DDA for evolutionary
development of a universal terminal network that will provide wide
electrical interconnectivity with compartmentation and command privacy
enforced through cryptographic separation. Estimated costs are $40M
for a ten year program. (ref. 4.2.7) (C 3d(3))
Approve: Disapprove:
6.3.3 Charge the Architect for Information Services with
developing a concept and commissioning the design of a centralized
data base of dissemination requirements that allows controlled, shared
6-2 SECRET 6-2
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 209/ it! a": CIA-RDP86B90269R%M Bt 6i 1-0
access to all Agency disseminators. Estimated costs are $500K with
expected completion in 1985. (ref. 4.2.8) (C 3d(3))
Approve: Disapprove:
6.3.4 Place Agency priority on modernization of the communications
plant to expand capacity, quality and interconnectivity required to
support increased electrical flow. Estimated costs $20M with
completion at Headquarters by 1985; completion world wide by 1990.
(C 3d(3))
Approve: Disapprove:
6.3.5 In the interests of security, legality, and public image,
there needs to be a central, easily accessed repository of data
regarding information released to the public, the media, and outside
the Executive Branch. A central system should be useable by and
responsive to users concerned with FOIA and Privacy requests,
Public Affairs Office, OLC, OGC, Office of Comptroller, DCI and
DDCI Staffs. The purposes of this repository would be consistency
of judgements with regard to releasability, maintenance of operational
integrity, and more efficient administration. It is recommended that
analysis of alternative means for establishing such a system, including
use of commercial bibliographic reference services, be commissioned
by EXCOM. (ref. 3.8.e.)
Approve: Disapprove:
6.4 Security Procedures
6.4.1 Establish systems of control and accountability for all
transportable, machine writeable, non-human readable storage media,
e.g., magnetic cards, tapes and disks. Such media must be
presumed to contain information of the highest sensitivity. (S 3d(5))
Approve: Disapprove:
6-3 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20U2T CIA-RDP86BW2L9ffp14}PR6q~~6-0
6.4.2 With increasing application of technology comes enhanced
ability to positively account for sensitive information. This
opportunity should be exploited to implement complete audit trails on
all Top Secret and compartmented information within Agency computer
data bases. The Office of Security should implement systems and
procedures to frequently review audit information for anomalous
accesses. (S 3d(5))
6.4.3 As classified databases more and more exist on-line,
encouragement should be given to on-line queries from a terminal.
Second-hand queries made via telephone should be discouraged.
Accesses via terminal are easily recorded and audited. Most
important, the terminal provides a more positive authentication of the
requestor than the telephone. (S 3d(5))
Approve: Disapprove:
6.5 Personnel Activities
6.5.1 The gradual extension of information handling technology
into the office environment creates a need for more informed users.
It is recommended that all career services incorporate some form of
familiarization training in career development plans. Such training
might include ADP familiarization, Office Automation, and information
management depending upon the nature of the service and the level of
the employee.
Approve: Disapprove:
6.5.2 The Task Force has observed instances of user ignorance or
apathy with respect to current information services. It is
recommended that an indoctrination program be designed for all
employees. This indoctrination, which can be integrated into other
Agency-wide programs, should provide information on available
services with emphasis on the user responsibility to the service,
e.g., establishing and maintaining dissemination profiles.
6-4 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2C&?CRWR : CIA-RDP86E5)CMBTFEMB6(?0A 1-0
Approve: Disapprove:
6.6 Policy and Administrative Action
6.6.'1 There needs to be a definitive policy statement for
contingency planning. This policy should cover a range of
eventualities from brown-outs to natural disaster and nuclear conflict.
(ref. 4.1.6)
Approve: Disapprove:
6.6.2 Future programs and budgets should address contingency
planning by separately identifying added costs.
Approve: Disapprove:
6.6.3 It is recommended that this report be given wide distribution
within the Agency as a means of publicizing the goals program and
the rationale underlying the accompanying management decisions.
Approve: Disapprove:
ALL PORTIONS THIS CHAPTER UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
6-5 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11S :FC07K-R DP86B00269R0C213MB~T(11 EI-ER 1980
(This attachment is unclassified in its entirety)
The following paragraphs outline a plan for conduct of a study of information
handling within CIA. The primary objective of this study is development of a
strategic plan for the provision and use of information services.
In formulating a methodology for the study, one factor was of primary
influence:
Participation by those components affected by the plan is
critical to its ultimate acceptance and implementation.
The schedule has been developed within the 12-month constraint stipulated.
Seven tasks are defined below and a milestone chart is attached.
While priority will be given to production of the strategic plan, it is
anticipated that near-term issues will be found that should be resolved by
senior Agency management within the study time frame. Therefore, the Task
Force will submit separate issue papers to EXCOM with recommendations for
resolution whenever warranted.
There is no apparent need for sustained contractual support. Limited
amounts of consultative service may be desirable. FY-80 funding of $IOK
appears ample for consultation and limited team travel.
Task one of the study will be interaction with each component which provides
information services. The end result will be a coherent and consistent
representation of each component's services and plans, prepared by the study
group and verified by the respective component.
Task two will be an analysis of the provider component plans for the purpose
of identifying required coordination. Task two will highlight the assumptions
of information service use on which near-term investments are predicated.
Task three will be the process of developing with each component a
representation of its plans for the use of information services.
Although there is some risk that the amount of Task Force time that might be
consumed by tasks one and three may be greater than estimated, current
estimates are judged to be reasonable. However, alternate strategies are
available to stay within schedule and will be proposed if experience dictates
the need.
Task four will be the analysis and aggregation of the projections for the use
of information services and the identification of issues related to the use of
these services.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11 -RDP86B00269R00J3YJt Ab-PR 1980
Task five of the study will involve the correlation of the planning for the
provision and use of information services. The collection and analysis steps
in tasks one through four will enable the Task Force to develop a
cross-impact matrix which will show the plans of both providers and users of
information services. This matrix should be available on/about the ninth
month of the study.
Task six will be an analysis of the matrix developed in task five to yield:
o residual, unresolved areas of overlap and duplication
o major gaps between the demand for information services and their
supply
o the impact of postponing or accelerating resource investments.
With this information in hand, the Task Force will develop various applicable
planning strategies for EXCOM consideration. EXCOM's choice(s) among these
alternate strategies will determine the direction of the Task Force's remaining
task - the preparation of the final report.
Task seven - Based on the guidance received from EXCOM, the strategic plan
will be finalized and submitted for their review and approval. Any remaining
unresolved issues will be documented along with recommendations for
resolution.
A-2 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/1 1 2:F 4-R DP86B00269R00213909a1 [ R 1980
ATTACHMENT A
TERMS OF REFERENCE - INFORMATION HANDLING STUDY
The following paragraphs constitute the proposed terms of reference for the
Information Handling Study approved by the DDCI on 7 May 1979.
The definition of Information Handling contained in EXCOM-19-79 is accepted
as the most appropriate for the purposes of this study:
Information handling in CIA is the systematic creation, movement, use,
storage, retrieval, and disposal of intelligence and management
information with the support of automated or other clearly identifiable
processes and with due regard for control of sensitive and
compartmented data.
The Information Handling problem has been restated to clarify the reason for
the study.
Problem: There is concern that traditional institutions dealing with
provision of information services are becoming less effective as
new technologies evolve, demand for service grows, and
Agency resources shrink. There needs to be a reconciliation
of demand vs. supply, a strategy for future investment, and
assurance that appropriate institutions exist to execute the
strategy.
The major goal of the Information Handling Study is to develop a
comprehensive information handling strategy for the Agency and, if
appropriate, define a management structure for more formal continuing
coordination of the Agency's information handling activities. The strategy
will evolve from a clear definition of needs and plans to meet these within
resource constraints. The proposed elements of the strategy are:
management, organization, operation, security, technology, and personnel.
The study will focus on the provision and use of information services within
the Agency. Information services will be defined as those disciplines and
technologies whose purpose is to facilitate information handling. The study
will address the interface of the Agency information systems with collection
and processing systems.
The primary product of the study will be a strategic plan covering the next
ten-year period, addressing provision and use of information services. The
strategic plan will establish goals and priorities, speak to the resources
required to address those goals, and set policy governing acquisition, use
and disposition of resources. The structure of the plan will be such that
subsequent planning for implementation can be delegated to lower levels. The
plan will allow for orderly piecewise execution in consonance with resource
allocations and operational imperatives.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11I,RDP86B00269R00~3}R~E6b9R 11980
If warranted, the plan will be accompanied by recommendations for changes in
management systems and organizational structure.
Issues which the study will include, but not be limited to are:
a. Management
To what degree can central management of information handling
contribute to the provision of information services? While there is
popular enthusiasm for further centralization of management functions
associated with information handling, there needs to be a careful
assessment of what functions need to be centralized to improve provision
and use of information services.
To what degree can standardization contribute to the efficiency and
effectiveness with which information services are provided? Standards
could cover equipment, programming, engineering, documentation, or
management systems.
To what degree should technology influence Agency organization? The
apportionment of missions to some components is based, in part, on
historic technological definitions which may now be obsolete. As
technology evolves, a reallocation of the division of labor might be useful
and even necessary to clarify roles. However, the value of
organizational realignment must be weighed against the employee morale,
personnel management, and budgetary impact of change.
d. Compartmentation
To what degree can systems and data bases be shared without jeopardy
to security and compartmentation? Increased efficiency will often result
from aggregation of user needs and resource sharing. Strategies need
to be identified that will maximize efficiencies within constraints imposed
by security and compartmentation.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20OGORi : CIA-RDP86B0026913OOJ 01#}61 1-0
(This attachment is classified SECRET except the Introduction which
is unclassified and so marked)
INFORMATION HANDLING SERVICES
Introduction (U)
This Attachment describes in some additional detail, the current
status and trends of the various categories of information handling
services briefly presented in the Synopsis Section of the report. (U)
The information contained in this attachment is not intended to be
exhaustive. Sufficient coverage has been provided however to
familiarize the reader with the variety of systems encompassed by the
term 'information handling' and to illustrate the magnitude of
information handling activities in the Agency today. (U)
The first six categories will be addressed primarily by the media in
which the information has been recorded. We have defined three
media classes that will be referenced:
1. Electronic/Magnetic
Electronic encompasses the media in which information can be
stored, processed or transmitted by telecommunications or
computing hardware devices. The primary repositories for this
class of media are magnetic drum, disk, card and tape storage
devices associated with communications, text or data processing
systems. (U)
Documents are any printed or typed paper media containing
textual data which is human readable. This class includes
hard-copy representations of information that may have been
stored or transmitted in electronic form. (U)
3. Graphic
Graphics include all film based media such as microforms and
photographs plus maps, graphs, and other non-textual
representations. (U)
Each category or media based subcategory will address:
1. The primary facilities and/or providers of the service. (U)
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2005/0~/~ii-CIA-R DP86BOO269RO3413JJO9gg&
2. Recent (last year or two) significant trends or activities in this
area. The purpose here is to provide some sense of how dynamic
this service area is and the direction in which the Agency seems
to be moving. (U)
3. Anticipated (next year or two) system implementations or events
that can be expected to impact this category. The purpose of
this information is to alert the reader to the near-term implication
of systems or procedures that are contemplated or being
implemented but not yet operational or deployed. (U)
B-2 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 20GV(LV22": CIA-RDP86B00269l 3O1JUNH6ib98Q-0
B.I. Recording of Information
This category includes all facilities which enable the generation or
capture of information in a media that will support subsequent storage
and exploitation of that information. It encompasses the mechanisms
by which Agency components can put information into a retention
media.
a. Recording of Information in an Electronic Media
(1) Significant Facilities
(a) Data Entry Keying
Both ODP and IMS provide central facilities which
are used to key information into a magnetic media
for eventual transfer to computer storage.
