sf 7 095 3 3 A 7 i 7 pprove Welggse ILLEGIB e- MEMORANDUM FOR Chairman United States Intelligence Boar Security Committee SUBJECT Security Threat Analysis of Computer Operations 1 Reference is made to the 19 January 1970 tasking of the Computer Security Subcommittee to conduct an analysis of the security threat posed by the possibility of hostile exploitation of weak points in the computer operations of the Intelligence Comznunity In assigning this task to the Subcommittee the Security Committee r cguested that the Counterintelligence Staff of CIA be asked to report any known cases where hostile services had attempted to exploit the security vulner abilities of our ceinputer operations in addition the Subcommittee was asked to study the postulated threat of hostile penetration of our computer operations 2 Inherent in any exalnination of hostile attempts to exploit our computer resources is the lmown Soviet Bloc interest in American cmnputingr technology It is well recognized in the Community that the Soviet Union and its allies being behind the United States in experimental construction quantity production and hardware soft ware design has placed considerable effort and emphasis in its Mq hi i it 3 Approved For Release 2004 02 10 CIA-RDP79M00096A000100070006-3 3 no Approved Fowelease 2004 02 i DP79MO0W000100070006-3 computer develOpment programs to reduce or close the gap The fact that the Soviet Union and its allies are involved in large scale overt efforts to collect information on Western computer technology is also well documented It is also recognized that the Soviets are conducting covert Operations to Collect similar information regarding Western computer technology 3 Examination of the problem by the Subcommittee has emphasized the possible exploitation of vulnerabilities in our computer Operations by hostile agencies for the purpose of collecting informatibn on American intelligence activities and USIB organizations its requested 'by the Security the Counterintelligence Staff of the Central Intelligence Agencywas asked to examine their files for the purpose of identifying specific cases of known or suspected exploitation of Community computing operations In addition all Subcommittee members were asked to seek similar information from their separate agencies While the results of this review in many cases were negative the Central Intelligence Agency and the Federal Bureau of Investigation were able to provide information on several cases involving hostile attempts to exploit either personnel associated with Community computer Operations or personnel elnployed by American computing manufacturers having potential contact with government operations Approved For Release 25 Approved For Release 2004 02 10 Next 5 Page s In Document Exempt Approved For Release 2004 02 10 CIA-RDP79M00096A000100070006-3 f - Approved Fowlease 2004 02 10 CIA-RDP79M0009Q500010007000643 9 Examples of criminal cases highlight the possibility that a hostile service could exploit the security vulnerabilities of our computer operations even though none of the agencies reported any evidence of such exploitation 10 The second part of the'task assigned to the Computer Security Subcommittee concerned the study of the postulated threat of hostile penetration of computer Operations This problem was - My 7 previously addressediin a report prepared by the Defense Science Board Task Force -on Computer Security The final draft of this xerwi report was'lissuedlin January l970 however the report has not yet we - been cleared for general irelease 11 The Defense Science Board report notes that computer systems by their nature bring together a series of vulnerabilities which tend to jeopardize the system's information protection capabilities Specific points of vulnerability can be classified into five groups a Physical surroundings b Hardware 0 Software d Celnmunication links e Personnel and organizational procedures l 53 Approved For Release 1 5 Approved For lease 2004 02 10 MW 12 The vulnerabilities postulated in the Defense Science Board report'have been detern iined at least in some cases to be real For l- w example CIA recently reported an incident where a program mer called ay for a dump of his memory pal tition in case of a fatal error The error u-n-Lh condition occurred and the rmesull ant dump contained his program plus data from another user 5L 13 It was determined that the programmer had requested a Specific core region size in accordance with the Specification required of all programs run on the multiprogramming system The program had not used the total region thus the remaining core in the region had not been erased by the overlay of the program However the program abort reverted control-to the Operating system which dumped the total region including the nonuerased core from the previous user rather than just the selective area occupied by the program 14 The system was modified so that the terminator routine controlled by OS erases all core in a region upon termination of a job However the fact remains that the vulnerability did exist undetected within the system for a period of time prior to discovery -10- e Approved For Release 2004 02 10 CIA-RDP79M00096A000100070006-3 I k Approved Fowlease 2004 02 10 CIA-RDP79M000QE9000100070006-3 If in q 4 a 15 AEC reported an incident regarding a technique which could permit the accidental or intentional disclosure of classified data or information to unauthbrized personnel through bypassing the storage protection feature of main mexnoryo This deficiency was accidentally detected while checking out a scientific computer program on an IBM 360 50 using Operating System 360 which does multipro gramming with a variable number of tasks Version 18 if Discussion with IBM revealed that all IBM 360 computer systems Operating under the control of Disk Operating System SOS Tape Operating System T08 Basic Operating System lgiasic Programming Sry'sttl l BPS and Operating System are vulnerable to this technique This deficiency can be corrected by the fetch protection feature offered by however fetch protection can be installed only on IBM model-s 360 50 and above 16 Deliberate attempts mounted against a system to take advantage of or create weak points would usually require a combination of a system design shortcoming either unforeseen or undected and placement of someone in a position to initiate action The fact that there is no present evidence of hostile attempts to technically penetrate Community computer systems should not preclude USIB member agencies from seriously considering the postulated threat and should not cause these agencies to relax preventative measures against the actual threat Approved For Release steer 1 tailhh a                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu