JEREMIAH PANEL
Defining the Future of the NRO for the 21st Century
Report to the Director, National Reconnaissance Office
26 AUGUST 1996


IX. SECURITY

1. INTRODUCTION

(U) The Security Working Group conducted a high-level review of NRO security with the aim of determining whether major security policies and business practices appear suitable for the NRO mission in the 21st Century. Many of the important issues identified by the Working Group were covered by the recently completed Joint CIA-DoD inspection of the NRO.

(U) This report discusses five issues identified by the Working Group. The membership of the Security Working Group is listed in Appendix IX-1

(U) One of the first and most obvious trends the Working Group detected in NRO security was that security policies and practices within the NRO have undergone significant change in the last five years. As a result there have been cost savings and more reasonable implementation of policies within the organization. Several sources outside the NRO would rate NRO security the most effective in the Intelligence Community. The NRO, and in particular the NRO Security Office, deserve much credit for taking the initiative and implementing fundamental change in long-standing policies and practices. At the same time these changes have only whet the appetites of customers for more relaxation of security rules to accommodate the changing needs of users--for example, the intelligence needs of US military forces working closely with coalition partners. NRO management must now be prepared to revise policies that drive the current set of security rules.

2. METHODOLOGY

(U) The Working Group received briefings, conducted interviews, reviewed earlier studies, and conducted three surveys to gather as much information as possible within the time allocated for this study. Appendix IX-2 contains a complete list of sources of information. Appendix IX-3 highlights the significant security findings of previous studies. Appendix IX-4 contains a list of major security accomplishments. Appendix IX-5 highlights results of the corporate survey. Other supporting data for much of the discussion in this report are in classified annexes held by NRO Security.

3. SUMMARY FINDINGS AND RECOMMENDATIONS

(U) The Security Working Group identified five issues needing attention, if the high quality of NRO security support is to be maintained. The issues are:

(1) the NRO security system

(2) the NRO-corporate relationship

(3) support to military operations

(4) computer security

(5) the organization of security inside the NRO.

(U) Our principal recommendation--revising the current NRO security system--will have direct impact on two other recommendations; one calling for removing the "fact of" a corporate relationship with NRO from its security compartment and another calling for improved support to the warfighter. Because accomplishment of the NRO mission depends on secure information handling systems, a robust computer security program is essential. We recommend the NRO develop one. Lastly, inconsistent NRO security practices among several NRO organizations warrant senior management attention.

4. SPECIFIC FINDINGS AND RECOMMENDATIONS

Issue 1: (U) Is the NRO security system being used to excess, costly, archaic, and losing its effectiveness?

Findings: (U) Fundamental to NRO security is its security system. The recent IG report stated that there were "numerous examples of over classification and use" of the compartment.

(U) The Working Group did not review classification practices in the NRO, but anecdotal information we received is consistent with the conclusion of the IG report. We were told that the NRO security system is often used as the excuse to bypass or mitigate established procedures and controls.

(U) There have been several attempts in the past to scrub the NRO security system and reduce its scope and the amount of information in it; and there is clear evidence of considerable success in doing so. Nevertheless, the practice of using the NRO security system as something more than a security compartment still exists within the NRO. There is also a perception by many outside the NRO that it uses its security system selectively and arbitrarily to restrict what is seen as legitimate access to NRO information.

(U) [Word Deleted] Security is currently conducting another review the [Word Deleted] security system. After considering the costs and benefits of moving to an entirely new system vice a substantially revised [Word Deleted] system, the Panel thought revising the BYEMAN security system would be more cost effective. However, in revising the current system, the goal should be to drastically shrink the system to safeguard the minimum amount of data that requires protection. This goal would best be achieved through a zero-based review of what should be in the compartment.

(U) Changes to the NRO security system cannot be made in isolation. Regardless of whether the NRO moves to an entirely new compartment or a revised compartment, any changes must be fully coordinated with other security systems such as other DCI compartments. The timing of such a review of the NRO security system should be in parallel with a review of SCI compartments which is to begin in the near future.

