COMPARISON OF PROPOSED NSDO WITH PD-24

Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8 CONFIDENTIAL COMPARISON OF PROPOSED NSDD WITH PD-24 NSDD General PD-24 General 2c, 6b 2c,d CHANGE CONSEQUENCES Expands scope to include all automated systems including word processors. Expands security miss ion to include 'information affecting privacy of U.S. persons. Adds provision for the Government to formulate strategies and measures for providing protection for "systems which handle nongovernment informa- tion the loss of which could adversely affect the national interest or the rights of U.S. persons...." Explicit responsibilities and mechanisms to implement this policy are not pro- vided but must devolve on the DIRNSA. Raises questions of feasibility of managing consolidated effort. Raises questions of Executive Agent's and National Manager's suitability to represent entire Government's privacy interests. The propriety of this goal, and its pursuit by a military agency, are legal issues which should-be explored by the Attorney General. Replaces PD-24-based National Commu- The breadth of issues covered raises nications Security Committee with a questions of who should be represented Steering Group and National Telecom- on these groups, and what other organi- munications and Information Systems zations are affected. Security Committee (NTISSC). OSD REVIEW COMPLETED NSA review completed NSC review completed CONFIDENTIAL Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8  Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8 CONFIDENTIAL NSDD 3c 3d 4b (3) PD-24 no ref. 4g no ref . COMPARISON OF PROPOSED NSDD WITH PD-24 Page 2 CHANGE Empowers Steering Group to approve "consolidated resources program and budget proposals" for national telecommunications and information systems security. Centralizes review of systems' security status by the Steering Group. NTISSC to "administer matters per- taining to the release of sensitive security information, techniques and materials to foreign governments or international organizations (except in intelligence operations managed by the Director, Central Intelligence Agency)." Makes SecDef Executive Agent for Auto- mated Systems Security as well as for Telecommunications Security. Expands his executive agent role to cover all electronic information, not just "national security" information as before. CONSEQUENCES Restructures budget review process for these areas, with significant impact on DCI role for NFIP and on department and agency head authorities to set priorities. Implies migration of accreditation approval responsibilities from depart- ments and agencies to the Steering Group, which would be separated from the environment to be accredited. 4c CONFIDENTIAL Supersedes the DCI's E.O. 12333 authori- ties to prescribe policies for and coordinate foreign intelligence relation- ships (except for DDO operations). Considering the rapid expansion of word processing, makes SecDef Executive Agent for all Government information processing. Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8  NSDD 5f 5g 6a, e PD-24 4d no ref. no ref. no ref . no ref. Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8 COMPARISON OF PROPOSED NSDD WITH PD-24 Page 3 CHANGE r Secretary of Commerce out as Execu- tive Agent for unclassified, non- national security information, and for commercial and private sector information. Empowers SecDef to "procure for and provide to government agencies, and where appropriate, to private institu- tions (including Government contractors) and foreign governments, equipment and other materials." Empowers SecDef to develop and submit a National Telecommunications and Information Systems Security Program budget, "including funds for the pro- curement and provision of equipment and materials" Government (and contractor) wide. The DIRNSA would be responsible for carrying out the foregoing responsi- bilities of the Secretary of Defense as Executive Agent. Empowers DIRNSA to "empirically examine Government telecommunications and automated information systems and evaluate their vulnerability to hostile interceptions and exploitation." CONSEQUENCES Severely curtails Bureau of Standards role and functions. Raises question of legal propriety of military respon- sibIlity for this area. GSA, and department and agency heads with delegated authority, would lose the right to procure computers and word processors. Centralized procurement would make it very difficult to meet schedule and individual agency require- ments. Seriously affects the budget cycle, department and agency head administra- tive prerogatives, and DCI role in NFIP. Raises questions of feasibility of dis- charging this responsibility. All previously itemized SecDef respon- sibilities may be delegated to DIRNSA. Shifts security accreditation responsi- bility for all Government and contractor telecommunications and information systems to DIRNSA. CONFIDENTIAL Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8  Approved For Release 2007/11/01: CIA-RDP87BOl034R000700070004-8 CONFIDENTIAL 6b, e 6b,10a 6b 6b PD-24 no ref. 4g no ref . COMPARISON OF PROPOSED NSDD WITH PD-24 Page 4 CHANGE Empowers DIRNSA to develop and approve "all standards, techniques, systems and equipment" "related to cryptog- raphy, communications security and trusted computer and automated infor- mation systems." Empowers DIRNSA to perform all Government-sponsored R&D for telecom- munications and information systems Removes PD-24 authority of heads of Federal departments and agencies to organize and conduct their commu- nications security and emanations security activities as they see fit, and vests this responsibility with the DIRNSA. Empowers DIRNSA to conduct liaison with foreign governments and inter- national organizations. CONSEQUENCES Entire Government must use DIRNSA spe- cified standards, techniques, systems and equipment. Eliminates such roles for CIA (ISSG and ORD), DOE (LLL, etc.), Bureau of Standards, GSA and others. In CIA, for example, removes OC COMSEC and OS ISSG missions. Impacts formal and informal roles of DCI, State Department and Commerce Department in many relationships. no ref . Empowers DIRNSA to conduct all security-related liaison with private institutions. Removes Bureau of Standards role with American National Standards Institute, Question of legal propriety arises again. Precludes any other agencies from working or contracting in those areas. Could impact private sector research into security methods. 6c Empowers DIRNSA to operate no ref. industrial facilities to provide "cryptographic and other sensitive security materials or services." CONFIDENTIAL Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8  Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8 CONFIDENTIAL NSDD PD-24 COMPARISON OF PROPOSED NSDD WITH PD-24 Page 5 CHANGE 6d no ref. Empowers DIRNSA to assess and dis- seminate information on hostile threats to telecommunications and automated information systems. 6g,10b no ref. Requires department and agency heads to provide DIRNSA all information "he may need to discharge the responsi- bilities assigned...." 7 no ref. Requires DCI to provide DIRNSA with "unique handling requirements associ- ated with the protection of sensitive compartmented intelligence." CONSEQUENCES Removes analysis missions from CIA and DIA, such as technology transfer and Soviet technology. DIRNSA specifies what he wants; others have to provide. DIRNSA free to accept, modify or reject requirements. Does not accurately recog- the DCI's statutory responsibilities and authorities. CONFIDENTIAL Approved For Release 2007/11/01: CIA-RDP87BO1034R000700070004-8