(b) Terminal Input
The large population of remote terminals connected
to the central computer facilities of ODP and NPIC
provide a capability for users to directly record
information into computer-based files.
(c) Optical Character Reading (OCR)
The primary OCR capability for converting typed
information to electronic media is provided by OC's
ACT-O facility. This device enables the entry of
typed cables into the CDS system for subsequent
distribution.
(d) Map Digitizing
OGCR utilizes several minicomputer based systems
which convert printed maps to electronic form.
These digitized files (essentially World Data Banks
I and II) are used for dynamic map recreation on
both graphic terminals and plotters.
(2) Recent Activities
(a) The Agency is experiencing a significant growth in
the availability of remote terminal devices. This
has largely been in response to users'
requirements for data entry facilities.
(b) This growth in terminal devices has been
augmented by the development of terminal related
software which provides services such as menu
selection and data validation support to data entry
functions.
B-3 SECRET B-3
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?g1C1k2- CIA-R DP86B00269R02(13 P0?6e360
(c) The Electronic Time and Attendance Reporting
System (ETARS) illustrates an initial step in
providing a facility to electronically capture
information from overseas locations.
(d) Software has recently been implemented which
enables a user to compose a cable on the ODP
time-sharing system and subsequently print the
cable in a format and type font which is compatible
for input to the OCR facility of CDS.
(3) Anticipated Events
(a) The SAFE system, when fully implemented, will
offer the NFAC users an additional capability for
recording information. This will be provided via
the COMPOSE function.
(b) The advent of CRAFT and CLASS A systems will
extend the overseas entry facilities initiated by
ETARS.
(c) OCR will be investigating (Project OSCAR) the
availability and applicability of utilizing advanced
multi-font optical character readers to convert
documents to electronic media for subsequent
exploitation by SAFE:.
(d) The implementation of ODP's Message Processing
System (MPS) will enable a user to compose a cable
in the time-sharing system and transfer it
electrically to CDS for subsequent distribution.
b. Recording Information in a Document Media
Facilities for recording information in a document media will
be further subdivided into three printing types:
Word processing facilities (WP)
Traditional printing press facilities
Computer controlled printing facilities.
(1) Word Processing
While many word processing devices are capable of
storing their information in electronic form, and thus
could be considered a mechanism for recording
electronic information, the primary purpose is to
SECRET B-4
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20Q@dai : CIA-RDP86B002691200jWM6T 1-0
directly or indirectly produce a document, thus for
descriptive purposes, WP is considered a facility for
recording information in a document media.
(a) Primary Facilities
o Standard Typewriters - The primary method
for creating documents continues to be the
large population of standard electric and
manual typewriters which have no electronic
recording or communications capabilities.
o Independent Word Processors - These
facilities consist of the non-communicating
typewriters or display terminals with
electronic recording and display capability.
These stand-alone units are typified by the
ubiquitous IBM magnetic card devices.
o Communicating Word Processors - These word
processing devices are local units which have
a communications capability with other local
devices or the central computing systems.
This type of WP device is represented by the
communicating magnetic card devices, NBI
3000 and IBM System 6 systems.
o Central WP Services - Word processing
facilities are available to ODP terminal users
via the SCRIPT time-sharing service and the
related XEROX 9700, IBM 6670 and Design 100
high- quality printing devices.
(b) Recent Activities
(c)
o In recognition of the fact that the functional
similarities between WP and ADP are becoming
more interrelated, the responsibility to
monitor and approve the acquisition of word
processing equipment was transferred from
DDA/ISS to DDA/ODP in July 1979.
o NFAC has selected the NBI 3000 as its
standard WP device. This is viewed as an
interim standard pending the development and
deployment of the Agency standard terminal
and its associated WP facilities.
o The DO plans to experiment with several
different WP devices in an attempt to identify
a standard device for overseas use.
Anticipated Events
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200I/I6/I?T-CIA-R DP86B00269RGA13 t0ggACP
o The SAFE and CRAFT systems will provide
their users with WP types of services.
o The new standard soft-copy terminal will
provide the user with local as well as
centrally supported WP services.
o ODP plans to develop an office automation
facility which will be a logical extension to
the current WP facilities available in the
SCRIPT system. This service will provide
the time-sharing user with additional
'electronic mail' type functions.
o Communications links are planned which will
enable data to be transmitted through the
ODP central time sharing facility, the System
6 in PPG, NBI 3000 terminals in NFAC and
the ETEC system in P&PD. While the ETEC
system does provide WP services, for
purposes of this discussion, it is included! as
part of the printing press facility described
below.
(2) Printing Presses
(a) Significant Facilities
Traditional printing facilities are found in P&PD,
NPIC and JPRS. P&PD, in addition, utilizes the
minicomputer-based ETEC system to enable users
and P&PD personnel to prepare text for
photo-typeset printing.
(b) Recent Activities
The acceptance of the ETEC facility to prepare
text for publication-quality printing has
necessitated a steady growth in the amount of
equipment required. A third CPU and related
peripherals have recently been added to keep up
with user requirements.
(c) Anticipated Activities
o A communication link which will enable the
transfer of textual data between ETECS and
the ODP central systems will be implemented
shortly. This will enable ODP users to
transfer ODP resident files to ETECS for
print preparation and receive the edited files
from ETECS for subsequent storage or
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20gV/C) ik1ET: CIA-RDP86B00269F 0JM86
additional processing.
o The growing availability of computer-driven
high-quality printing devices such as the
XEROX 9700 and the IBM 6670 will offer the
user an increasing access to a variety of
printing systems other than the traditional
printing facilities of the type offered by
P&PD.
(3) Computer Controlled Printing Devices
This facility refers to the ability to use the printing
devices associated with communications and data
processing devices to produce a document.
(a)
Significant Facilities
o Printers which are controlled by the central
computing facilities of ODP and NPIC enable a
variety of computer-based files to be printed.
o Printers associated with OC's communications
facilities are used to create hard-copy cables.
o Wire service printers located in OCO.
(b) Recent Activities
o To speed the delivery of cable traffic to
NFAC current intelligence analysts, ODP
printers were recently installed in OCO.
Cables are now electronically transferred from
the OC CDS system to the ODP central system
which then sorts the cables prior to printing
in OCO.
o Use of the XEROX 9700 in ODP now enables
the production of high-quality printed reports
which formerly required P&PD facilities.
(c) Anticipated Events
o When implemented, the SAFE system will
provide a network of printers which will
enable the NFAC user to create reports at
local, regional, or central facilities.
o The ADSTAR and DORIC-W microfilm storage
and retrieval systems will provide regionally
located devices to provide printed copies of
the stored images.
SECRET B-7
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200~g1L ?,-CIA-RDP86B00269RaC l3 EOW60
o Automated Printing and Reproduction Systems
(APARS) devices are planned to improve the
efficiency of printing and delivering cables
that have been processed by the CDS system.
Units are to be installed in the OC Secretariat
and four DO registries.
c. Recording Information in a Graphic Media
(1) Primary Facilities
(a) Microforms
A number of Agency components utilize
micrographics equipment to record information.
The most extensive facilities are currently found in
P&PD, IMS and OCR.
(b) Map Creation
OGCR provides map creation facilities primarily
through the use of their own high-speed plotting
devices and a computerized store of cartographic
information.
(c) Computer Graphic Terminals and Plotting Devices
ODP central facilities enable the user to display
graphic cartographic information on display
terminals, and if desired, produce a hard-copy
representation of the display. In addition,
high-speed plotting devices are available to
produce higher quality or more complicated graphic
representations.
(d) Visual Aids
Several organizations currently support the
creation of viewgraphs, slides, briefing boards and
other graphic representations of information.
P&PD and OGCR provide the most extensive
facilities.
(2) Recent Activities
(a) OGCR recently installed the GENIGRAPHICS
system which enables the creation of color 35 mm
slides and viewgraphs.
(b) OGCR has also recently introduced a CRT-head
equipped plotter which has drastically reduced the
time needed to generate highly detailed thematic
maps.
B-8 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2XIE 1REP : CIA-RDP86B00269P,4001N)
(c) PPG has established a center to evaluate the
advantages of using video recording techniques to
support the presentation of intelligence topics.
(d) The last two years have shown a significant
growth in the use of graphic terminals available to
the ODP computer center users and the
introduction of the first color graphics devices.
(3) Anticipated Events
(a) The forthcoming implementation of OGCR's
Meteorological, Agronomical, Geographical Analysis
System (MAGAS) will enable a user to dynamically
manipulate a variety of cartographic variables to
produce CRT or plotter generated maps.
(b) The ADSTAR & DORIC-W systems will provide
additional facilities to capture information in a
graphic (film) media.
B-9 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269RO01300060001-0
Approved For Release 200%tL4Al?IrCIA-RDP86B00269RO ~43$RVq~k9
B.2. Acquisition of Information
Acquisition refers to the receipt of information which has been
collected or generated by non-CIA resources and acquired for Agency
use. This category of service identifies the Agency windows through
which externally produced information is made available for Agency
exploitation.
a. Electronic Acquisition
(1) Primary Facilities:
o OCR subscribes to a number of on-line information
systems which provide Agency personnel access to
both classified community and unclassified
commercial data bases and files. On-line facilities
are located in OCR's TAP room and in the main
library.
o OCR acquires magnetic tapes from commercial
sources for NFAC consumers, e.g., OER.
o OC acquires both message and data transmissions
from other US government components via the MAX
and DATEX facilities.
o FBIS acquires/captures foreign broadcasts and
transmits the results in electronic form to Agency
users.
o OCO subscribes to all the major wire services and
provides that information to Agency consumers.
o NPIC s
and tol
The UCR/NPIC duplication on these services is
necessary because of the wide separation of the
two facilities.
NPIC obtains magnetic tapes from DIA on DIA
target headers. The tape is used to produce
hard-copy listings of DIA targets not contained in
NPIC's IDF file.
o Several NFAC components are linked to the COINS
system and to the NPIC Data System. The NDS
provides direct access to imagery exploitation files
as well as to the daily cables generated by NPIC.
(2) Recent Activities:
B-10 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269RO01300060001-0
Approved For Release 2096/11WEI: CIA-RDP86B002691109$.tN 60
The Office of Economic Rpcparch has a recentl
negotiated contract with a Private 25X1
corporation, to provide an _e ermina in
25X1
owned economic data files. collects economic
information which it stores in its own computers from a
variety of Government and commercial organizations.
(3) Anticipated Events:
There is a trend to acquisition of more messages and
data in electronic form driven by the growth of word
processing and the expansion of computer-controlled
communications networks. Current and planned
developments in the Agency attest to the momentum of
this trend. Project MERCURY, the upgrading of OC's
worldwide communications facilities is one response.
Project SAFE, the development of electronic support
tools for the intelligence analyst is another.
b. Document Acquisition
(1) Primary Facilities:
The Office of Central Reference has primary
responsibility for acquiring unclassified foreign and
domestic publications for the Agency. Because the
office is responsible for the dissemination of hard-copy
(paper) classified documents it has an implied
responsibility to negotiate for new sources of classified
information as well.