Recommendation: (U) Substantially revise the NRO security system. The first order of business in revising the current system would be to define its purpose and identify those data that require compartmented protection, measurably reducing the amount of information in the compartment.

Issue 2:(U) Is there reason to continue to universally classify the fact of an NRO relationship with virtually all contractors?

Findings: (U) The protection of the NRO-corporate relationship at the NRO security system level is seen as a costly practice; one that limits legitimate communications across programs; one that restricts competition for NRO business; and one that has outlived its original purposes. Historically, the NRO has protected its contractor relationships for the purpose of protecting technology advantages, concealing the breadth and scope of collection activities, and minimizing the threats from foreign intelligence services and terrorist organizations. In some cases an added effect has been reduced systems costs.

(U) Recently, the Acting DNRO directed a thorough reevaluation of this practice based on two primary criteria: (1) the ability to protect appropriate technology, organizations, and operations, and to preserve cover arrangements consistent with sources and methods techniques; and (2) preservation of the full range of contracting options at the unclassified, classified, and compartmented levels.

(U) The Security Working Group solicited comments from all current companies eligible to do business with the NRO. Most responding companies (some 60 percent, based on early returns from survey data) would opt for an open relationship with the NRO.

(U) Some companies might want to maintain a covert relationship with the NRO based on business or safety reasons. It is important to note, however, that continued classified relationships have to be based on national security considerations.

- (U) If NRO-corporate relationships are allowed to be overt, we believe the number of companies which initially expressed a desire to have a covert relationship with the NR0 would decline steadily over time.

Recommendation: (U) Proceed on an accelerated basis to decomparment/declassify the NRO-corporate relationships where there are no legitimate reasons to retain them at the classified level. Implement on a case-by-case basis.

Issue 3: (U) Are security practices a principal reason why support to military operations is still seen as inadequate, inconsistent, and cumbersome to acquire?

Findings: (U) Our survey of military intelligence and operational users of NRO products indicates that this perception persists despite an aggressive outreach effort by the NRO to the U.S. military. In recent years the NRO has made great strides in training and educating the military consumer (it trained several thousand personnel in 1995), in becoming more involved in military operations (the NRO participated in 72 exercises in 1995), and in developing closer working relationships with the CINCs (there are now NRO liaison officers at three major commands, with more to come).

(U) Nevertheless, information from our survey suggests:

- Security rules and regulations are not well understood.

- Customers believe that security rules and regulations do not support mission effectiveness.

- There is strong support for the three-tier system (unclassified, secret, compartmented) initiated by the NRO, but that program only whet the appetite of the military consumer.

- There is a strong desire for system capabilities data at the secret collateral level.

- There is a pressing need for a "How To" guide for coalition operations.

- There is a need for more training and education.

- The military has an insatiable appetite for collateral products.

(U) Improvements in support to military operations depend on changes to other security systems, as well as the NRO security system, and can only be accomplished based on new guidance from the DCI to the Intelligence Community.

Recommendation: (U) Any new or revised NRO security system should allow for timely and efficient delivery of information to the warfighter. It should make support to military operations one of its highest priorities.

Issue 4: (U) Does NRO computer security represent a significant vulnerability over the long run?

[One Paragraph Deleted]

Recommendations: (U) The NRO should develop a comprehensive computer security program--assign responsibility, develop a plan, allocate resources, and begin implementation of the plan as soon as possible. This program should include an auditing function to be carried out by an organization not involved in the acquisition and operation of information handling systems.

Issue 5: (U) Is there a clear chain of command with regard to NRO security policies, practices, and responsibilities?

Findings: (U) Policy development responsibility for all NRO security rests with the Director of NRO Security, who also has responsibility for several security activities. However, some security functions are also practiced by six other headquarters organizations, which do not fall under the operational control of the Director of NRO Security.

(U) Despite a 1995 memorandum describing overall responsibilities of the DNRO Security, there still appears to be a lack of coordination between the NRO Security Office and the other headquarters security elements. For example, companies receive conflicting security guidance from different security elements in the NRO; also, there is no comprehensive approach to assignment of security personnel in the NRO. In addition, the lack of a coherent security program and consistent practices extends beyond NRO headquarters. There apparently is little coordination of security practices between headquarters security elements and other NRO elements.

Recommendation: (U) The new DNRO should expand the authority and responsibility of the Director of NRO Security spelled out in the 1995 DNRO memorandum. This revision should strengthen oversight of security practices and ensure consistency in implementation of policy across the entire organization. It should address security activities at headquarters and elsewhere. The DNRO should also consider empowering the DNRO Security to conduct periodic reviews and audits of all security activities.

(U) There was not full agreement in the Working Group on what should be done to correct those problems in the management of security at NRO headquarters.

The majority view (U) The NRO should consolidate all NRO security activities at headquarters under a single office and one senior officer and reassign all security personnel to the new office. The Director of NRO Security should have the authority to direct consistent implementation of security policies and redirect personnel resources as necessary.

The minority view (U) Security should be viewed as a service for the line manager who should have as much control as possible over those services that impact his/her program. Mechanisms need to be put in place to handle conflicts/differences of view.

APPENDIX IX-I

[Word Deleted]SECURITY WORKING GROUP MEMBERSHIP

MEMBERSORGANIZATION
Frank Ruocco (Chair)Computer Sciences Corporation
Renee Davis-Harding (Vice-Chair)OSD/DIS
Rick CazessusSecurity Policy Board Staff
Cindy Conlon The RAND Corporation
Col. Art DavisNRO Security
Bill GeigerAEGIS Corporation
Bob GreerTRW
Rich HaverCMS
Don KingslyAEGIS Corporation
Shirley KriegerHoneywell
Bernie LamoureauxLockheed-Martin Corp
Bob McCantsCIA
Ralph MillerComputer Sciences Corporation
Peter SaderholmSecurity Policy Board Staff
Dick WeaverNSA
Bob WeberCIA
Drew WinnebergerDIA

APPENDIX IX-2

(U) SOURCES OF INFORMATION

BRIEFINGS/INTERVIEWS
Jim BoleyNRO/Security
Col. Art Davis, USAFNRO/Security
Col. Fred Riccardi, USAFNRO/Security
Bob DumaisNRO/IM
John BuckmanNRO/COMM
Terry CroninNRO/Contracts
CAPT. Bruce Coburn, USNNRO/OSO
Ed AppelNSC Staff
Col. Phil PoundsNRO/Counterintelligence
Lt. Col. Steve Young, USAFNRO/SI
John GoldsmithNSA
Ken RenshawNRO/IM
Bill RooneyNRO/COMM
Adm. D. BlairCIA
Brig. Gen. David "Bull" Baker, USAFNRO/DDMS
John ElliffCMS

Surveys

Almost 200 corporations

Some 40 corporate security organizations

Approximately 100 customers of products, primarily military consumers

Previous Studies

Joint CIA-DoD IG Draft Inspection Report dated April 1996

Eight studies conducted between 1989 and 1995

APPENDIX IX-3

[Word Deleted]REVIEW OF PPREVIOUS STUDIES OF NRO SINCE 1988

1989 NRO RBSTRUCTURE STUDY

Tasked by: ADNRO

Conducted by: Robert Geiger (Retired Rear Admiral)

Barry Kelly

Purpose: Identify changes to ensure NRO is prepared to respond to future intelligence changes

Security Recommendation:

- Create a centralized [Word Deleted] Security implementation management function

Status: Completed. NRO Security management structure and [Words Deleted] established.

