COMPUTER SECURITY SUBCOMMITTEE OF THE UNITED STATES INTELLIGENCE BOARD SECURITY COMMITTEE

Declassified in Part - Sanitized Copy Approved for Release 2013/08/09 : CIA-RDP89B01354R000400556016-1 - IBSEC-CSS-M-12 16 September 1969 COMPUTER SECURITY SUBCOMMITTEE OF THE UNITED STATES INTELLIGENCE BOARD SECURITY COMMITTEE Minutes of Meeting Held at CIA Headquarters Langley, Virginia 16 September 1969 1. The 12th meeting of the Computer Security Subcommittee of the USIB Security Committee was held on 16 September 1969 between 1330 and 1530 hours in Room 4E-64, CIA Headquarters Building. In attendance were: Mr. Donald R. Roderick, FBI Member Mr. Richard F. Kitterman, State Member Mr. William S. Donaldson USAF Member Mr. Robert B. Cameron, Navy Member Mr. Conrad S. Banner, FBI Alternate Group 1 Excluded from automatic downgrading and declas sification STAT STAT Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550016-1 Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550016-1 S-E-C-R-E-T Dr. Alexander T. Chadakowski, State Alternate Lt. Col. William D. Marsland, Jr., JCS/JCCRG, Observer 2. The security level of the meeting was announced as Top Secret. 3. Approval of Minutes: The minutes of the 17 June 1969 meeting were approved without amendment. 4. Computer Security Course Briefing: A large part of the meeting was dedicated to a briefing, followed by a question and answer session, concerning the pilot computer security course for inspectors of the Defense Supply Agency (DSA) at the Depart- ment of Defense Computer Institute (DODCI) from 7 July to 11 July 1969. The briefing was presented by the DIA member of the Computer Security Subcommittee. 5. began the briefing by providing background information as to why DSA needed such a course. He then briefly described the actions which were taken and the decisions which were made that led to the development of the pilot computer security course by DODCI. 6. The course was split into two distinct parts. The first phase, which lasted two days, was intended to provide the students with a knowledge of basic computer operations. The second phase, also two days in duration, attempted to demonstrate an awareness of the problem areas in trying to make a computer system secure. 7. The Chairman concluded the discussion on the DODCI computer security course by asking all members of the Computer Security SubcomMittee to make recommendations at the next meeting -2- S-E-C-R-E-T STAT STAT STAT STAT STAT Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550016-1 Declassified in Part - Sanitized Copy Approved for Release 2013/08/09 : CIA-RDP89B01354R000400550016-1 S-E-C-R-E-T as to their support of either the DODCI Course or any alternative course. In addition, the Chairman indicated that the next meeting will include a general discussion as to what type of course would be best suited to the needs of the intelligence community and how such a course might best be administered. 8. Degaussing of Storage Media - The next issue for dis- cussion related to the retrievability of data contained on all types of storage media. It was decided that a formal report should be produced for the USIB which would identify the factors involved in the problem and provide general guidelines in seeking appro- priate solutions. A task team was formed to study and prepare a draft report on the problem of degaussing storage media in general. The task force was composed of the NSA, DIA and CIA members of the Computer Security Subcommittee, with the NSA member acting as chairman. 9. Multilevel operations - A discussion of multilevel opera- tions then ensued with the Chairman asking all members to consider the following three points: a. If methods were developed which would provide a measured amount of security against spillage of infor- mation, would all the interested agencies accept these methods? b. What are the key security protect features being utilized by the individual agencies within their com- puter systems? c. What is considered an acceptable risk in multi- level operations in regards to both the accidental spillage of information and a deliberate penetration? -3- S-E-C-R-E-T Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550016-1 Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550016-1 S-E-C-R-E-T 10. A discussion of the first point reflected general agree- ment that multilevel security operations could be implemented, at least within limited parameters, if a measured degree of security were found in overall system operation. The degree of security achieved would have to be commensurate with the risk involved. 11. In reference to the second point, the Chairman asked that each member provide a list and description of key security pro- tect features now operating in the computer systems of the agencies involved. It was emphasized that the purpose of this exercise is to allow all member agencies to benefit from the total information, and not to evaluate the protect features of each system. 12. As regards the question of what is considered an accept- able risk in multilevel operations, a task team was formed to study the problem and submit a report at a future date. The task team will be composed of the DIA, AEC and Air Force members of the Computer Security Subcommittee with the DIA member acting as chairman. 13. Other Business: a) The Chairman announced that on 18 September 1969, a panel discussion on computer security would be held during the annual seminar of the American Society of Industrial Society, Washington-Hilton Hotel, Washington, D. C. b) It was also announced that a series of lectures are being held at the Johns Hopkins School of Advanced International Studies on "Computers, Communications and the Public Interest." The lectures are scheduled for the second Thursday of each month from now until April 1970. -4- S-E-C-R-E-T Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550016-1 Declassified in Part - Sanitized Copy Approved for Release 2013/08/09 : CIA-RDP89B01354R000400550016-1 S;E-C-R-E-T co) c) The Chairman advised that the Defense Science Board Task Force's final draft report on computer security was distributed to task force members in July 1969, and may be published by the end of the year. The Chairman noted that for the present time, members of the Defense Science Board were advised not to disseminate the report outside the task force, but he hoped to discuss the report with the Computer Security Subcommittee as soon as this restriction is lifted. 14. The next meeting of the Subcommittee was scheduled for 1330 hours on 7 October 1969. Chairman Computer Security Subcommittee -5- S-E-C-R-E-T STAT Declassified in Part - Sanitized Copy Approved for Release 2013/08/09: CIA-RDP89B01354R000400550016-1