(2) Recent Activities:
OCR's open-source acquisition function is presently
being automated. The objective is to move from a
highly labor intensive paper based system to one that
permits manipulation of a wide variety of stored
information on publication orders, subscriptions,
receipts, billings, bibliographic data and customer
information. The system covers both foreign and
domestic acquisitions. The system uses software
developed at the University of Minnesota under contract
to HEW .
(3) Anticipated Events:
As the system becomes established in the Agency, OCR
plans to expand the network to other community
agencies to collect their requirements for publications.
This would create a community acquisitions network.
Some agencies are already generating publications
requirements on their own computers but there is
currently no available facility for interconnecting to
OCR.
B-11 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2C d : CIA-RDP86B002691RQ0J13 }6E9E 1-0
B.3. Dissemination of Information
Dissemination is the process of determining the component or
individual that should be made aware of recorded or acquired
information. Dissemination may consist of automated procedures which
match the information content to a user interest profile or reading list
and/or manual procedures in which a dissemination analyst reads the
information to match content with user interest.
(1) Primary Facilities
o OC's Cable Dissemination System (CDS) is one of
two major providers of electronic dissemination
service. CDS software performs a comparison of
the bibliographic and text portions of incoming
cables with computer stored profiles of user
requirements. Because of the limited text analysis
capability, cable analysts review much of the
message traffic on CRT screens and make
additional dissemination decisions. The comparison
of messages with requirements yields the computer
generated name and address of the requester.
Actual delivery to the requester is a distribution
function which is described in the next section.
Responses to the comptroller's request to identify
information handling problems and issues and to
the subsequent requests by this task force to
elaborate on such problems and issues identified
much concern with delays in the dissemination
process, concern that dissemination decisions did
not account for requirements at a" lower
organizational level, and concern that various
components involved in the dissemination process
did not all use the same set of requirements on
which to base dissemination decisions.
o OCR's Interim SAFE system is the second major
provider of electronic dissemination service. The
SAFE system stores the complete text of State
cables (excluding EXDIS) and codeword materials
(excluding GAMMA) for five days in electronic mail
files which are selected by user defined profiles.
The files are updated 12 times in 24 hours. Eight
of the twelve updates occur between 0700 and 1500
hours daily. In addition, companion text files
store State cables including (EXDIS), codeword
(int-hirlinn GAMMA and some Agency traffic),
military cables, DoD IR's
and worldwide fie traffic. The text files
B-13 SECRET B-13
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 ~E ;1-CIA-R DP86B00269R0~74 3kNE 9%-
are updated once daily between 0300 and 0800
hours and stored for four weeks.
o A third electrical dissemination process is
accomplished by the use of the OCR MAD software
running in the ODP Ruffing Center. Electrically
received OAK messages are received in the
Headquarters Building sixth floor DATACOM
Center, transmitted electrically to ODP where MAD
Class 1 software matches the message with user
profiles and prints sorted copies for subsequent
distribution by OCR's Dissemination Branch.
o FBIS disseminates priority information from the
field on a 24-hour FBIS wire service.
o The Office of Current Operations provides
dissemination support to its various task forces
using a Crisis Management Automated Support
System (CMASS) minicomputer. Electrical messages
are received from OC's Cable Dissemination
System, and from the FBIS, Reuters, and
Associated Press wire services and made available
to NFAC analysts assigned to crisis task teams.
(2) Recent Activities
No significant information.
(3) Anticipated Events
o With increased use of telepouch and the installation
of remote APARS in DO registries, the DO will
assume increased responsibilities for cable
dissemination.
o OCR's Interim SAFE project currently provides
dissemination support to a limited number of NFAC
consumers. The interim system will be replaced
by a permanent system now under development
which will greatly expand the dissemination service
to several hundred users.
o ODP will develop office automation facilities to
enable dissemination of documents created through
ODP word processing facilities.
b. Document Dissemination
(1) Primary Facilities
B-14 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20M MET: CIA-R DP86B00269FMO1J 86?D88Q-0
o Each Agency component is essentially responsible
for the dissemination of its own documents and
publications. Most finished intelligence is
disseminated by the originating component.
o OCR has the charter for developing and
implementing dissemination policies and procedures
in coordination with other Agency components. In
actual practice, OCR disseminates the large
majority of CIA and non-CIA hard-copy documents.
o DO/IMS disseminates pouched documents and FBI
documents to DO area divisions.
o The Office of Development and Engineering
disseminates special designee cables (BTKH) to all
CIA components with requirements for Special
Compartmented Intelligence (SCI).
o The Office of Technical Services operates the
DIRTECH Signal Center which is part of the
Agency Staff Network. OTS disseminates about
50,000 incoming and outgoing cables annually
mostly within the OTS organization.
o OCO and RSG Watch Officers disseminate a variety
of documents to Agency customers as part of their
responsibility for alerting key Agency personnel to
current developments.
o PPG registry and dissemination functions handle
the product of eight NFAC offices and the NIO
account.
o Various registries perform dissemination functions
by redisseminating cables and documents to
additional addressees at lower levels in the
organization for which the registry is the primary
delivery point.
(2) Recent Activities
No significant information.
(3) Anticipated Events
OCR has undertaken a study to determine the feasibility
of converting hard-copy documents to electrical form via
optical character reader. If the results are positive,
Project OSCAR could result in reducing the number of
hard-copy documents to be disseminated.
c. Graphic Dissemination
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200S6gC1 T? CIA-RDP86BOO269R9(13MOP }3160
(1) Major Providers
NPIC Registry controls and disseminates all reports and
graphics produced by tenants and host tenants in the
center.
(2) Recent Activities
No significant information.
(3) Anticipated Events
No significant information.
B-16 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 2( ,?IFI : CIA-RDP86B00269R4D0JI136W6t 1-0
B.4. Distribution of Information
Distribution refers to the physical movement of information in
whatever media it is recorded.
(1) Primary Facilities
o The Office of Communications is the major
distributor of information recorded in electronic
form followed by ODP. OC's Data Exchange
(DATEX) and the Message Automated Switch (MAX)
are the receipt and transfer points in
Headquarters building for most electronic data
entering the Agency. DATEX processes both data
and message traffic and supports such varied
customers as the COMIREX Automated Management
System (CAMS), Remote Job Entry (RJE) to ODP's
computers, and OCR's Interim SAFE. MAX
processes narrative traffic (cables) which is
passed to the Cable Dissemination System (CDS)
and/or to Interim SAFE and to OCO. Both DATEX
and MAX also process outgoing traffic.
o Although CDS is primarily a dissemination system,
it also functions as a distribution system by
passing high precedence cable traffic to OCO
based on current intelligence requirements. The
CDS also distributes message traffic directly to
OCO's Crisis Management System (CMASS)
computer based on geographic area interest
profiles. The RSG and Imagery Watch Offices also
receive electrical message traffic from CDS as well
as directly from NSA and NPIC.
o Press reporting bypasses the DATEX and MAX
facilities. FBIS wire service and the press wire
services are distributed electrically to printers
located i n OCO. I n addition to FB I S, Reuters
traffic is distributed electrically to the CMASS
computer.
o ODP's Automated Message Processor System (AMPS)
links OC's CDS system and users who wish to
receive message traffic electrically. AMPS
distributes messages electrically (according to CDS
applied dissemination codes) to NFAC's Message
Routing Service (MRS), DO's document storage and
retrieval system (COMET), the OF Electronic Time
and Attendance Reporting System (ETARS), OCR's
Interim SAFE, and others.
B-17 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200WgERJ:1-CIA-RDP86B00269ROW3jggRF9 61
(2) Recent Activities
A Message Routing System (MRS) was recently installed
to cut down on the time delay between dissemination of
a message by CDS and the subsequent receipt of the
message by the NFAC customer. Messages are sent:
electrically by CDS to ODP's Automated Message
Processing System (AMPS). AMPS feeds the MRS which
sorts messages according to CDS dissemination
instructions. The MRS then sends the sorted messages
electrically to OCO where they are printed and placed
in bins for NFAC customer pickup.
(3) Anticipated Events
o The Office of Communications is replacing current
message switching systems (MAX'es) with
state-of-the-art switching technology. This
project (MERCURY) will increase Agency switching
capacity and provide a broader range of data
services to the foreign field.
o The Office of Communications has contracted with
XEROX Corporation for an Automated Print and
Reproduction System (APARS). The APARS unit
operates under control of a built-in computer.
The computer receives messages and distribution
instructions from the CDS system, prints the
appropriate number of copies, and sorts the copies
into addressee bins for manual distribution. The
DO has contracted for additional APARS units
which will be used for the same purpose within the
DO registries.
o The Office of Communications plans direct
communications links to the SAFE and COMET
systems. Interim SAFE is currently provided with
OC cables via the ODP AMPS system. I n the case
of COMET, message traffic is recorded on magnetic
tape and the tape physically transported to the DO
system. There is no electrical link between ODP's
Ruffing Center and the DO Special Center which
could effect an electrical transfer between the
AMPS and COMET systems.
o ODP plans a Message Processing System (MPS) to
replace AMPS. The new system will permit
messages to be routed electrically to various
Agency components and will also support message
traffic from an originating office via ODP to the
OC systems of CDS, DATEX, and MAX.
o A large capacity electrical communications BUS
facility is being installed under SAFE auspices.
B-18 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2096/CIVET: CIA-RDP86B00269F 101 t 60
The BUS will have sufficient capacity to satisfy
OC, ODP, and SAFE communication requirements
within the Headquarters Building. Terminal and
computer facilities now linked via the grid system
will be transferred to the new BUS. The released
capacity in the existing GRID will be used for an
expanded secure phone system.
b. Non-Electronic Distribution of Information
(1) Primary Facilities
o The definition of distribution encompasses mail
room and registry functions and courier and
pneumatic tube services. Under this definition the
following organizations/systems are the major
providers of distribution service.
-- OL/P&PD - Packages and mails printed
products according to dissemination
instructions of the originator.
OCR/ADD - Packages and mails hard-copy
intelligence documents according to
dissemination decisions made by division
dissemination analysts.
All other Agency registries and mail rooms
including DO/IMS and NFAC/OCO/PPG
registries and the OL-operated main mail
room.
DO/IMS operation of an Agency-wide pouch
service in support of overseas operations.
OL, OS, OD&E and other Agency courier
systems.
(2) Recent Activities
An Agency-wide study of the registry function has
been completed by ISS. The study identifies functions
which are common to all registries with the objective of
promoting standardization prior to automation.
B-19 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006J16q?T CIA-R DP86B00269R3013 0 60001-0
B. 5. Information Reference Services
These services involve the storage and subsequent retrieval of
information in whatever media it is recorded. A reference service is
also defined to include any indexing or abstracting performed to
facilitate retrieval and any information sanitization needed to release
information to Agency or non-Agency recipients.
Information reference services are catalogued here according to
whether they are electronic-, paper-, or microfilm-based. When
different elements of a single system fall in different categories, each
element is described under the most appropriate heading. e.g., in
AEGIS, the index to the file is described as electronic-based, and
different parts of the main file under document-based and microfilm-
based systems.
a. Electronic-Based Information Reference Service
(1) Major Providers and Facilities
o The Office of Central Reference manages several
storage and retrieval systems where part if not all
of the information in each system is stored in
electronic form. These systems are:
AEGIS/RECON Subject File - References (index
records) to hard-copy and microfilm document files
are stored on magnetic media. Queries can be
batched or on- line. Output from the batch
search is normally a machine printed listing of
related hits. On-line searches are made via
Cathode Ray Tube terminals. Output is available
on the CRT screen, can be printed at a local
printer, or can be printed off-line on a high-speed
central printer.
Rapid Search Machine Files - Full-text documents
are stored in a special format on magnetic tape.
Queries recorded on punched cards are matched
against the document text. Hits are recorded at
an output printer where part or all of the
document can be printed.
Interim SAFE - This system stores the full text of
documents in mail and text files and document
bibliographic records in a third file. Searches are
made using a CRT. Output is available on the
CRT or can be printed on an attached printer.
Users have the capability to create their own
private files. The mail file contains the complete
text of State and codeword cables for a five-day
period. The text files store the full text nf - e
and codeword cables,
Military cables, DOD/ s and tield trattic or
B-20 SECRET 13-20
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2MMIM : CIA-RDP86130026912003bW6UM-0
a four-week period. The bibliographic file is a
copy of the AEGIS subject file.
o The Office of Communications Cable Secretariat
maintained, until recently, a 20-year cable archival
file of (except Restricted Handling) Agency
messages sent and received. No indexing or
abstracting is done. Retrieval service presumes
the requestor has sufficient data on messages
sought to allow retrieval in a straightforward
clerical fashion. Retrieval by key word and/or
subject alone is not possible.
o The DO/IMS manages a variety of automated and
manual files in support of the DO Area Divisions.
The acronym, DORIC, for Directorate of
Operations Records and Information Control
System, is the umbrella acronym which
encompasses all the various records subsystems in
the DO information system. Three of the
subsystems provide automated search capabilities.
The STAR (Special Trace and Retrieval) System
supports personality name traces. Output is a
reference to a document/cable or a 201 file. The
DRS (Document Reference System) stores
charge-out information, access instructions, and
location information on files and/or documents.
The full text of the document might be located in
the COMET cable file, various hard-copy and
microfiche 201 files, or the WALNUT microfilm files.
o NPIC maintains three major electronic-based files.
They are:
Exploitation Products File (EDF) - an automated
index to exploitation reports and memoranda.
Objects Data File (ODF) - a computerized file that
enumerates, categorizes, and describes foreign
objects, equipment, weapons, and weapon systems
of intelligence interest.
Installations Data File (IDF) - a data file
containing information on 65,000 installations.
The file is searched using a CRT terminal.
Output is a printed listing showing all information
on a specific installation or preformatted subset of
the data such as a chronological description of
the facility.
There also exist throughout the Agency, a
multitude of functional data files maintained by
components on both the large general-purpose
devices operated by ODP and the dedicated mini-
B-21 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200WAER?-1'IA-RDP86B00269R0 74 3kRVq~W
and microcomputers in Agency components.
(2) Recent Activities
o The Rapid Access Management Information System
(RAMIS) provides non-ADP professionals with a
simple, easy-to-use data base management package.
The significance of this development is that data
processing is brought closer to the user by giving
him the capability to build and manage his own
private reference system without professional ADP
assistance. The expanded use of this service in
recent months testifies to its popularity.
o Another recent development is the DO decision to
build a full-text file of DO cables - the COMET
System. COMET provides the capability to search
cables and supports DO archival responsibilities.
o Joint ORD/OCO development of mini-computer
support to a crisis task force allows personal
receipt, storage and retrieval of cables via CDS
and press & FBIS wire services, and previously
produced SITREPS.
(3) Anticipated Events
o Development contracts have been let with TRW Inc.
to create and implement an expanded and
permanent SAFE system for NFAC with initial
operation by December of 1982.
o OCR's RECON Subject Index to Intelligence
Documents has been offered to the Intelligence
Community. The proposal is being studied by
Presearch, Inc., a private systems group under
contract with the Information Handling Committee
(IHC).
o A joint ORD/NPIC study of high-speed text- search
is underway. Some hardware has been installed at
NPIC. The system will provide high-speed search
of free- form textual data stored on disk for
internal NPIC users. The initial capability will be
operational in the spring of 1980 and will allow
queries against the Exploitation Products File
(EDF), the Cable Reports File (CRF), and header
records from the Installations Data File (IDF).
Plans are for external community users access to
HSTS by way of COINS.
o We expect increased pressure for mini-computers to
service reference needs perceived by the user to
be unique.
B-22 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 209 (t1'E2: CIA-R DP86B00269FWlMNI56b00Q-0
b. Document-Based Information Reference Services
(1) Major Providers
o The Agency Archives and Records Center operated
by ISS/RMD provides storage facilities for Agency
archival records and for records on which
frequency of use does not warrant primary storage
in Headquarters.
o OCR manages extensive document-based files.
These include:
Biographic, organization, and category files stored
in legal-sized folders and 5 X 8 card form. Each
of the five geographic area divisions stores and
manages its own files.
Document holdings which are part of OCR's
document subject file but for whatever reason were
not microfilmed.
o IMS manages a variety of hard-copy files to
support DO requirements.
A hard-copy cable chrono (incoming and outgoing)
covering a 3 - 6 month period.
A one-year abstract file of administrative
dispatches.
DO operational activity files and subject files.
Personality (201) files are stored in hard-copy or
microfiche.
(2) Recent Activities
o Project RAMS is concerned with automation of the
records storage and retrieval functions at the
Agency Records Center. The project will include
a reference service with an on-line data link
between Records Center and headquarters
components.
o A ten-year data base shows hard-copy document
volume dropping relative to cable traffic which is
increasing.
(3) Anticipated Events
o OCR has proposed a contract systems study of
manual processes to determine if automation of
biographic files is feasible.
B-23 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 0g1C1k2e1-CIA-R DP86B00269R02~13moo ?
c. Graphic-Based Information Reference Services
(1) Major Providers
o OCR stores about 12,000,000 all-source intelligence
documents in its major document file. The bulk of
this collection is in aperture card or microfiche
format. The file covers the period 1947 to date.
Access is by document number or by search of the
AEGIS/RECON subject file.
o The OCR Library stores motion picture film and
video tape. Access to these holdings is through
search of a machine-stored index called MOPIRE.
The Film Branch also stores large numbers of
foreign personality photographic negatives. The
file is arranged by photograph number (P. No.) .
Prints of these negatives are filed in OCR area
divisions by country and by personality name.
o THE OGCR Map Library Division maintains three
basic collections. The first is a comprehensive
collection of approximately 600,000 foreign-
produced maps of topographic, economic, political
and sociological coverage; other materials on
foreign areas include city plans, atlases,
guidebooks, and selected geographic publications.
The second collection is composed of foreign area
topographic, aeronautical and hydrographic charts
produced by the US Department of Defense. The
third contains CIA-produced maps which are, with
limited exception, small scale, thematic, and wholly
problem oriented. Access to the file is supported
by the DATMAP system which contains
comprehensive bibliographic information on the
maps held.
o NPIC manages an extensive collection of overhead
imagery. The Office also maintains a
comprehensive collection of ground
(non-personality) photography and a collection of
maps and charts required by NPIC.
o IMS stores a large collection of documents in the
WALNUT system. The film stored in the WALNUT
equipment is reproduced on aperture cards for
requestors. Specific documents in the WALNUT
file are identified for retrieval by the Document
Reference System (DRS) mentioned above. IMS is
a major producer and user of computer output
microfilm. IMS is also a joint sponsor with OCR of
an automated document storage and retrieval
system (ADSTAR). See anticipated events below.
B-24 SECRET 13-24
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 C1R 2 : CIA-RDP86B00269R4WtJ01 }6 1-0
The IMS version of ADSTAR is named DORIC/W.
o Smaller microform collections exist in other Agency
components. Every office in the DDA has ongoing
microfilm applications. All DDA microfilming is
done by P&PD with the exception of two small
applications, one in the Office of Finance and one
in the Office of Security. Two offices in DDS&T -
NPIC and OD&E - operate microfilm facilities.
(2) Recent Activities
OGCR has automated its map library with the DATMAP
system. The DATMAP file contains comprehensive
bibliographic information on 600,000 foreign-produced
maps.
(3) Anticipated Events
At present, an automated document storage and
retrieval system (ADSTAR) is being installed in OCR
and IMS. The ADSTAR project is a joint effort of
NFAC/OCR and DO/IMS under the management of
DDA/ODP. The system will store documents on 16 mm
cartridge microfilm housed in automatic retrieval
modules. "Soft-copy" display, paper output, and
microfiche output will be available at local and remote
locations through the use of sophisticated, solid-state,
image scanners.
B-25 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 g~1R?--CIA-R DP86BOO269R0R3jgg~iogg~6,
B.6. Reproduction of Information
This category includes all facilities which enable the production of one
or more copies of an information item in the same media as the
original.
a. Reproduction of Information in an Electronic Media
(1) Primary Facilities
Virtually all hardware devices in the Agency which are
capable of storing information in an electronic media are
also capable of creating copies of that media. Normally,
the media involves some form of magnetic tape but
increasingly magnetic disks are being used as the
storage media.
b. Document Based Reproduction
(1)
Primary Facilities
The vast majority of information reproduction activity
centers around the use of the ubiquitous 'Xerox' type
copier machines. While there are a number of large
devices which provide central reproduction facilities,,
the availability of small, inexpensive devices has
permitted the justification and acquisition of these
devices by virtually every component in the
organization.
(2) Recent Activities
Copier devices in the Agency at the beginning of this
year numbered 267 machines; an increase of 3% over the
previous year. Average monthly copy volumes in 1979
ran about 11.6 million; again about a 3% increase over
1978.
(3) Anticipated Events
While it is unlikely that the total number of copier
devices will be reduced in the near future, the
continued expansion of word processing and office
automation services will have a restrictive influence on
the continued need for and growth of document
reproduction services.
c. Graphic Reproduction
B-26 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269R001300060001-0
Approved For Release 206 Ii'E: CIA-RDP86B00269F 1011 66
(1) Primary Facilities
A number of Agency components involved in the
creation and use of microforms also maintain the
necessary equipments to create film copies. The most
significant facilities are found in P&PD, IMS, and OCR.
B-27 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?gUJq1., CIA-R DP86B00269R9~13 (}PO oO
B.7 SECURITY
The Agency Security Task Force examined the personnel, physical
and information security programs of this Agency. The task force
described the personnel and physical security programs as essentially
sound. The information control program was described as ineffectual.
This Task Force (Information Handling) is concerned primarily with
information control. Physical security will be discussed only as a
particular activity is specifically related to the protection of
information, e.g., vaulted area alarm systems.
Information control refers to those facilities or procedures
designed to enforce the need-to-know principle and to prevent
unauthorized access to or unauthorized release of classified
information. Information control also implies accountability.
Information accountability refers to those facilities or procedures
which enable the determination of the location of information and the
identification of the components or individuals who have been exposed
to that information. We recognize, of course, that enforcement of
accountability has a direct impact on the control of information.
Control functions include the encryption of information, the
requirement for passwords to access computer-held information, the
use of classification and dissemination control caveats on documents,
the establishment of security compartments for sensitive types of
information, etc. Accountability functions include all the
record-keeping activities which permit the location of a document or
the identification of people who have seen or who have had access to
the document, i . e. , registry activities, logs, documents and courier
receipts, document manifests, etc.
