LETTER TO WILLIAM J. CASEY FROM JOHN BROOKS

Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9 Office of Legislative Liaison Routing Slip 1. D/OLL 4. Liaison 5. Legislate Date Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9  Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9 EXECUTIVE SECRVTAfIAT ROUTING SLIP TO: ACTION INFO DATE INITIAL 1 DCI 2 DDCI X 3 EXDIR X 4 D/ICS x 5 DDI 6 DDA 7 DDO x 8 DDS&T 9 Chm/NIC 10 GC 11 IG 12 Compt 13 D/Pers D/OLL x 15 D/PAO 16 SA/IA 17 AO/DCI 18 C/IPD/OIS 19 C/SECOM x 20 D /01T X 21 122-1 1 SUSPENSE 18 Jul 85 Dote Please Prepare response for DCI signature. Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9  Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MOl 152RO01001290014-9 MAJORITY MEMBERS JACK BROOKS, TEXAS, CHAIRMAN DON FUQUA, FLORIDA JOHN CONYERS, JR., MICHIGAN CARDISS COLLINS, ILLINOIS GLENN ENGLISH, OKLAHOMA HENRY A. WAXMAN, CALIFORNIA TED WEISS, NEW YORK MIKE SYNAR, OKLAHOMA STEPHEN L. NEAL, NORTH CAROLINA DOUG BARNARD, JR., GEORGIA BARNEY FRANK, MASSACHUSETTS TOM LANTOS, CALIFORNIA ROBERT E. WISE JR., WEST VIRGINIA BARBARA BOXER, CALIFORNIA SANDER M. LEVIN, MICHIGAN MAJOR H. OWENS, NEW YORK EDOLPHUS TOWNS, NEW YORK JOHN M. SPRATT, JR., SOUTH CAROLINA JOE KOLTER, PENNSYLVANIA BEN ERDREICH, ALABAMA GERALD D. KLECZKA, WISCONSIN ALBERT G. BUSTAMANTE, TEXAS MATTHEW G. MARTINEZ, CALIFORNIA MINORITY MEMBERS FRANK HORTON, NEW YORK THOMAS N. KINDNESS. OHIO ROBERT S. WALKER, PENNSYLVANIA WILLIAM F. CLINGER, JR., PENNSYLVANIA ALFRED A (AL) MCCANDLESS, CALIFORNIA LARRY E. CRAIG, IDAHO HOWARD C. NIELSON, UTAH JIM SAXTON, NEW JERSEY PATRICK L. SWINDALL, GEORGIA THOMAS D. (TOM) DELAY, TEXAS DAVID S. MONSON, UTAH JOSEPH J. DIOGUARDI, NEW YORK JOHN G. ROWLAND, CONNECTICUT RICHARD K. ARMEY, TEXAS JIM LIGHTFOOT, IOWA JOHN R. MILLER, WASHINGTON 1Congrea of the Vniteb tateo Moue of Atepregentatibem; COMMITTEE ON GOVERNMENT OPERATIONS 2157 RAYBURN HOUSE OFFICE BUILDING WASHINGTON, DC 20515 July 5, 1985 Honorable William J. Casey Di rector Central Intelligence Agency Washington, DC 20505 The committee herewith submits to you the enclosed bill, H.R. ...... ........................., upon which the committee would appreciate a prompt reportg together with such comment as you may desire to make. Will you kindly transmit your reply in triplicate. Respectfully, Chairman, Enclosure. 11 MAJORITY-225-5051 MINORITY-225-5074 Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MOl 152RO01001290014-9  Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9 99TH CONGRESS 1ST SESSION Ho .2889 To amend the Act establishing the National Bureau of Standards to provide for a computer security research program within such Bureau, and to provide for the training of Federal employees who are involved in the management, operation, and use of automated information processing systems. IN THE HOUSE OF REPRESENTATIVES JUNE 27, 1985 Mr. GLICKMAN (for himself, Mr. FUQUA, Mr. BROOKS, Mr. BROWN of California, Mr. WIRTH, Mr. WALGREN, Mr. NELSON of Florida, Mr. WYDEN, Mr. HUGHES, Mr. LEWIS of Florida, and Mr. HORTON) introduced the following bill; which was referred jointly to the Committees on Science and Technolo- gy and Government Operations A BILL To amend the Act establishing the National Bureau of Stand- ards to provide for a computer security research program within such Bureau, and to provide for the training of Federal employees who are involved in the management, operation, and use of automated information processing systems. 1 Be it enacted by the Senate and House of Representa- 2 tives of the United States of America in Congress assembled, 3 SECTION 1. SHORT TITLE. 4 This Act may be cited as the "Computer Security 5 Research and Training Act of 1985". Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9  Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9 1 SEC. 2. FINDINGS. 