1992 DCI TASK FORCE on NRO
Commissioned by: DCI April 1992
Conducted by: Bob Fuhrman

Purpose: Advise the DCI concerning the future of the NRO

Fundamental Question: How should U.S. Government organize to acquire and operate overhead reconnaissance system?

Security Recommendations:

- Declassify fact of NRO

- Review classification guidelines for NRO system characteristics and related products to improve flow of information to users

Status: Completed

CL BY: 0492464
CL REASON: 1.5(C)
DECL ON: X1
DRV FROM: NRO SCG 4.0, 14 October <1995

1992 JOINT (NRO/CIA) INSPECTOR GENERAL
Commissioned by: DDCI October 1991

Purpose: Broad Inspection of [Word Deleted] Security Management which was viewed as fragmented and uncoordinated

Security Recommendation 1:

- Define expectations of roles, and interrelationships of Special Assistant for Security [Words Deleted] Deputy Director, NRO Security

Status: 1992 Memo established Director of Security/NRO

Security Recommendation 2:
Complete what is [Word Deleted] Study

Status: Completed December 1993

Security Recommendation 3:
- Central security planning authority for NRO

Status: Established Director, Policy and Operations Support position August 1992

Security Recommendation 4:
- Define criteria used for Must Know determination

Status: Completed (DNRO)

Security Recommendation 5:
- NRO IG evaluate [Words Deleted]progress in one year

Status: Did not occur. Joint CIA/DoD inspection done April 1996

1992 NATIONAL RECONNAISSANCE PROGRAM TASK FORCE FOR THE DCI

Commissioned by: DDCI September 1992

Conducted by: R. James Woolsey Panel

Purpose: Review and validate future direction of all aspects of National Reconnaissance Program

Recommendation: Security found to be excessive. System should be thoroughly reviewed and overhauled

Status: Completed [Word Deleted] Compartmentation Restructure (2/94) [Lines Deleted]Promoted cross-program technical interchange.

1993 BYEMAN COMPARTMENTATION RESTRUCTURE
Commissioned by: DNRO November 1993
Conducted by: Joint Government and Industry Review Team

Purpose: Create security environment based on need-to-know that enhances efficiencies, eliminates duplication, promotes sharing of technology assets

Action: Restructure [Words Deleted] into single major compartment. Allow access on strict need-to-know basis

Status: Completed February 1994

1995 IMPLEMENTATION PLAN FOR FURTHER DECOMPARTMENTATION AND DECLASSIFICATION OF THE NRO
Commissioned by: DNRO August 1994
Conducted by: Internal NRO Review Team

Purpose: Describe the process for declassifying organizations, office, and most Headquarters personnel. Permits NRO Headquarters personnel to acknowledge NRO affiliation and declassification of locations of all Headquarters facilities

Status: Completed April 1995

1995 WEST COAST SECURITY OFFICE REORGANIZATION PROPOSAL
Commissioned by: IMINT Security Directorate August 1995
Conducted by: [Words Deleted]

Purpose: Study West Coast security function to achieve greater efficiency

Recommendation: Eliminate remnants of programs A, B, C. Realign and physically consolidate all offices on West Coast.

Status: Completed or in work. [Three Lines Deleted]

1996 JOINT INSPECTION OF NATIONAL RECONNAISSANCE OFFICE
Commissioned by: DCI and SECDEF
Conducted by: CIA and DoD Office of Inspector General

Purpose: Determine efficiency and effectiveness of the processes and mechanisms used to manage and administer NRO resources and administrative program

Recommendation 1: All security reference materials are available to all employees and contractors. Distribute memo acknowledging which documents are current or superseded

Status: Completed or in work

Recommendation 2: Establish program on how to distinguish [Line Deleted]

Status: In work. Scheduled completion date June 1997. (also see Decision Tool)

Recommendation 3: Develop and implement clearly defined roles and responsibilities for security personnel and employees

Status: In work to revise [Word Deleted] Security Manual and Info Sec Program Regulation. Scheduled completion September 1996 and December 1996 respectively

Recommendation 4: Develop a security performance measurement plan and a security violations reporting mechanism

Status: In work. Scheduled dates for completion October 1996 and December 1996 respectively.