Information Control and Accountability
a. Control/Decontrol of Electronic Based Information
(1)
Major Providers
o The Office of Communications encrypts and
decrypts message traffic leaving and entering the
Agency. OC also provides secure voice facilities.
o ODP provides computer security services by
administering user identification/password access
procedures for each of its systems which can be
accessed remotely.
o OC is responsible for enforcing National emanations
(TEMPEST) standards for all Agency equipment
which processes classified information. This
function is implemented through laboratory testing,
engineering advice to user components, and
periodic testing of installed systems.
o OS Information Systems Security Group approves
B-28 SECRET 13-28
Approved For Release 2006/11/22 : CIA-RDP86BOO269RO01300060001-0
Approved For Release 20 (Ja,n : CIA-RDP86B002691200iUMM6 R11-0
the physical location of electronic devices to limit
emanations from the building.
o OC Cable Dissemination Branch exercises security
control over the dissemination of electronic
information through use of computer-stored reading
requirement profiles. The profiles approved in
writing by requirements authorities in Agency
offices, e.g., Office of D/NFAC represent a
predetermined need-to-know decision.
o Agency components which maintain central holdings
of documents in electronic form exercise a security
control function by determining whether a customer
has the appropriate clearances to receive requested
information. DO/IMS, for example, maintains
compartmentation of centrally stored DO
documents/files by restricting access to personnel
with a demonstrated "need to know", and
authenticating user identification via the DO Badge
Office Authorization Table (BOAT). OCR, on the
other hand, authenticates user identification for
access to RSM files either through badge check or
bigot lists!,
(2) Recent Activities
No Significant Information.
(3) Anticipated Events
o OCR's ADSTAR system will authenticate requester
clearances by matchin ication
t a copy ofi which will be stored in the AU7TAK 25x1
comp . Requesters will be denied information
for which they lack the appropriate clearances.
b. Control/Decontrol of Non-Electronic Based Information
(1) Providers of Security Control Function
B-29 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?/g / -j'-CIA-R DP86B00269RQ~.7413 JOQ9A-O
Control of non-electronic information is diffused
throughout the Agency. Responsibility rests with:
o Originators of documents in many cases make the
original dissemination (need-to-know) decision.
o Organizations with major dissemination
responsibility such as OCR's Acquisition and
Dissemination Division exercise security control
over the dissemination of hard-copy documents
through use of standard reading lists. These
approved reading lists, like OC's computer-stored
reading profiles, represent a predetermined
need-to-know decision.
o Registries, in so far as they determine who will
see controlled documents, exercise a security
control function.
o Users of information are the largest
security- control group and perhaps the weakest
link in the security control function. Users can
and do reproduce classified documents, extract
information from one document-for use in another
document or for use in various files, and send
documents to counterparts in other offices. Users
also attend meetings where they exchange
ideas/information as they do in meetings with their
counterparts. The Security Task Force
characterized weaknesses in the security control
system attributable to individuals in these words:
"inadequate knowledge and understanding of
information security by many employees; and a
lack of ardor on the part of many employees, both
individuals and supervisors, to accept and
discharge responsibilities for information control
and protection beyond the barest minimum."
o The DDA/ISS Classification Review Division is
responsible for the mandatory review of classified
material for downgrading and declassification
purposes. The ISS Information and Privacy
Division manages FOIA, Privacy Act, and
Executive Order requests for the DDA.
Downgrading, declassification, and release are all
security control functions.
(2) Recent Activities That Affect Security Control of
Information
o The implementation of briefcase and package
checks.
B-30 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269RO01300060001-0
Approved For Release 204t/(tA(22: CIA-RDP86B00269F 108E 6
o Restrictions on authority to remove classified
material from Agency buildings to approved
couriers and to individuals authorized on a
case-by-case basis by Agency Document Control
Officers.
o Installation of the OS Automated Alarm Monitoring
System (AAMS) which monitors protected areas of
the Headquarters Building and alerts OS personnel
when possible intrusions are detected.
(3) Anticipated Events (that will affect security control of
information)
The recent establishment of the APEX Steering Group
and the establishment of a Special Assistant to the DCI
for Compartmentation to chair the APEX Steering Group
will have a major impact on the administration of
information security in the Agency. We cannot, at this
time, predict the nature of, nor the extent of change
which these events will generate, but we anticipate the
need for close liaison between this group and any
planning/architectural function developing from the IH
Study recommendations.
B-31 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20Ng1~ ~_FCIA-RDP86B00269R9~1 J E09 oo
B.8. Computing Support Facilities
This category includes all computers and the peripheral devices
attached to those computers which support the storage and processing
of information. This support includes the operation and maintenance
of these facilities and the provision of any systems (non-application)
software needed to ensure efficient utilization of the hardware
devices.
Primary Providers
1. Central services providing common or general purpose
support:
ODP maintains a large complex of processors and
storage devices in the Headquarters Ruffing Center to
support some fifty Agency and Community components.
Services offered fall into five support categories:
o Interactive Time Sharing - which supports user
controlled remote terminals to perform such
activities as on-line file creation and update,
program creation and execution, and interaction
with the batch processor.
o Batch Processing - which handles processing jobs
or requirements which generally require the use of
large data bases and/or computing capabilities and
do not require interactive communications with the
user or job submitter.
o Data Base Management - which utilizes the GIMS
system to support large complex information
handling requirements.
o Office of Central Reference Support - which
provides on-line computing and storage facilities to
the OCR AEGIS/RECON and Interim SAFE systems.
o Message Processing - which accepts cables in
electronic form from OC's CDS system and
distributes these cables to a variety of users for
subsequent storage and processing.
2. Large systems dedicated to specific functions:
o ODP provides dedicated computing facilities in its
Special Center to support the DO's information
storage and retrieval systems collectively known as
ALLSTAR.
o ODP also provides a dedicated facility in the
Special Center to support the COMIREX Automated
Management System (CAMS).
B-32 SECRET 13-32
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2 C1Rk2'P : CIA-RDP86B00269R40JIU0 }6 1-0
o NPIC maintains its own large-scale computer center
which supports imagery exploitation by NPIC and
other community photo interpreters, measurement
of photo discernable objects and information
storage and retrieval services which are made
available to Agency, Community, and COINS users.
o When the Telemetry Analysis and Display System
(TADS) becomes operational, it will utilize a large
dedicated computer that will be housed and
operated by ODP.
3. Small systems dedicated to specific functions. This
category of computing service is represented by a
growing inventory of mini- and microcomputers that are
generally located in, operated by, and directly support
a user component. A sampling of these systems
follows:
DDA/OL - In addition to the three minicomputers that
are used to support the ETECS facility, P&PD has
recently installed a minicomputer to help manage its
inventory and production activities.
DDA/OP - Minicomputers are used to support the Credit
Union and insurance/hospitalization functions.
DDA/OS - Minicomputers have been installed which
control and record access to the Headquarters Building
and to the vaulted areas within the building.
DDA/OMS - A minicomputer is used to interface special
medical testing facilities to the ODP computers and to
provide a mechanism which ensures the confidentiality
of OMS medical records.
DDA/OC - A dedicated minicomputer is used to control
the distribution of cryptographic materials.
DDA/OTR - OTR uses its own minicomputer to support
training courses which deal with the functional ways in
which a computer can facilitate intelligence analysis and
production.
NFAC/OCR - A dedicated minicomputer supports the
OCR central library activities.
NFAC/OCO - Minicomputers are used to support the
collection and processing of information for analytical
task teams assembled to report on specific international
crises.
NFAC/OGCR - OGCR uses minicomputers to control
B-33 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20OWgER~=rCIA-RDP86B00269RO 1413kpFgQ~6
their digitizing, map creation and visual aids production
facilities. In addition, they have recently installed a
system which supports interactive geographic and
cartographic analysis of a variety of locationally related
sets of information.
DO - The DO utilizes minicomputers to maintain a
registry for Agency issued pseudonym, cryptonym and
alias data and to support a community accessible data
base on terrorist activities.
DDS&T/NPIC - In addition to the large computer
systems mentioned above, NPIC also uses minicomputers
to perform mensuration and image enhancement
activities.
DDS&T/OSO - OSO operates and maintains
minicomputers in the field as well as a computer center
located in Headquarters. Functions include the
collection, sorting, storage, transmission and processing
of signal data.
DDS&T/OTS - Minicomputers are used to provide the
facilities to support several laboratory test and
evaluation functions in OTS.
b. Recent Activities
Activity in the area of computing support over the last few
years has been characterized by a steady growth in:
o The capacity of the computers providing general
purpose support functions and the amount of
on-line storage they provide for user files.
o The number of installed minicomputers and the
diversity of applications to which they are being
applied.
o The number of remote general purpose terminals
and printers available to users and the wider use
of graphic display and plotting devices.
c. Anticipated Events
(1) The installation of the Headquarters BUS will provide a
communications environment that will facilitate the
exploitation of Agency computing services by the widest
possible population of users.
(2) There will be a sizeable increment in the computing
facilities of the Agency when the separate SAFE
computer center is operational.
SECRET B-34
Approved For Release 2006/11/22 : CIA-RDP86BO0269RO01300060001-0
Approved For Release 206E1CCRlE2: CIA-RDP86B00269l 3IJ11 B6b08R-0
(3) ODP is involved in an effort to identify a minicomputer
that could be used to satisfy a large majority of Agency
minicomputer needs. Because of its software
compatibility with the large IBM mainframes, it is
anticipated that the IBM 4300 minicomputer can serve as
a mini 'standard' for a variety of data processing
applications.
(4) As the new standard soft-copy terminal is deployed, it
will greatly enhance the users ability to perform local
word and data processing activities.
(5) The CRAFT concept will introduce comparatively
sophisticated computing facilities to the overseas
environment. CRAFT will also have impact on the use
of Headquarters computing services to support overseas
requirements.
B-35 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?1GT?CIA-RDP86B00269R9Q192f0.0
B.9. Information Systems Development and Maintenance
This category includes the analysis, design, implementation, and
subsequent maintenance of systems used to support specific user
requirements in information handling. This activity is primarily
related to the development and maintenance of computer and
communications systems but can involve non-automated systems as
well.
a. Primary Providers
(1) Organizations which include resources involved in the
development and maintenance of information handling
systems fall into three categories characterized by size
and function.
o Large, centralized, general purpose support. ODP
provides a staff of approximately 100 individuals
whose mission is to respond to Agency and
Community requests for the development of new
systems or the modification/enhancement of existing
production applications. OC provides
approximately 300 engineers, programmers and
technicians to design, install and maintain
Communications Systems for the Agency and the
Community.
o Medium-sized, dedicated support. Both NPIC and
the DO maintain ADP personnel to create and
service systems unique to their respective
organizations. Each of these components contains
approximately fifty individuals.
o Small, dedicated support. A number of Agency
components have found a need to provide their
own software expertise which is dedicated to
supporting their own unique mission requirements.
The resources found in these groups are relatively
small, seldom exceeding a half dozen people. ADP
resources of this category are found in the
following representative components: OCR, OSO,
OER, and OL.