2 The Congress finds that- 3 (1) in recent years the Federal Government has 4 become highly dependent on automated information 5 processing systems for carrying out many of its 6 missions; 7 (2) the Government operates about 20,000 8 medium- and large-scale mainframe computers, and by 9 the end of this decade it will also have approximately 10 half a million micro- and mini-computers; 11 (3) the information stored in Government comput- 12 ers and transmitted over the various communications 13 networks that connect them represent valued property 14 that is vulnerable to unauthorized access and disclo- 15 sure, fraudulent manipulation, and disruption; 16 (4) studies of computer-related fraud and abuse in 17 'Government agencies indicate a costly and widespread 18 problem of significant proportions; 19 (5) Government efforts to address the problems of 20 computer security have focused on developing hard- 21 ware and software systems to protect sensitive infor- 22 mation, ensuring that new computer systems are de- 23 signed to include security provisions, and requiring 24 agencies to implement security procedures; and 25 (6) these efforts must be supplemented if the prob- 26 lems are to be solved, since the weak link in protecting *HR 2889 1H Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9  Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9 3 1 the information stored, processed, and transmitted by 2 Government computers remains the people who 3 manage, use, and operate them. 4 SEC. 3. ESTABLISHMENT OF COMPUTER SECURITY RESEARCH 5 PROGRAM. 6 The Act of March 3, 1901 (15 U.S.C. 271-278h), is 7 amended by redesignating section 18 as section 19, and by 8 inserting after section 17 the following new section: 9 "SEC. 18. (a) The National Bureau of Standards shall 10 establish and conduct a computer security research program 11 to address the problems of computer security in the Federal 12 Government, with primary emphasis upon the prevention of 13 computer-related fraud and abuse through the training of em- 14 ployees in computer security awareness and good security 15 practice. 16 "(b) The program shall- 17 "(1) perform research and conduct studies to de- 18 termine the nature and extent of computer security 19 vulnerability in Federal agencies and their contractors; 20 "(2) devise administrative, management, and tech- 21 nical procedures and practices designed to protect the 22 information stored, processed, and transmitted by 23 Government computers; and 24 "(3) develop guidelines for use by Federal agen- 25 cies in training their employees, and the employees of Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152R001001290014-9  Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9 4 1 their contractors and of other organizations whose 2 computers interface with Government computers, in 3 computer security awareness and good security 4 practice.". 5 SEC. 4. TRAINING BY FEDERAL AGENCIES IN COMPUTER 6 SECURITY. 7 (a) IN GENERAL.-Each Federal agency shall provide 8 mandatory periodic training in computer security, under the 9 guidelines developed pursuant to section 18(b)(3) of the Act 10 of March 3, 1901 (as added by section 3 of this Act), and in 11 accordance with the regulations issued under subsection (c) of 12 this section, for all of its employees who are involved with 13 the management, use, or operation of computers or other 14 automated information systems and for all of the employees 15 and other personnel of its contractors who are involved with 16 the management, use, or operation of computers which inter- 17 face with Government computers. 18 (b) TRAINING OBJECTIVES.-Training under this sec- 19 tion shall begin within 60 days after the issuance of the regu- 20 lations described in subsection (c), and shall be designed- 21 (1) to enhance employees' awareness of the 22 threats to and vulnerability of computer and communi- 23 cations systems; and 24 (2) to encourage the use of improved computer 25 security practices at Government facilities. Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9  Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9 5 1 (C) REGULATIONS.-Within six months after the date of 2 the enactment of this Act, the Director of the Office of Per- 3 sonnel Management shall issue regulations prescribing in 4 detail the procedures and scope of the training to be provided 5 by Federal agencies under subsection (a) and the manner in 6 which such training is to be carried out. 7 SEC. 5. AUTHORIZATION OF APPROPRIATIONS. 8 There are hereby authorized to be appropriated to the 9 National Bureau of Standards for the fiscal year 1987, to 10 carry out the computer security research program under sec- 11 tion 18 of the Act of March 3, 1901 (as added by section 3 of 12 this Act), such sums as may be necessary. 0 Sanitized Copy Approved for Release 2010/06/29: CIA-RDP87MO1152RO01001290014-9