COMPUTER SECURITY: CORRECTION OF INR IHS VULNERABILITIES

Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1 SHeRST/NOFORN MEMORANDUM United States Department of State Washington, D. C. 20520 September 18, 1985 TO: Vice Admiral E. A. Burkhalter, Jr. Director Intelligence Community Staff SUBJECT: Computer Security: Correction of INR IHS Vulnerabilities REFERENCE: Your Memo DCI/ICS 85-4092 In response your memorandum which notified us of your much appreciated decision to transfer $250,000 to the Department as the basis for immediate action to correct the potential security problems of the INR Information Handling System (IHS), a series of staff level meetings, within the Department and with community participation, have been held. The goal of these meetings was to identify the most expeditious and prudent means of severing the connection between the INR DEC PDP 11/70 system and the Department's classified collateral IBM 3083 system. We were guided in this effort, in part, by a study of the problem prepared by J.G. Van Dyke Associates, Inc. which has been provided to your staff. At a meeting, held September 12 with representatives of your staff, CIA and NSA, certain specific vulnerability issues were addressed: The issues discussed were: Such material does not enter the INR retrievel system and, therefore, could not be compromised in this fashion. B. The possibility of compromise in processing of National Security Agency Special Compartmented Intelligence messages for profiling purposes: Previously, a limited amount of SIGINT message externals, i.e., the DTG, the serial reference number (SRN) precedence, compartment, classification, location in the INR system and the TAGS lines( not text material could have been available in thejsystem on a temporary and r~on_ SrI EVNOFORN DECL: OADR Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1  Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1 SECRET/NOFORN random basis. To clear up this situation, it was agreed that INR would make immediate software changes so that nothing but TAGS lines, SRN, and location would be entered in the system. These changes have been accomplished. C. The possiblity of "spillage" of NSA SCI material from the e.~ itself is "hardware independent", that is, the software 't~ ~- that is being written will run on our current 11/70 INR system to the State Department's collateral system and what action should be taken ?o prevent it: Because another community system based on DEC PDP 11/70 architecture with a configuration similar to that of INR IHS had "spillages", there is concern about the continued operation of the INR IHS in its present mode. We have developed a plan for an expeditious severing of the link between the INR IHS and the Department's IBM system. Though some new hardware is involved, the severance plan hardware. Though the Department's official position on the timing of the disconnect project remains as outlined ersonnel familiar with tud INR staff i th p e n , " -- -- systems involve believe that the disconnect can be lip accomplished in approximately three months. A more detailed discussion of the disconnect plan and the utilization of the $250,000 is provided below. A separate V l,rvr technical working paper and copies of procurement documents are provided as attachments. The end result, as you know, will be to cut the connection between the INR and Department computers. The programming team, as defined in the original plan that was studied by Van Dyke, included INR employee Jim Walker, Don Hall, currently under contract to INR, and Mike Moore of DEC, who will be the Project Leader. In order to speed __theproject 1 it will be enhanced by adding Barry Norman and one other programme , both from DEC. The proposed team's familiarity with what needs to be done and awareness of the system design are essential elements underlying the timing of the disconnect. If we can't get the personnel (particularly Mike Moore of DEC,), it will put a crimp in our efforts to speed up the disconnect. If DEC gives us another SECRET/NOFORN Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1  Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1 SECRET/NOFORN capable programmer, we could still get the job done by the original target date of April 1, but his presence on the project, in the view of technical people, is essential to the speed to which I am committed. In these circumstances, any limitaion on electrical distribution would be counterproductive; the loss of timely intelligence to the Department of Stafe would far outweigh what is, after all, a theoretical risk of spillage. ------------------------------- Thank you very much for your personal support and that of your staff. Z' Fra /~1? eil Pr ry~ipal Deputy Assistant ecretary ' ureau of Intelligence and Research SECRET/NOFORN Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1  Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1 Drafter: INR/EX:PDGutensohn X22084 Clearances: INR/EX - RAMacCal INR/IS - VJFaz} A/ISO - DOMount A/ISS - FLMcNulty j Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1  Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1 TECHNICAL STAFF PAPER A brief explanation of our disconnect game plan is as follows: The functionality of commands available for the analyst to interact with his workfile will be minimized to three commands in the initial profiling package, thus cutting the time to disconnect. Full capability will be restored after the initial task is completed. It has been determined that a task being developed earlier for a reformatting capability can be modified to provide one half of the