(U) The Security Working Group conducted a high-level review of NRO security with the aim of determining whether major security policies and business practices appear suitable for the NRO mission in the 21st Century. Many of the important issues identified by the Working Group were covered by the recently completed Joint CIA-DoD inspection of the NRO.
(U) This report discusses five issues identified by the Working Group. The membership of the Security Working Group is listed in Appendix IX-1
(U) One of the first and most obvious trends the Working Group detected in NRO security was that security policies and practices within the NRO have undergone significant change in the last five years. As a result there have been cost savings and more reasonable implementation of policies within the organization. Several sources outside the NRO would rate NRO security the most effective in the Intelligence Community. The NRO, and in particular the NRO Security Office, deserve much credit for taking the initiative and implementing fundamental change in long-standing policies and practices. At the same time these changes have only whet the appetites of customers for more relaxation of security rules to accommodate the changing needs of users--for example, the intelligence needs of US military forces working closely with coalition partners. NRO management must now be prepared to revise policies that drive the current set of security rules.
2. METHODOLOGY
(U) The Working Group received briefings, conducted interviews, reviewed earlier studies, and conducted three surveys to gather as much information as possible within the time allocated for this study. Appendix IX-2 contains a complete list of sources of information. Appendix IX-3 highlights the significant security findings of previous studies. Appendix IX-4 contains a list of major security accomplishments. Appendix IX-5 highlights results of the corporate survey. Other supporting data for much of the discussion in this report are in classified annexes held by NRO Security.
3. SUMMARY FINDINGS AND RECOMMENDATIONS
(U) The Security Working Group identified five issues needing attention, if the high quality of NRO security support is to be maintained. The issues are:
(1) the NRO security system
(2) the NRO-corporate relationship
(3) support to military operations
(4) computer security
(5) the organization of security inside the NRO.
(U) Our principal recommendation--revising the current NRO security system--will have direct impact on two other recommendations; one calling for removing the "fact of" a corporate relationship with NRO from its security compartment and another calling for improved support to the warfighter. Because accomplishment of the NRO mission depends on secure information handling systems, a robust computer security program is essential. We recommend the NRO develop one. Lastly, inconsistent NRO security practices among several NRO organizations warrant senior management attention.
4. SPECIFIC FINDINGS AND RECOMMENDATIONS
Issue 1: (U) Is the NRO security system being used to excess, costly, archaic, and losing its effectiveness?
Findings: (U) Fundamental to NRO security is its security system. The recent IG report stated that there were "numerous examples of over classification and use" of the compartment.
(U) The Working Group did not review classification practices in the NRO, but anecdotal information we received is consistent with the conclusion of the IG report. We were told that the NRO security system is often used as the excuse to bypass or mitigate established procedures and controls.
(U) There have been several attempts in the past to scrub the NRO security system and reduce its scope and the amount of information in it; and there is clear evidence of considerable success in doing so. Nevertheless, the practice of using the NRO security system as something more than a security compartment still exists within the NRO. There is also a perception by many outside the NRO that it uses its security system selectively and arbitrarily to restrict what is seen as legitimate access to NRO information.
(U) [Word Deleted] Security is currently conducting another review the [Word Deleted] security system. After considering the costs and benefits of moving to an entirely new system vice a substantially revised [Word Deleted] system, the Panel thought revising the BYEMAN security system would be more cost effective. However, in revising the current system, the goal should be to drastically shrink the system to safeguard the minimum amount of data that requires protection. This goal would best be achieved through a zero-based review of what should be in the compartment.
(U) Changes to the NRO security system cannot be made in isolation. Regardless of whether the NRO moves to an entirely new compartment or a revised compartment, any changes must be fully coordinated with other security systems such as other DCI compartments. The timing of such a review of the NRO security system should be in parallel with a review of SCI compartments which is to begin in the near future.
Recommendation: (U) Substantially revise the NRO security system. The first order of business in revising the current system would be to define its purpose and identify those data that require compartmented protection, measurably reducing the amount of information in the compartment.
Issue 2:(U) Is there reason to continue to universally classify the fact of an NRO relationship with virtually all contractors?
Findings: (U) The protection of the NRO-corporate relationship at the NRO security system level is seen as a costly practice; one that limits legitimate communications across programs; one that restricts competition for NRO business; and one that has outlived its original purposes. Historically, the NRO has protected its contractor relationships for the purpose of protecting technology advantages, concealing the breadth and scope of collection activities, and minimizing the threats from foreign intelligence services and terrorist organizations. In some cases an added effect has been reduced systems costs.
(U) Recently, the Acting DNRO directed a thorough reevaluation of this practice based on two primary criteria: (1) the ability to protect appropriate technology, organizations, and operations, and to preserve cover arrangements consistent with sources and methods techniques; and (2) preservation of the full range of contracting options at the unclassified, classified, and compartmented levels.
(U) The Security Working Group solicited comments from all current companies eligible to do business with the NRO. Most responding companies (some 60 percent, based on early returns from survey data) would opt for an open relationship with the NRO.
(U) Some companies might want to maintain a covert relationship with the NRO based on business or safety reasons. It is important to note, however, that continued classified relationships have to be based on national security considerations.
- (U) If NRO-corporate relationships are allowed to be overt, we believe the number of companies which initially expressed a desire to have a covert relationship with the NR0 would decline steadily over time.
Recommendation: (U) Proceed on an accelerated basis to decomparment/declassify the NRO-corporate relationships where there are no legitimate reasons to retain them at the classified level. Implement on a case-by-case basis.
Issue 3: (U) Are security practices a principal reason why support to military operations is still seen as inadequate, inconsistent, and cumbersome to acquire?
Findings: (U) Our survey of military intelligence and operational users of NRO products indicates that this perception persists despite an aggressive outreach effort by the NRO to the U.S. military. In recent years the NRO has made great strides in training and educating the military consumer (it trained several thousand personnel in 1995), in becoming more involved in military operations (the NRO participated in 72 exercises in 1995), and in developing closer working relationships with the CINCs (there are now NRO liaison officers at three major commands, with more to come).
(U) Nevertheless, information from our survey suggests:
- Security rules and regulations are not well understood.
- Customers believe that security rules and regulations do not support mission effectiveness.
- There is strong support for the three-tier system (unclassified, secret, compartmented) initiated by the NRO, but that program only whet the appetite of the military consumer.
- There is a strong desire for system capabilities data at the secret collateral level.
- There is a pressing need for a "How To" guide for coalition operations.
- There is a need for more training and education.
- The military has an insatiable appetite for collateral products.
(U) Improvements in support to military operations depend on changes to other security systems, as well as the NRO security system, and can only be accomplished based on new guidance from the DCI to the Intelligence Community.
Recommendation: (U) Any new or revised NRO security system should allow for timely and efficient delivery of information to the warfighter. It should make support to military operations one of its highest priorities.
Issue 4: (U) Does NRO computer security represent a significant vulnerability over the long run?
[One Paragraph Deleted]
Recommendations: (U) The NRO should develop a comprehensive computer security program--assign responsibility, develop a plan, allocate resources, and begin implementation of the plan as soon as possible. This program should include an auditing function to be carried out by an organization not involved in the acquisition and operation of information handling systems.
Issue 5: (U) Is there a clear chain of command with regard to NRO security policies, practices, and responsibilities?
Findings: (U) Policy development responsibility for all NRO security rests with the Director of NRO Security, who also has responsibility for several security activities. However, some security functions are also practiced by six other headquarters organizations, which do not fall under the operational control of the Director of NRO Security.
(U) Despite a 1995 memorandum describing overall responsibilities of the DNRO Security, there still appears to be a lack of coordination between the NRO Security Office and the other headquarters security elements. For example, companies receive conflicting security guidance from different security elements in the NRO; also, there is no comprehensive approach to assignment of security personnel in the NRO. In addition, the lack of a coherent security program and consistent practices extends beyond NRO headquarters. There apparently is little coordination of security practices between headquarters security elements and other NRO elements.
Recommendation: (U) The new DNRO should expand the authority and responsibility of the Director of NRO Security spelled out in the 1995 DNRO memorandum. This revision should strengthen oversight of security practices and ensure consistency in implementation of policy across the entire organization. It should address security activities at headquarters and elsewhere. The DNRO should also consider empowering the DNRO Security to conduct periodic reviews and audits of all security activities.
(U) There was not full agreement in the Working Group on what should be done to correct those problems in the management of security at NRO headquarters.
The majority view (U) The NRO should consolidate all NRO security activities at headquarters under a single office and one senior officer and reassign all security personnel to the new office. The Director of NRO Security should have the authority to direct consistent implementation of security policies and redirect personnel resources as necessary.
The minority view (U) Security should be viewed as a service for the line manager who should have as much control as possible over those services that impact his/her program. Mechanisms need to be put in place to handle conflicts/differences of view.
[Word Deleted]SECURITY WORKING GROUP MEMBERSHIP
MEMBERS | ORGANIZATION |
Frank Ruocco (Chair) | Computer Sciences Corporation |
Renee Davis-Harding (Vice-Chair) | OSD/DIS |
Rick Cazessus | Security Policy Board Staff |
Cindy Conlon | The RAND Corporation |
Col. Art Davis | NRO Security |
Bill Geiger | AEGIS Corporation |
Bob Greer | TRW |
Rich Haver | CMS |
Don Kingsly | AEGIS Corporation |
Shirley Krieger | Honeywell |
Bernie Lamoureaux | Lockheed-Martin Corp |
Bob McCants | CIA |
Ralph Miller | Computer Sciences Corporation |
Peter Saderholm | Security Policy Board Staff |
Dick Weaver | NSA |
Bob Weber | CIA |
Drew Winneberger | DIA |
(U) SOURCES OF INFORMATION
BRIEFINGS/INTERVIEWS | |
Jim Boley | NRO/Security |
Col. Art Davis, USAF | NRO/Security |
Col. Fred Riccardi, USAF | NRO/Security |
Bob Dumais | NRO/IM |
John Buckman | NRO/COMM |
Terry Cronin | NRO/Contracts |
CAPT. Bruce Coburn, USN | NRO/OSO |
Ed Appel | NSC Staff |
Col. Phil Pounds | NRO/Counterintelligence |
Lt. Col. Steve Young, USAF | NRO/SI |
John Goldsmith | NSA |
Ken Renshaw | NRO/IM |
Bill Rooney | NRO/COMM |
Adm. D. Blair | CIA |
Brig. Gen. David "Bull" Baker, USAF | NRO/DDMS |
John Elliff | CMS |
Surveys
Almost 200 corporations
Some 40 corporate security organizations
Approximately 100 customers of products, primarily military consumers
Previous Studies
Joint CIA-DoD IG Draft Inspection Report dated April 1996
Eight studies conducted between 1989 and 1995
[Word Deleted]REVIEW OF PPREVIOUS STUDIES OF NRO SINCE 1988
1989 NRO RBSTRUCTURE STUDY
Tasked by: ADNRO
Conducted by: Robert Geiger (Retired Rear Admiral)
Barry Kelly
Purpose: Identify changes to ensure NRO is prepared to respond to future intelligence changes
Security Recommendation:
- Create a centralized [Word Deleted] Security implementation management function
Status: Completed. NRO Security management structure and [Words Deleted] established.
1992 DCI TASK FORCE on NRO
Commissioned by: DCI April 1992
Conducted by: Bob Fuhrman
Purpose: Advise the DCI concerning the future of the NRO
Fundamental Question: How should U.S. Government organize to acquire and operate overhead reconnaissance system?
Security Recommendations:
- Declassify fact of NRO
- Review classification guidelines for NRO system characteristics and related products to improve flow of information to users
Status: Completed
CL BY: 0492464
CL REASON: 1.5(C)
DECL ON: X1
DRV FROM: NRO SCG 4.0, 14 October <1995
1992 JOINT (NRO/CIA) INSPECTOR GENERAL
Commissioned by: DDCI October 1991
Purpose: Broad Inspection of [Word Deleted] Security Management which was viewed as fragmented and uncoordinated
Security Recommendation 1:
- Define expectations of roles, and interrelationships of Special Assistant for Security [Words Deleted] Deputy Director, NRO Security
Status: 1992 Memo established Director of Security/NRO
Security Recommendation 2:
Complete what is [Word Deleted] Study
Status: Completed December 1993
Security Recommendation 3:
- Central security planning authority for NRO
Status: Established Director, Policy and Operations Support position August 1992
Security Recommendation 4:
- Define criteria used for Must Know determination
Status: Completed (DNRO)
Security Recommendation 5:
- NRO IG evaluate [Words Deleted]progress in one year
Status: Did not occur. Joint CIA/DoD inspection done April 1996
1992 NATIONAL RECONNAISSANCE PROGRAM TASK FORCE FOR THE DCI
Commissioned by: DDCI September 1992
Conducted by: R. James Woolsey Panel
Purpose: Review and validate future direction of all aspects of National Reconnaissance Program
Recommendation: Security found to be excessive. System should be thoroughly reviewed and overhauled
Status: Completed [Word Deleted] Compartmentation Restructure (2/94) [Lines Deleted]Promoted cross-program technical interchange.
1993 BYEMAN COMPARTMENTATION RESTRUCTURE
Commissioned by: DNRO November 1993
Conducted by: Joint Government and Industry Review Team
Purpose: Create security environment based on need-to-know that enhances efficiencies, eliminates duplication, promotes sharing of technology assets
Action: Restructure [Words Deleted] into single major compartment. Allow access on strict need-to-know basis
Status: Completed February 1994
1995 IMPLEMENTATION PLAN FOR FURTHER DECOMPARTMENTATION AND DECLASSIFICATION OF THE NRO
Commissioned by: DNRO August 1994
Conducted by: Internal NRO Review Team
Purpose: Describe the process for declassifying organizations, office, and most Headquarters personnel. Permits NRO Headquarters personnel to acknowledge NRO affiliation and declassification of locations of all Headquarters facilities
Status: Completed April 1995
1995 WEST COAST SECURITY OFFICE REORGANIZATION PROPOSAL
Commissioned by: IMINT Security Directorate August 1995
Conducted by: [Words Deleted]
Purpose: Study West Coast security function to achieve greater efficiency
Recommendation: Eliminate remnants of programs A, B, C. Realign and physically consolidate all offices on West Coast.