(2) It should also be noted that most of the larger software
support groups utilize contractors to provide unique or
temporary skills which are not available from Agency
staff personnel.
b. Recent Activities
(1) Because of limited personnel resources, ODP has not
always been able to respond to user requests within the
time constraints requested. This has lead increasingly
to an arrangement whereby the using component
SECRET E3-36
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 GORET : CIA-RDP86BO0269l OOJBit6
provides a permanent position or slot in their
organization which is occupied by an ADP professional
from ODP. This assignment is temporary in nature and
after two or three years ODP rotates another individual
into the component position. Under these
arrangements, the ADP professional works with user
personnel in direct response to user established
priorities but follows ODP professional standards and
procedures.
(2) A recently established ADP standards committee has
been constituted to develop Agency-wide standards
relative to defining systems requirements and the
preparation of documentation associated with the design,
implementation, testing, and maintenance of computer
systems. All of the major Agency components having
software development capabilities are participating in
this effort.
c. Anticipated Events
(1) The growth in the use of ODP professionals in
rotational assignments is expected to continue. The
current population of about thirty rotatees should
expand at the rate of about five per year.
(2) Further efforts to adopt standard Agency procedures
and techniques for software development can be
expected to continue.
B-37 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 200?/0 1C-/Ri--CIA-R DP86B00269R0p3413E09ggdJ
B.10 Miscellaneous Services
This category includes two services which warrant some discussion
but which do not logically reside in the nine categories described
above. They are:
Formal training in IH services
Data management services
a. Training
(1) Primary Facilities
o OTR conducts IH related courses in such subjects
as records management, micrographics, FOIA/PA
and surveys of Agency and Community information
systems.
o OC provides an extensive training facility to
support their communications and equipment
maintenance responsibilities.
o IMS/Training Staff serves as the DO focal point
.for records system training. This includes
determining the requirements for, developing, and
conducting DO records training for CIA personnel,
other U.S. Government agencies, and foreign
liaison personnel.
o ODP offers computer related courses that are
available to any Agency component that has a need
to improve their ADP skills.
o Many components support small, specialized
training courses that are run on an ad hoc basis
and are usually restricted to component personnel.
Illustrative examples are:
OF's course on information science techniques for
financial management
OER's courses on the use of specialized languages
(e.g., APL & TROLL) for economic analysts.
(2) Recent Activities
An interesting development in ADP training support is
the use by OTR of a dedicated minicomputer which
enables student access during normal classroom hours
as well as a remote capability to permit students to
perform out of class 'homework' activities.
(3) Anticipated Events
B-38 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20
The SAFE system, when implemented, will provide an
extensive Computer Assisted Instruction (CAI) facility
that will support the training of the new SAFE user or
refresh the knowledge of the experienced user. The
CAI facility will allow the user to either experiment with
the system or enter into a structured lesson. Certain
users will also be allowed to create or modify lessons.
b. Data Management Services
This category includes data base backup, recovery and other
integrity services which ensure that the information stored
and retrieved is accurate and available. These services are
performed on behalf of the owner of the data who does not
have the resources or expertise to ensure the required
integrity.
(1) Primary Facilities
o ODP's Production Division provides data
management and job production services to a
number of computer applications running in the
Ruffing Center. These applications range from
periodic batch submissions to monitoring on-line
data base management systems and cable
distribution services.
o Other organizations which are responsible for large
collections of data provide similar services. NPIC
personnel ensure the integrity of the NDS files,
IMS/SG ensures that the DORIC data bases are
accurate and available and OCR provides the
resources to ensure that the AEGIS/RECON and
Interim SAFE files are available for user
exploitation.
(2) Recent Activities
o The owners of the data are assuming more
responsibility for validating data base integrity.
OF's establishment of a data base management
function which monitors the state of the FRS and
GAS data bases in a good example.
o Multiple users of the same data base are beginning
to share responsibility for their joint store of
information. OSR and OIA have assumed joint
responsibility for maintaining the OASIS
order-of-battle data base.
(3) Anticipated Events
When SAFE becomes operational, it will continue the
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2OQ l42F2T: CIA-R DP86B00269R~RlMR(lE 9% 0
data management support philosophy initiated in
Interim-SAFE by establishing a SAFE User
Representative Element (SURE) which will provide data
base management functions for all SAFE files.
B-40 SECRET 13-40
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 209?it 1R1E3-: CIA-RDP86B00269RU71OG60980-0
In addressing alternative management systems for information
services, the consideration is to what degree management of
information services should be centralized or decentralized.
However, the problem cannot be dealt with in such global form. One
must decide what is to be centralized or decentralized. The
management alternatives that follow are derived by viewing the
problem from three levels of management control. This analysis
technique is employed by IBM in their methodology for business
systems planning which is in turn based on a method of organizational
analysis developed at Harvard.
The methodology speaks to three levels of control:
Level 1: Strategic Planning - the process of deciding on
objectives of the organization, on the resources used to attain
these objectives, and on the policies that are to govern the
acquisition, use, and disposition of resources.
Level 2: Management Control - the process by which managers
assure that resources are obtained and used efficiently in the
accomplishment of the organization's objectives.
Level 3: Operational Control - the process of assuring that
specific tasks are carried out effectively and efficiently.
As applied to Agency Information Handling, the questions become:
o How should we organize to set goals for information
services, decide investment strategies, and set policy on
system acquisition, use and disposition?
o Who should prepare and defend, budgets, control positions,
and manage the careers of information service specialists?
o Who should be in day-to-day command of operational
systems and their staffs?
If one considers the possibility of placing each of these controls at
different organizational levels, i.e., Agency, directorate, or office
level then many options are made available for evaluation. Adding to
the possible list of line options is the concept of addressing strategic
planning through staff organizations.
The option tree shown in Figure C-1 depicts the range of alternatives
selected by the Task Force for study. This tree identifies six
families (enclosed in boxes) of options that are described in some
detail below. Each family has been assigned a two character
mnemonic (PA, DA, etc.) and a single digit numeric suffix to
distinguish the options within each family. The boxes identifying the
family options in Figure C-1 also briefly indicate the salient
differences which separate the members within each family.
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?g6k?pi-CIA-R DP86B00269R002113%980gg~&
Table C-1 contains brief definitions of some terms used throughout
this section of the report. Definitions are included for:
o A Directorate of Information Services (D I S)
o An Office of Information Services (OIS)
o Career Management
o Mission Budgeting
o Mission Tasking
o Strong and Weak Architects
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Organizational Options for IH Management
INCREASE
IIN AGENCY LEVEL (CENTRALS
MANAGEMENT
AGENCY LEVEL PLANNING
WITH:
PEI a Agency Planning Network
PE2 e Agency Planning Network
? Agency Career Management
e Mission Budgeting and Tasking
PCi a DDA Only
PC2 e DDA, NFAC
PC3 o DDA, NFAC, S&T
ND DENOTES.
A New Qirectorate
ND3 a Mission Budgeting and Tasking
ND2 a Agency Budgeting
a Mission Tasking
ND3 a Agency Budgeting and Tasking
DECREASE
IN AGENCY LEVEL (CENTRAL)
MANAGEMENT
DA DENOTES
QIrectorate %ndependence
with Agency Level Planning
DA'I Strong Agoncv Planning
e Directorate Budget ng and Tasking
DA2 o Strong Ag. ocv Pla erring
o Mission Budgeting and Tasking
DA3 Weaker Agency Planning
a Directorate Budgeting and Tasking
...
DAB a Weakar Agency Pi..mning
o Mission Brdgeting and Tasking
DIRECTORATE LEVEL PLANNING
DD DENOTES
Qlrectorato Independence
with Qiroctoraxe Lovell Planning
DDi o Directorate Buageung and Tasking
DD2 e Directorate Budgeting
a Mission T:,sking
DD3 a Mission B::dgecinc and Tasking
CA DENOTES:
C.ornponent Autonomy
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20_&Jft : CIA-RDP86B00269RQ 1Akt 6
TABLE C-1
DIRECTORATE OF INFORMATION SERVICES (DIS)
A new, i.e., fifth, Directorate which consolidates all of the Agency's
IH functions and resources under one manager. The Director of this
organization, or his appointee, functions as the Agency Architect for
IH planning activities.
OFFICE OF INFORMATION SERVICES (OIS)
An organization which consolidates all of a Directorate's IH functions
under one manager. IMS currently provides an "OIS" function for
the DO. The OIS' envisioned as part of the DA and DD family of
options also allows the Directorate OIS' to acquire information
resources currently managed by another Directorate, e.g., ADP
hardware, communication facilities, etc. The OIS concept does not
necessitate the creation of a single 'office' as the organizational term
is commonly used. An OIS could be composed of several existing
components which have been placed under central directorate control.
For example, an OIS in the DDA could be implemented as a single new
office or existing IH oriented components could be placed under the
control of a directorate level manager of IH services.
A term used to describe those personnel practices which are designed
to foster an employee's professional development. These include
counseling, training, and planning for future job assignments. Career
management does not imply position or operational/tasking control.
Mission budgeting stipulates that if a user (Directorate or Office) can
be identified as the sole or principal beneficiary of an IH system or
service, that component should be responsible for the budgetary
justification of that service.
Mission tasking stipulates that if a user (Directorate or Office) can be
identified as the sole or principal beneficiary of an IH system or
service, that component should be responsible for operational control
or tasking of the resources used to support that service. Mission
tasking enables the user to establish the requirements and priorities
for the utilization of the supporting services.
An Architect who derives his authority directly from the DCI or from
the DDIS. His authority is in direct proportion to the extent that he
is granted authority by them to initiate and promulgate Agency-wide
C-3 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%1~61kj -CIA-R DP86B00269ROC121730A0B Oc -
IH plans in their name. This option can be viewed as a top-down,
i . e . , Agency level to Directorate level, approach to Strategic I H
Planning.
WEAK ARCHITECT
An Architect who derives his authority directly from the DCI. His
role under this option is to coordinate Directorate initiated IH plans
into an Agency Strategic Plan. This option can be viewed as a
bottom-up approach to Strategic IH Planning, i.e., Directorate level
to Agency level.
ALL PORTIONS THIS SECTION UNCLASSIFIED
C-4 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BO0269RO01300060001-0
Approved For Release 2t1 C1R Y : CIA-RDP86BOO269RO01AU06
C.1 DESCRIPTION OF OPTIONS
OPTION CO
(CURRENT ORGANIZATION)
The status quo is an intriguing blend of Agency, directorate and
office level centralization. If it has only one virtue, that virtue
would be flexibility, i.e., there is a management system for
every occasion. Information services are provided by a variety
of organizations which have evolved over thirty years to meet
the unique demands of Agency institutions. IH functions are
generally managed by an Office, or in the case of DO, by a
Staff. Services provided are Directorate wide, as in the case of
IMS service to the DO, or Agency wide, as in ODP or OC.
Agency-wide planning for integrated information services is
non-existent. Some Agency-wide IH planning is done by
components having functional responsibility for a particular IH
service, e.g., OC for communications. (C 3d(3))
ORGANIZATIONAL IMPLICATIONS
Responsibility for information handling activities in the current
organization rest, for the most part, in eight major components.
There are exceptions which do absorb IH resource dollars and
manpower but they are small by comparison and usually unique.
The eight major components and their areas of responsibility are:
Office of Communications Design, installation, operation
and maintenance of foreign and
domestic electrical
communications and
dissemination.
Office of Data Processing Operation of computer
hardware, provision of systems
analysis and programming
support to Agency components,
storage and maintenance of
data bases, word processing
management.
Information Management Staff Management of a l l I H activities
for the DO.