functionality of the profiling task P0. This should provide a time saving. The RCV task will not be changed until after the disconnect. The filtering capability necessary for future full use will occur after the disconnect. The TAG records that are being transmitted to the IBM machine have been reduced to contain only the necessary information; SRN, TAGS, and starting and ending UBV. A display of each TAG record as developed by the text analyzers is being r-~U printed for each message to provide an audit capability. This d il h i i l ure unt ere s no ona proce t will continue as an operat linkage with the IBM equipment. The Project Leader, Mike Moore, has planned the development effort and made the following division of labor: -- Moore will complete the SYS-GEN of the new operating system. Following the generation of the operating system, he will modify the device drivers that are peculiar to this site. The DV II driver will be modified and the now peculiar XL driver will be normalized. Project direction and technical choices for other tasks will be done by Mike to give priority to the object of disconnecting from the IBM. -- Dan Hall will modify the test analyzer to create TAG to TAG ID number correspondence. The conversion of the reformatting task TC to handle the profile to TAG packet juxapositioning will be developed in this task. -- The creation of the work files file will be done by Barry Norman to create the limited treatment of three commands intially, and full capability later. Barry will also modify the task AS to route the commands to the appropriate module. -- Jim Walker will develop the method to insert profiles into the system manually by the programming staff initially and through the use interfact in the final capability. Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1  Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1 -- The fifth programmer will develop the roll over mechanism which will provide the New Day files and rename the Past Days Files to allow the user's file to have a current day and five previous days records of hits against his profiles. Digital Equipment Corporation salesman, Tony Byrd has rushed the order of VT200 CRT displays which will also aid in the development effort. Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1  i UJ~LSan== Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1 DIGITAL EQUIPMENT CORPORATION U.S. DEPT OF STATE WASHINGTON, D.C. ATTN: DONALD HALL PRO 380 HARDWARE LINE# QTY PART# 1 2 RF-PCXXF-AA 2 2 RF-VR201-A 3 2 RF-PC3K1-AA 4 2 PC-380-AA 5 2 MSC11-B 6 2 RCD52-A 7 2 PC3XC-BA 8 2 BC18A-50 11 2 QBA02-H3 12 1 QBA14-A3 13 1 QBA71-A3 DESCRIPTION DISC MAINT EMI FLOORSTAND NON-GSA FOR 300 SERIES F/S BLACK AND WHITE NON-GSA EMI MONITOR 13 EMI KEYBOARD WITH NON-GSA COUNTRY KIT 7 PRO 380 SYSTEM UNIT WITH 512K BYTES MEMORY & DUAL DRIVE FLOPPIES 18% F/S 512K BYTES MEMORY 18% F/S 33MB WINCHESTER 18% 26 QUAD SERIAL LINE NON-GSA 7 HOST COMMUNICATIONS CABLES 4% N/A UNIT TOTAL PR ICE PRICE 2,325. 4,650. 1,200. 2,400. 445. 890. 6,025. 9,881. 1,595. 2,615.80 3,995. 6,551.80 495. 990.00 490. 940.80 PRO 380 SOFTWARE NET TOTAL $28,919.40 PROFESSIONAL 380 OP ERATING SYSTEM 4% N/A 300. 576. PRO/TOOL KIT 18% N/A 520. 426.40 PRO/RDT V1.0 18% N/A 495. 405.90 EXPORT OF THESE PRODUCTS REQUIRES PRIOR WRITTEN AUTHORIZATION FROM THE U.S. DEPARTMENT OF COMMERCE. Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1  0 Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1 a DIGITAL EQUIPMENT CORPORATION 14 1 QBA05-A3 PRO COMMUNICATIONS 18% N/A 15 1 QBA64-A3 PRO/OFFICE WORK- STATION 18% 25 950. 779.00 16 1 QA176-C3 PRO PRISM 18% N/A 595. 487.90 17 1 QBA43-A3 PRO DATATRIEVE 18% N/A 495. 405.90 NET TOTAL $2,665.00 EXPORT OF THESE PRODUCTS REQUIRES PRIOR WRITTEN AUTHORIZATION FROM THE U.S. DEPARTMENT OF COMMERCE. Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89BO1354R000100170039-1 ---  w i g= t d Copy Approved for Release 2011/03/03: CIA-RDP89BO1354R000100170039-1 DIGITAL EQUIPMENT CORPORATION U.S. DEPT OF STATE 2201 C ST NW WASHINGTON, D.C. FROM: ANTHONY T. BYRD 8301 PROFESSIONAL PL ATTN: DONALD HALL/INR LANDOVER, MD. 20785 INR 11/84 HARDWARE LINE# QTY PART# DESCRIPTION DISC MAINT UNIT PRICE TOTAL PRICE 1 2 RUA60-DA 205MB RACK MOUNT 18% 131 24,000. 39,360. 2 4 DISK DRIVE IN AN H9642 CABINET WITH UDA50 CTRL RA81-AA 456MB DISK DRIVE 18% 113 19,000. 62,320. 3 1 RACK MOUNT DZ11-M 8 LINE EIA MUX 18% 39 1,560. 1,279.20 4 1 CK-DZ11-CK DZ11 CABINET KIT 18% N/A 615. 504.30 5 3 VT220-A ALPHANUMERIC TERMINAL 27% 7 1,180. 2,584.20 6 3 VT22K-AA VT220 KEYBOARD 27% 4 215. 470.85 7 3 BC22D-25 NULL MODEM CABLES N/A N/A 48. 144.00 8 2 BC26V-12 RA DRIVE CABLES 4% N/A 360. 691.20 9 1 QR500-UZ RSX11MPLUS LIC 18% 74 3,000. 2,460.00 10 1 QJ071-UZ PRO HOST TOOL KIT 18% 85 800 656.00 11 1 QJ071-AM PRO HOST TOOL KIT N/A N/A 600. 600.00 INSTALLATION RUA60 .$1320. RA81 $3200. DZ11 $ 323. NET TOTAL $110,413.35 Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89BO1354R000100170039-1  Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89BO1354R000100170039-1 _NER SOFTWARE RESIDENT SUPPORT cc) pc,- K ?S 12 QS740-SZ SOFTWARE ENGINEER N/A - =A $42,720. 13 QS840-SZ 1 t10- F'F f S SOFTWARE ENGINEER N/A gS.ov pm t41L KEW 55,200. PROJECT LEADER #S TOTAL $97,920.00 THE ABOVE OPTIONS ARE QUOTED AGAINST GSA SCHEDULE GSOOK8501S5933 WITH THE EXCEPTIONS OF LINE ITEMS NUBMER 7 , 12 , AND 13. THESE ITEMS ARE QUOTED OPEN MARKET WITH GSA TERMS AND CONDITIONS. ANTHONY BYRD DIGITAL EQUIPMENT CORPORATION ? P C -y u. ` is ~_ , c DD 3 ~'~`" i )I L 0L4 ca J ~.-~,~? ~ ~ u ~ ' I- 5 );) Q Sanitized Copy Approved for Release 2011/03/03: CIA-RDP89B01354R000100170039-1