Status: Completed or in work. [Three Lines Deleted]
1996 JOINT INSPECTION OF NATIONAL RECONNAISSANCE OFFICE
Commissioned by: DCI and SECDEF
Conducted by: CIA and DoD Office of Inspector General
Purpose: Determine efficiency and effectiveness of the processes and mechanisms used to manage and administer NRO resources and administrative program
Recommendation 1: All security reference materials are available to all employees and contractors. Distribute memo acknowledging which documents are current or superseded
Status: Completed or in work
Recommendation 2: Establish program on how to distinguish [Line Deleted]
Status: In work. Scheduled completion date June 1997. (also see Decision Tool)
Recommendation 3: Develop and implement clearly defined roles and responsibilities for security personnel and employees
Status: In work to revise [Word Deleted] Security Manual and Info Sec Program Regulation. Scheduled completion September 1996 and December 1996 respectively
Recommendation 4: Develop a security performance measurement plan and a security violations reporting mechanism
Status: In work. Scheduled dates for completion October 1996 and December 1996 respectively.
Recommendation 5: Resolve overlapping AIS Security responsibilities [Words Deleted]
Status: In work. Scheduled completion August 1996 Recommendation 6: Establish program to monitor AIS Security
Status: In work to establish more comprehensive monitoring of contractor systems. Scheduled date of completion July 1996
Security Police and Operational Support
INTERNAL
- What is [Word Deleted] study
- Compartmentation Restructure
- NRO Classification Guide (Revisions)
- Implementation of Executive Order 12958
- NRO Declassification (Phase I)
- DCID 1/19 Implementation (Document accountability--TS [Word Deleted])
- Eliminated control of SECRET [Word Deleted]-1993
- Phase History Data from [Word Deleted] TK
- Relaxation of Security Controls
- Electronic calculators, voice mail, lock combinations, etc.
- Designed introduction to [Word Deleted] briefing for government and industry
EXTERNAL
- CORONA declassification
- National Industrial Security Program Operating Manual(NISPOM) and Supplement
- Control Access Program Oversite Committee (CAPOC)
- Created NRO Special Security Office
Personnel Security Division
- Personnel security eligibility-Community reciprocity
- Full Defense Central Investigative Index (DCII) input
- Reduced investigative cycle time
- Initials from 134-492 days in 91 to 52 days in 1995
- Reinvestigations from 207 to 105 days
- Central management of NRO Polygraph Program
- Initiated community working group for "common adjudicative practices for SCI Community" (CAPSCI)
- sponsored additional adjudicative standard (DCID 1/14)
- Provided Defense Investigative Service (DIS) a copy of SMCP software
Facilities and Information Security Division
- Virtually eliminated domestic tempest requirement - 1992
- Eliminated Two-Persons in SCIFs - 1993
- Draft DCID 1/21 Implemented - 1992
- Risk-based TSCM program
- Created Management Information and Documentation System (MIDS) database
- DIS and Community briefed on capabilities
- SCIF Co-utilization
- Automated Information System Security Implementation Manual(AISSIM) 100 and 200
- Conduct DCID 1/21 training for community Training and Education Division
- Completed Community/DoD review of courses
- Initiated PRO Orientation seminar
- Conducted security officer training and AIS orientation seminars for government and industry
- 360 classes, 2500 students since 1992
- Developed PRO Security Awareness Program (videos, newsletter, briefings, regional conferences)
- Built training resource center
- Chair the Security Policy Board's Training and Professional Development Committee
(U) The Security Working Group conducted three surveys:
- (U) A survey of its membership to evaluate the effectiveness of NRO Security
- (U) A survey of some 100 customers (mostly military) to evaluate NRO responsiveness and the effectiveness of NRO security.
- (U) A survey of some 175 corporations to gather data regarding the classification/declassification and compartmentation/decompartmentation of NRO-corporate relationships.
(U) The questions for each survey are included as well as a summary of the responses. The detailed responses to the survey will be retained in the NRO Security office.
(U) In summary, the results indicate that about 62 percent of the responding companies currently cleared to do business with the NRO would choose to have the fact of their contractual relationship with the NRO to be overt and unclassified.
(U) Sixty-two of 175 corporations responded to the survey. Thirty-eight have indicated a preference to be overt or expressed a neutral position. Twenty-four wanted to maintain a covert relationship with the NRO, citing business and safety reasons, and in a few cases indicating greater concern for counterintelligence if the relationship were overt.