Office of Central Reference Agency-wide reference
support, dissemination of hard
copy intelligence documents,
Community biographic support
on non-military personalities,
acquisition of foreign
C-5 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%/~6/gi--CIA-RDP86B00269ROO g fflaOqQ -0
publications.
Printing and Photographic The bulk of Agency printing
of
Division publications and microfilming
operations
Information Services Staff Administers Agency FOIA and
Privacy Act programs and
Agency Records Management
activities.
Disseminates foreign press,,
radio and TV information.
Publishes JPRS Translations.
PLANNING RESPONSIBILITIES
Computer support to overhead
reconnaissance activities.
Dissemination of PI reports.
(S 3d(3))
There is no Agency Information Handling Plan. Until recently
only DO had a Directorate-wide IH plan. NFAC, ODP and OC
have independently initiated five-year IH planning exercises in
their own areas of responsibility. Although ODP and OC compile
Agency-wide requirements for computer and communications
support annually, coordination on planning is informal and ad
hoc. Some planning on major expenditures is forced by the
budget process, e.g., SAFE. There is an annual ADP Project
Review by EXCOM. (C 3d(3))
Career Management for "IH Careerists" is essentially a component
responsibility with a few exceptions. DO/IMS manages all DO IH
careerists. ODP has career management responsibility for some
ODP programmers on rotational assignments in non-ODP slots.
OC has career management responsibility for OC personnel
assigned to DDS&T Program slots. (C 3d(3))
DDA components attempt to budget: at the Agency level. OC,
ODP, and OL budget at the Agency level for commo, ADP, and
printing services insofar as that is consistent with the
management systems of other directorates. (C 3d(3))
The DO relies on OC and OL budgeting for communications and
printing support but shares budgeting responsibility for ADP
with ODP. DO/IMS typically will budget for new ADP systems
and applications while ODP budgets ongoing support for the DO
SECRET C-6
Approved For Release 2006/11/22 : CIA-RDP86BO0269ROO1300060001-0
Approved For Release 209)tk2T: CIA-R DP86B00269RCQQ1AM6@98O-0
computer center. (C 3d(3))
NFAC relies heavily on Agency-level budgeting by the DDA to
meets its needs. However, NFAC offices are beginning to
budget for unique needs such as special purpose minicomputers
and software support. (C 3d(3))
DDS&T inputs requirements to DDA Agency-level budgets but
also does significant program and mission budgeting for unique
communications and ADP. (C 3d(3))
OPERATIONAL CONTROL (TASKING)
In the DDA, OC, ODP, and OL control the large, shared
facilities such as the ODP center, OC base stations, and OL
printing plant. Otherwise, user control' is the rule. (C 3d(3))
Within the DO, DO/IMS performs operational control at the
directorate level. (C 3d(3))
NFAC is largely dependent on shared facilities but in the area of
reference services, OCR has control. PPG is establishing
control over recording and editing as it is applied to NFAC
publications. (C 3d(3))
Within DDS&T the control lies principally with the offices and
programs. While there is significant reliance on the central
services of OC and ODP, there is heavy emphasis on mission
services and their control. (C 3d(3))
Several IH service organizations provide customer service
functions to simplify user access to information support.
Examples are OC's Foreign Network Division Current Activities
Branch, ODP's Customer Services Staff and Production Division,
OCR's Country Reference Analyst, IMS records referent at the
desk program, etc. (C 3d(3))
IMPLEMENTATION PHASING
Not applicable.
UNMARKED PARAGRAPHS OF THIS SECTION ARE UNCLASSIFIED
C-7 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200 ~4~2 -j CIA-RDP861300269R0~3~q%0Q$g&
PE FAMILY OF OPTIONS
(AGENCY LEVEL PLANNING IN CONJUNCTION WITH EXISTING IH
COMPONENTS)
Options PE1 and PE2 leave existing IH service components
unchanged. Both options provide information handling planning
staffs at the DCI level, and IH coordinators in each of the four
Directorates. Career management of personnel, budgeting and
operational control of resources remain unchanged in option PE1.
Career management is centralized in one component where
possible in option PE2. Responsibility for budgeting and
operational control of resources in option PE2 is passed to the
mission manager whenever the mission manager is the primary
beneficiary of the service. For example, overseas COMMO
operations which directly support the DO would be budgeted by
the DO, not OC. (C 3d(3))
ORGANIZATIONAL IMPLICATIONS
Existing service components are unchanged. A DCI staff is
established to provide Agency level strategic IH planning.
Directorate IH staffs provide directorate coordination with the
DCI staff.
PLANNING RESPONSIBILITIES
The Architect at the DCI level is responsible for initiating
information handling planning for the Agency. After
coordination with the Directorates, the Architect prepares and
presents the IH Strategic Plan to the EXCOM for its
concurrence. The Architect will take the lead in strategic
planning for information services and will reconcile Agency policy
statements and Agency goals on intelligence collection and
production with knowledge of information service activities and
technology advances to formulate information service goals for
the Agency. A shorter term plan developed in conjunction with
Directorate and Office level IH coordinators is created at the
Architect's initiative and integrates information service planning
with budget planning. The Architect is responsible also for
presenting an annual Agency IH review to the EXCOM. The
presentation would replace the present annual ADP review
conducted by the EXCOM. The Architect monitors Agency ADP
activities as required to ensure that they are in harmony with
the Strategic Plan. The Architect is the Agency IH
representative to the Intelligence Community.
CAREER MANAGEMENT
Career management remains unchanged in option PE1. Career
management is centralized in one component wherever possible in
option PE2, e.g., ODP for ADP careerists, OC for Communication
SECRET C-8
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20c1REE : CIA-RDP86B00269RMAtIt 6
Budget management varies. In option PE1, budgeting remains
unchanged, e.g., IMS budgets directorate wide for DO IH
services, ODP and OC budget Agency wide for ADP and
Communications services, OCR budgets for the Agency on
acquisition of foreign publications. In option PE2 budget
management is shifted wherever possible so that the mission
manager budgets for those IH services dedicated to his mission.
OPERATIONAL CONTROL (TASKING)
Operational control is under the manager who provides the IH
service. Generally speaking, resource tasking is controlled by
the component which has budgeting responsibility for the
resources.
Because there are no organizational changes contemplated in the
components providing information services, little impact on the
user is anticipated.
The initial phase in either of these options is to create the DCI
staff. This would be followed closely by the identification or
establishment of the directorate coordination staffs.
Identification of career management, budgeting and operational
control changes under option PE2 would follow the creation of
this planning network.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
C-9 SECRET C-9
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%(6''~I-CIA-RDP86BO0269ROWORe%hO
PC FAMILY OF OPTIONS
(AGENCY LEVEL PLANNING IN CONJUNCTION WITH CONSOLIDATED
IH COMPONENTS
SUMMARY
The attributes of the PC family are as follows: A DCI level
Architectural Staff is created. A mechanism is established at the
Directorate level (if none exists) to coordinate with the Architect.
The information handling services are consolidated within the existing
Directorate(s) into an Office of Information Services (OIS). Three
incremental consolidation options are suggested: DDA/OIS (PC1),
NFAC/OIS (PC2), DD/S&T/OIS (PC3). The IH specialists career
service is Agency-wide. Budgeting and operational control remain as
closely aligned to the mission component as possible. Current central
services such as communications, data processing,and central
reference remain in their current Directorates.
ORGANIZATIONAL IMPLICATIONS
A DCI level Architectural Staff is created. An Office of
Information Services (OIS) is created within the Directorate(s).
The OIS includes a realignment of the information handling
functions within a centralized component (there would be no
organizational change to the DO which has already centralized its
information handling services in IMS).
OPTION PC1 establishes an OIS in the DDA only. The IH
functions performed presently by the Office of
Communications, the Office of Data Processing, the Printing
and Photography Division, the Information Services Staff,
the Office of Logistics courier and registry operations, and
the Office of Security's Information Systems Security Group
would be incorporated in the new OIS. Personnel of these
components would be reassigned to several functional
Divisions within OIS, namely: Systems Engineering,
Applications, Operations and Maintenance, Customer
Service, and Information Security. If the OIS structure is
considered too large to be manageable, an alternate option
would create an Associate Deputy Director for Information
Services and an Associate Deputy Director for
Administrative Services within the DDA. (C 3d(3))
OPTION PC2 establishes an OIS in NFAC in addition to the
DDA/OIS (as described). The NFAC/OIS would include,
but not be limited to, those functions related to records
management, 'FOIA, systems, registry, map/film library,
acquisition and dissemination, etc.
OPTION PC3 completes the Directorate centralization of IH
services by establishing an OIS in DD/S&T. The OIS would
consolidate registry, courier, ADP, and records management
functions in S&T.
C-10 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 20 I 1Q11;E2 : CIA-RDP86BOO269RCU1 060MQ-0
PLANNING RESPONSIBILITIES
Agency-wide career management is centralized in the DDA/OIS
for ADP, Communications, Registry, Courier, Printing,
Photography, Records Management careerists, etc. Career
management for librarians, indexers, disseminators, etc., is
centralized in NFAC.
Where the IH service can be identified as uniquely supporting a
mission, the mission manager will budget for the service, e.g.,
NFAC will budget for SAFE. However, general purpose services
will continue to be budgeted by the central support component,
e.g., OC, ODP.
OPERATIONAL CONTROL (TASKING)
Where the IH services can be identified as uniquely supporting a
mission, the mission manager directs the day-to-day use of
resources supporting the mission. For example, registry
personnel whose career is managed by an OIS would still be
subject to tasking by the Component to which they are providing
registry support.
An OIS/Customer Services component will serve as a single point
of entry for the user so that the selection of I H services is
optimized and not up to chance or ignorance. This component
will function as an integrated customer service organization and
will act as a buffer between the user and IH systems. Although
systems may change, the user interface will remain quite
constant. Therefore, early introduction of this component is
desirable to shield the user from disruptions that normally
accompany organizational change.
We envision a phased implementation which spread over a three
year period would include the following chronology: Creation of
the DCI IH Staff which would be responsible for the transition
planning and the Architectural function, and related IH
coordinating mechanisms; Creation of a Customer Service
Component in each Directorate; creation of the DDA/OIS;
DDA/OIS assumes career management responsibility for most IH
specialists; create NFAC/OIS; NFAC assumes career management
of indexers, disseminators, etc.; create DDS&T/OIS.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
C-11 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200'UT? CIA-R DP86B00269R09i,3~V809@g00
ND FAMILY OF OPTIONS
(NEW DIRECTORATE)
SUMMARY
In options ND1, ND2, and ND3, a new Directorate of Information
Services (DIS) is created and assumes management responsibility
for all Agency information handling activities. An Architectural
Staff established within the new DIS does Agency-wide planning
for all information handling activities. Each of the four existing
Directorates identifies or creates a formal IH staff to plan for
and to coordinate Directorate IH plans with the DIS Architect.
Career management of all IH careerists is assumed by the new
Directorate. In option ND1, budget management is shared
between the DIS, which budgets for all central IH services, and
the mission component which budgets for dedicated services.
Operational control follows the same pattern with the DIS
manager exercising operational control over most resources and
the mission manager exercising operational control over resources
dedicated to his mission. In option ND2, the DIS assumes total
responsibility for budgeting while continuing to share operational
control over IH resources with mission managers. Option ND3 is
totally centralized with the DIS assuming full control of
planning, career management, budgeting, and operational control
of resources.