Recommendation 5: Resolve overlapping AIS Security responsibilities [Words Deleted]

Status: In work. Scheduled completion August 1996 Recommendation 6: Establish program to monitor AIS Security

Status: In work to establish more comprehensive monitoring of contractor systems. Scheduled date of completion July 1996

APPENDIX IX-4
[Word Deleted] SUMMARY OF MAJOR ACCOMPLISHMENTS BY NRO SECURITY

Security Police and Operational Support

INTERNAL

- What is [Word Deleted] study

- Compartmentation Restructure

- NRO Classification Guide (Revisions)

- Implementation of Executive Order 12958

- NRO Declassification (Phase I)

- DCID 1/19 Implementation (Document accountability--TS [Word Deleted])

- Eliminated control of SECRET [Word Deleted]-1993

- Phase History Data from [Word Deleted] TK

- Relaxation of Security Controls

- Electronic calculators, voice mail, lock combinations, etc.

- Designed introduction to [Word Deleted] briefing for government and industry

EXTERNAL

- CORONA declassification

- National Industrial Security Program Operating Manual(NISPOM) and Supplement

- Control Access Program Oversite Committee (CAPOC)

- Created NRO Special Security Office

Personnel Security Division

- Personnel security eligibility-Community reciprocity

- Full Defense Central Investigative Index (DCII) input

- Reduced investigative cycle time

- Initials from 134-492 days in 91 to 52 days in 1995

- Reinvestigations from 207 to 105 days

- Central management of NRO Polygraph Program

- Initiated community working group for "common adjudicative practices for SCI Community" (CAPSCI)

- sponsored additional adjudicative standard (DCID 1/14)

- Provided Defense Investigative Service (DIS) a copy of SMCP software

Facilities and Information Security Division

- Virtually eliminated domestic tempest requirement - 1992

- Eliminated Two-Persons in SCIFs - 1993

- Draft DCID 1/21 Implemented - 1992

- Risk-based TSCM program

- Created Management Information and Documentation System (MIDS) database

- DIS and Community briefed on capabilities

- SCIF Co-utilization

- Automated Information System Security Implementation Manual(AISSIM) 100 and 200

- Conduct DCID 1/21 training for community Training and Education Division

- Completed Community/DoD review of courses

- Initiated PRO Orientation seminar

- Conducted security officer training and AIS orientation seminars for government and industry

- 360 classes, 2500 students since 1992

- Developed PRO Security Awareness Program (videos, newsletter, briefings, regional conferences)

- Built training resource center

- Chair the Security Policy Board's Training and Professional Development Committee

APPENDIX IX-5
(U) RESULTS OF SURVEY OF CORPORATIONS

(U) The Security Working Group conducted three surveys:

- (U) A survey of its membership to evaluate the effectiveness of NRO Security

- (U) A survey of some 100 customers (mostly military) to evaluate NRO responsiveness and the effectiveness of NRO security.

- (U) A survey of some 175 corporations to gather data regarding the classification/declassification and compartmentation/decompartmentation of NRO-corporate relationships.

(U) The questions for each survey are included as well as a summary of the responses. The detailed responses to the survey will be retained in the NRO Security office.

(U) In summary, the results indicate that about 62 percent of the responding companies currently cleared to do business with the NRO would choose to have the fact of their contractual relationship with the NRO to be overt and unclassified.

(U) Sixty-two of 175 corporations responded to the survey. Thirty-eight have indicated a preference to be overt or expressed a neutral position. Twenty-four wanted to maintain a covert relationship with the NRO, citing business and safety reasons, and in a few cases indicating greater concern for counterintelligence if the relationship were overt.