REPORT FROM COMPUTER SECURITY SUBCOMMITTEE

Approved For Release 2008/05/30: CIA-RDP89B01354R000100120002-6 SECRET 13 December 1968 SUBJECT: Report from Computer Security Subcommittee 1. On 12/11/68 the undersigned was visited by Robert Allen, the Navy representative to the Computer Security Subcommittee of IBSEC who brought with him the paper prepared by the group headed by himself concerning the computer security problem areas. Mr. Allen indicated that he had coordinated the paper with the other members of his group, of DIA, Col. Burns of Air Force 25X1 and Mr. Brady of AEC. Mr. Allen advised that all had concurred in the memorandum as now prepared, but that he would not have the final comments of Mr. Brady as the latter had been out sick. 2. Mr. Allen in discussing the paper with the undersigned noted that the group had assigned topical headings and had arranged the problem areas by logical grouping under these headings. He indicated that although other topics might reasonably be utilized under the present grouping they had been able to include all of the enumerated problem areas. 3. Later on in the day Mr. Allen called the undersigned to note that he had received a call from Mr. Brady and he wished to add his comments to the paper and these were as follows: a. Add to the category Sanitization (tem 3 under Protection of Storage Media _an additional item entitled "Overwrites " Mr. Allen indicated he concurred in Mr. Brady1s comment that this was an approved method of sanitizing. SECRET Approved For Release 2008/05/30: CIA-RDP 98 B01354R000100120002-6  Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120002-6 SEGHET b. Choose another name for the item immediately -following #4, entitled "Computer Malfunctions. " Mr. Allen indicated that he agreed with Mr. Brady's comment that the subtopics thereunder labelled "Crosstalk" and "Dump" were not exactly malfunctions of the equipment in that the equipment was doing exactly what it had a capability of doing. Mr. Allen indicated that their use of the word "Malfunctions" originally had been a last choice and it was recognized by himself and others that some other word was preferable, but they could think of none that would fulfill this category. He suggested that perhaps Mr. Burns might come up with some other word. 4. Mr. Allen indicated that he would be on leave for the next three weeks and that he would miss the next Computer Security Sub- committee meeting if it were held as scheduled on the 17th of December. He stated that his alternate, Mr. Welch, would attend. He indicated during discussion with the undersigned as to the next step concerning the computer security problem areas that it would be his suggestion that the outline be reviewed with a view of eliminating certain topics or categories for which an adequate solution had been achieved by some member agencies. Next, he would suggest picking a manageable topic that the Subcommittee could focus a full scale review on and ultimately define some solution. Mr. Allen concluded his comments by indicating that it is perfectly agreeable with him that the attached paper be utilized or changed in any way that the Subcommittee might deem desirable or that Mr. Burns might wish to change. Special Assistant for Automatic Data Processing Executive Staff SECRET Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120002-6  Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120002-6 FOR OFFiCIAl.. iIc,F ONLY FOR O F F I C I I J L USE 0141Y r:OR OFF!C!AL USE ONLY Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120002-6  Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120002-6 DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS WASHINGTON, D.C. 20350 Op-92C2/dts Ser 4429P92 10 December 1968 FOR OFFICIAL USE ONLY MEMORANDUM FOR THE CHAIRMAN, COMPUTER SECURITY SUBCOMMITTEE OF THE UNITED STATES INTELLIGENCE BOARD SECURITY COMMITTEE Subj: Computer Security Problem Areas Encl: (1) Outline of Computer Security Problem Areas 1. Enclosure (1) is forwarded for consideration by the Computer Security Subcommittee. 2. LTCOL Charles Burns (USAF), (DIA) and Mr. Raymond Brady (AEC) have concurred in this draft. Very respectfully, ROBERT C. ALLEN Navy Member Computer Security Subcommittee Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120002-6 STAT  Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120002-6 FOR OFF!C! "Ao U' FOR OFFICIAL USE ONLY COMPUTER SECURITY PROBLEM AREAS A. Computer Operations 1. Access control a. Users and terminals (1) Authentication/identification (a) Clearance Access at level lower than system. (b) Need to know. (c) Privilege to modify a data base. (2) Receipting. b. Visitors. c. Customer engineering services. (1) Clearance requirements (2) Sanitizing procedures (3) Escort requirements. 2. Classification of information. a. Determination of classification and any special handling requirements. (1) Information derived from multilevel systems. (2) Paragraph classification. b. Automatic downgrading and declassification. c. Marking FOR OFFICIAL W3F ONLY Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120002-6  Approved For Release 2008/05/30: CIA-RDP89B01354R000100120002-6 FOR OFFICIAL USE ONLY 3. Physical security. a. Computer complex (1) Working hours (2) Non-working hours b. Remote terminals c. Overseas locations d. Contractor facilities 4. Computer malfunctions. a. Cross-talk b. Dump or spillage (1) By accident (2) By design B. Protection of storage media - tapes, drums, discs, disc packs, punched cards, magnetic cards and internal memory cells. 1. Classification marking. a. b. c. Processing media Container Color coding 2. Physical security. a. When stowed b. During transmission Approved For Release 2008/05/30: CIA-RDP89B01354R000100120002-6  Approved For Release 2008/05/30: CIA-RDP89B01354R000100120002-6 3. Sanitization. a. b. c. Degaussing Refurbishing Verification 4. Destruction. C. Communications security. 1. Computer complex. a. TEMPEST characteristics of equipment b. Technical surveillance (1) Listening devices (2) Telephones 2. On-line portion of system. a. Leased lines b. Line taps c. Encryption devices Approved For Release 2008/05/30: CIA-RDP89B01354R000100120002-6