ORGANIZATIONAL IMPLICATIONS
A new Directorate of Information Services (DIS) is created in
options ND1, ND2, and ND3. The DDIS assumes full management
responsibility for all information handling activities in the
Agency. IH components in the four existing Directorates are
disestablished and their functions and personnel reorganized into
the new Directorate. An Agency level Architectural Staff is
created in the new DIS. IH staffs are identified or created in
each of the four existing Directorates to coordinate IH plans and
requirements with the new DIS Architect.
PLANNING RESPONSIBILITIES
Because the new DIS is responsible for all Agency information
management, the DIS Architect becomes the de facto Agency
Architect. He is, therefore, responsible for preparing and
maintaining the Agency IH Strategic Plan, review of the new IH
project proposals initiated by Agency components for conformity
to the Strategic Plan, is the principal advisor to the DDIS and,
through him, the EXCOM on IH matters, and is the Agency IH
representative to the Intelligence Community. The Architect also
functions as a coordinator on technical matters within the DIS.
SECRET C-12
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 20 1R.E E : CIA-RDP86B00269RMMt 6
The DIS is responsible for Agency-wide career management of IH
careerists under all three options.
Under ND2 and ND3, the Director, DIS, budgets for all Agency
IH services. Under ND1 budget authority is shared with mission
managers. The mission manager budgets for those IH activities
which are dedicated to his mission.
OPERATIONAL CONTROL (TASKING)
Option ND3 is the most centralized. The DIS is vested with
operational control over all IH resources. Under options ND1
and ND2, DIS shares operational control with mission managers.
The latter assume control of dedicated IH resources.
Because all three options involve extensive organizational change
a customer service organization is included in the new DIS.
This organization minimizes disruption by acting as an
intermediary between the user and newly reorganized and
relocated systems.
The creation of a new Directorate and the disestablishment and
transfer of IH functions in existing Directorates to the new
Directorate could be accomplished in any one of a number of
ways. The following phasing is a logical approach.
1. Establishment of a new Directorate of Information Services.
Functions to be transferred to that organization are word
processing, dissemination, distribution storage and retrieval,
communications, printing, automatic data processing and
information security.
2. Appointment of a Deputy Director to head the new
organization with appropriate budget and staffing authority
to create an implementing staff.
3. Development of an implementation plan coordinated with
existing Directorate Staffs.
4. Implementation of the reorganization in accordance with the
plan developed by the planning staff beginning with creation
of a customer service component.
5. Disestablishment of the implementation staff.
ALL PORTIONS THIS SECTION UNCLASSIFIED
C-13 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200WgGVRJ-1-CIA-RDP86B00269R0021~30~1G~00 ~8
DA FAMILY OF OPTIONS
(DIRECTORATE INDEPENDENCE WITH AGENCY LEVEL PLANNING)
SUMMARY
This family of options emphasizes IH self sufficiency for each of
the four Directorates. This independence is tempered however
by the presence of a DCI level staff architect which initiates
and/or coordinates IH planning with the Directorates. Each
Directorate would consolidate all of its own IH services into a
single component; an Office of Information Services (OIS).
DO/IMS already represents this consolidated component for the
DO. Each OIS (or DO/IMS) could also develop and maintain its
own IH support services which it currently receives from a
central service oriented component. (C 3d(3))
ORGANIZATIONAL IMPLICATIONS
A DCI staff is established to provide Agency level strategic IH
planning. DO/IMS remains unchanged. Each of the other
Directorates would consolidate its IH services into a single
component (OIS) which would assume all IH planning and service
responsibilities for the Directorate. Each OIS (including
DO/IMS) has the option of assuming central support functions
currently being .performed by another Directorate. For example,
the NFAC/OIS could budget for and operate it's own ADP center
if it chose to assume this responsibility from ODP. (C 3d(3))
PLANNING RESPONSIBILITIES
While this family of options calls for the creation of a DCI level
staff to provide an Agency Architect for IH planning, the role of
the Architect in options DA1 and DA2 is stronger than in DA3
and DA4. Under DA3 and DA4 the architect would act as a
coordinator of Directorate submitted IH plans, advising the
EXCOM as to their applicability and compatibility.
In all of the options, the OIS' created in each of the
Directorates (or DO/IMS) would provide planning coordination
with the DCI staff Architect.
DO/IMS retains, and the three OIS components assume, career
management responsibility for all IH specialists in their own
Directorate. There is no Agency-wide career management.
Under options DA1 and DA3, the 0IS'(or DO/IMS) budget for all
IH support provided to the respective Directorate. Options DA2
and DA4 specify that mission budgeting is to be encouraged.
C-14 SECRET C-14
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200ip1(2T: CIA-R DP86B00269Rt211 6088O-0
OPERATIONAL CONTROL (TASKING)
Options DA1 and DA3 require the OIS' (or DO/IMS) to provide
tasking for all IH resources in their respective Directorates.
DA2 and DA4 require that the mission components assume tasking
responsibilities where appropriate.
The impact on DO users should be minimal in that IMS already
serves as the focal point for IH services in that Directorate.
The creation of a Directorate OIS would be preceded by the
establishment of a customer services component that would assist
the directorate user in any shift from central to directorate
oriented services. If no existing central services are subsumed
by the OIS (or IMS), the impact on the users should be
relatively insignificant. If central responsibilities (e.g., ADP)
are established by an OIS, the impact could be substantial if
non-standard (different from central) devices, languages,
procedures or standards are implemented by the OIS.
IMPLEMENTATION PHASING
Implementation of any of the options in this family would
probably adhere to the following phases:
1 - Creation of the DCI level staff architect
2 - Assumption of central functions (if any) by DO/IMS
3 - Creation of an OIS in NFAC
4 - Creation of an OIS in S&T
5 - Creation of an OIS in DDA which would retain any central
service functions not transferred to DO/IMS or a new
directorate OIS.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
C-15 SECRET C-15
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200?gd,?2l-CIA-RDP86BOO269RO02 3( ggaO9$~&
DD FAMILY OF OPTIONS
(DIRECTORATE INDEPENDENCE WITH DIRECTORATE LEVEL
PLANNING)
This family of options emphasizes IH self sufficiency for each of
the four Directorates. Each Directorate is responsible for its
own IH planning. There is no Agency level IH planning
capability. Each Directorate would consolidate all of its own IH
services into a single component; an Office of Information
Services (OIS). DO/IMS already represents this consolidated
component for the DO. Each OIS (or DO/IMS) could also
develop and maintain its own IH support services which it
currently receives from a central service oriented component.
(C 3d(3))
ORGANIZATIONAL IMPLICATIONS
DO/IMS remains unchanged. Each of the other three
Directorates would consolidate their IH services into a single
component (OIS) which would assume all IH planning and service
responsibilities for the Directorate. Each OIS (including
DO/IMS) has the option of assuming central support functions
currently being performed by another Directorate. For example,
the NFAC/OIS could budget for and operate its' own ADP center
if it chose to assume this responsibility from ODP.
PLANNING RESPONSIBILITIES
In all of the options of this family, the OIS' created in each of
the Directorates (or DO/IMS) would plan independently for their
own Directorate oriented information services. There is no
Agency-wide planning function. There is no Agency Architect.
CAREER MANAGEMENT
DO/IMS and the three OIS components assume career management
responsibility for all IH specialists in their own Directorate.
There is no Agency-wide career management.
BUDGET MANAGEMENT
Under options DD1 and DD2, the C)IS (or DO/IMS) budget for all
IH support provided to the respective Directorates. Option DD3
specifies that mission budgeting is to be encouraged.
OPERATIONAL CONTROL (TASKING)
Option DD1 requires the OIS (or DO/IMS) to provide tasking for
all IH resources in their respective Directorates. DD2 and DD3
require that the mission components assume tasking
responsibilities.
C-16 SECRET
Approved For Release 2006/11/22 : CIA-RDP86BOO269ROO1300060001-0
Approved For Release 20960FIET: CIA-RDP86B00269R@01,I1,@UO6
The impact on DO users should be minimal in that IMS already
serves as the focal point for IH services in that Directorate.
The creation of a Directorate OIS would be preceded by the
establishment of a customer services component that would assist
the directorate user in any shift from central to directorate
oriented services. If no existing central services are subsumed
by the OIS (or IMS), the impact on the users should be
relatively insignificant. If central responsibilities (e.g., ADP)
are established by an OIS, the impact could be substantial if
non-standard (different from central) devices, languages,
procedures or standards are implemented by the OIS.
Implementation of any of the options in this family would
probably adhere to the following phases:
1 - Assumption of central functions (if any) by DO/IMS
2 - Creation of an O I S in NFAC
3 - Creation of an OIS in S&T
4 - Creation of an OIS in DDA which would retain any central
service functions not transferred to DO/IMS or a new
directorate OIS.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
C-17 SECRET C-17
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200%/ 6/RitCIA-R DP86BOO269ROOL1j3Q S Oq} 1-0
CA FAMILY OF OPTIONS
(COMPONENT AUTONOMY)
All existing information services components are disestablished
and their functions assumed by existing office level and DO
division level components. Each component thus becomes
responsible for its own ADP support, its own communications,
acquisition of foreign publications in its own field of interest,
provides its own couriers, etc. Complete decentralization of IH
functions is the intent.
ORGANIZATIONAL IMPLICATIONS
Existing central information handling organizations, e.g.,
OC, ODP, OCR, IMS, are disestablished. Individual
Agency components, e.g., Office of Finance, Office of
Economic Research, each assume responsibility for providing
their own IH support. (C 3d(3))
PLANNING RESPONSIBILITIES
Individual Agency components plan for their own information
support. There is no directorate or agency level planning
activity.
Individual Agency components retain career management
responsibility for people already assigned to the component
and would assume additional responsibility for those central
IH personnel reassigned to their component.
BUDGET MANAGEMENT
Each component budgets for its own IH services.
OPERATIONAL CONTROL (TASKING)
Each component has operational control over its own
resources.
IMPACT ON USERS
The disestablishment of the central services would have a
severe impact on the current population of centrally
supported users. The possibility that their parent
component could replicate the eliminated central service
such that the change would be transparent or the quality
maintained is very unlikely. Of all the options considered,
this would have the most significant ramification on the way
C-18 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269ROO1300060001-0
Approved For Release 20
(t1 2 : CIA-RDP86B00269RCU13000600Q-0
users acquire IH services.
IMPLEMENTATION PHASING
Time period is indeterminate. Phasing would require:
1. Creation of a central planning and implementation
group.
2. Creation of planning groups in each Office or DO
Division level component.
3. Preparation of a phasing plan
4. Transfer of IH personnel to components, acquisition of
minicomputer and other hardware by individual
components, release of central leased hardware to
vendors, release of central, purchased hardware to
government surplus, all in compliance with the phasing
plan.
5. Disestablishment of planning group after reorganization
is complete.
ALL PORTIONS THIS SECTION UNCLASSIFIED EXCEPT
PARAGRAPHS OTHERWISE MARKED.
C-19 SECRET
Approved For Release 2006/11/22 : CIA-RDP86B00269R001300060001-0
Approved For Release 200' 1 y? CIA-R DP86B00269R09~3fRQ6096d0O
C.2 STRUCTURING THE DECISION
In addition to an awareness of what options are available to the
decision maker, there needs to be agreement on what criteria will be
used to select the desired option. A complex question such as
Agency management and organization of information services presents
a seemingly endless list of factors that might be significant in
evaluating options. Hence, establishin