Information Security Oversight Office (ISOO)

NISPPAC Minutes - March 24, 1998

Minutes of the Meeting
March 24, 1998 (As approved at the meeting of September 17, 1998)

The National Industrial Security Program Policy Advisory Committee (NISPPAC) held its eleventh meeting on March 24, 1998, at 9:00 a.m., in Room 105 of the National Archives Building, 700 Pennsylvania Avenue, Washington, DC 20408. Steven Garfinkel, Director, Information Security Oversight Office (ISOO), chaired the meeting. The meeting was open to the public.

  1. Welcome, Introductions and Announcements.
    After welcoming those in attendance, the Chairman asked for self-introductions. A roster of those NISPPAC representatives in attendance is attached. The Chairman specifically welcomed Susan Davis Mitchell, Raymond I. H. Kang, and Bernard A. Lamoureux as the new industry representatives on the NISPPAC.

    The Chairman expressed his concern that Tom Adams, a charter industry NISPPAC member whose term of service had ended in September 1997, had suffered a stroke a couple of months prior to the meeting. The Chairman had communicated with him recently through e-mail, but had not seen or talked to him. Industry representative Edward Halibozek informed the group that he had spoken with Tom and that his condition is much improved. The Chairman asked that those who know Tom and recognize his contributions to industrial security and the National Industrial Security Program (NISP) stay in touch with him and keep him in their prayers for a full recovery.

    Department of Defense (DOD) representative John Frields announced that he was retiring at the end of the week and that this would be his final NISPPAC meeting. The Chairman announced that in honor of John's extraordinary career and service, and his numerous long-standing contributions to industrial security and the NISP, he had brought a ceremonial dessert to the NISPPAC meeting, to which all in attendance were welcome to share at the meeting's conclusion.

  2. Presentations by OASD and DSS: How their Respective Reorganizations Affect the NISP.
    J. William Leonard, Director, Security Programs, Office of the Assistant Secretary of Defense (OASD), and Rene Davis-Harding, Deputy Director for Policy, Defense Security Service (DSS), led the discussion regarding their respective organizations.

    1. Changes within the Office of the Secretary of Defense (OSD).
      Mr. Leonard informed the group that OSD is in the midst of a major reorganization. He mentioned that he is not sure how the final reorganization chart will look, but that he foresees a strong focus on security by senior leadership. He explained that there is clear recognition of the role of security and the shared responsibility of Government and industry in the industrial security process. He indicated that there is commitment at the highest levels of the OSD to a partnership with industry. He reminded the group that at the last NISPPAC meeting, he had mentioned that there was thought of dismantling the Office of the Assistant Secretary of Defense for Command, Control, Communications and Intelligence (C3I), and of establishing a new organization in its place. He explained that there is now a commitment to reconstitute C3I and to make it more dynamic and more equipped than it has been in the past. He added that Mr. Arthur Money is the new senior civilian official within the organization, pending his likely appointment as Assistant Secretary. Mr. Leonard indicated that he anticipates a final decision concerning organizational leadership coming out shortly. In the interim, Mr. Leonard stated that Mr. Money had been very clear that security, information protection, and information assurance are very much near the top of his priority list, not only within the Department, but also in regard to DOD's many relationships with the private sector.

    2. Changes within DSS.
      Mrs. Davis-Harding informed the group that DSS is continually changing. She mentioned that the biggest change is that Steven Schanzer, DSS's former Chief Operating Officer, will be its new Director. She noted that Director Margaret Munson, who deserves much of the credit for the DSS reinvention effort, is retiring. She added that the change with respect to the organization's name took place as a result of the Defense Reform Initiative, which basically integrated the DOD Security Institute (DODSI), the Personnel Security Research Center (PERSEREC), and the DOD Polygraph Institute (DODPI).

      Mrs. Davis-Harding stated that DSS had completed much of the three program integration and has expanded in terms of security training. DSS's training office now incorporates instructors that were at DODSI. DSS plans to reduce classroom training, but expand the types of training offered to include distance learning, teletraining, and computer based training. Mrs. Davis-Harding stated that DSS plans to take training to the customers, rather than bringing people to DSS offices. In connection with this effort, DSS is currently conducting a customer needs survey. Five senior members of the DSS staff are going to customers asking them what training they would like to have, not just what training has been offered previously. Mrs. Davis-Harding mentioned that any questions regarding the survey can be directed to Joe Cashin, DSS Security Survey team leader, at (609)489-3647.

      Mrs. Davis-Harding indicated that DSS is trying to be more responsive to its customers, particularly as it relates to response times on personnel security investigations. She mentioned that DSS is trying to prioritize its caseload and apply market incentives. She also mentioned that DSS is going to institute a fee-for-service policy. The test year begins in October 1998, and the actual fee for service will take place in the year 2000.

      DSS is working on an alignment of strategies that recognizes that DSS cannot unilaterally work alone. Mrs. Davis-Harding explained that DSS is aligning all of its strategies, i.e., business strategy, information systems strategy or services, organization structure., etc., to make sure all of the elements are working together, and that they have a strong horizontal coordination process in place. Along with an alignment of strategies, DSS plans to provide a full range of services, which would include an employment verification database that would facilitate visit requests.

      In regard to investigations, DSS is taking a look at how they focus on periodic re-investigations. DSS is currently looking at how they can better focus their resources on the cleared insider, who often presents the greatest threat.

      DSS has developed an "Intranet," an internal net for DSS, to share information among its staff. Mrs. Davis-Harding mentioned that a similar mode is being considered for DSS customers who would have a need to access the information. She also mentioned that DSS has developed a virtual support staff. The virtual support staff would provide services internal to DSS and provide leadership development to DSS personnel. Mrs. Davis-Harding concluded her remarks by stating that DSS is trying to balance its resources, compete for market share, and be more responsive to its existing customer base.

  1. NISPOM Issues

    1. Discussion of Industry Members' Draft Resolution.
      On the behalf of the industry representatives, Ed Halibozek presented a handout and presentation on the topic of "Who represents the policy interests of the Secretary of Defense in executing the NISP?" In his remarks, Mr. Halibozek acknowledged that a lot of progress has been made but emphasized that the NISP is not working as intended. He mentioned that revisions to Chapters 8 and 10 of the NISPOM have reached an impasse and there appears to be little progress in sight. Mr. Halibozek stated that industry's chief concern is that no single authority appears to have the ability to resolve differences between principal organizations. He mentioned that the problem appears to be within the existing framework, where there appears to be no executive involvement in the process of executing the NISP. In concluding his remarks, Mr. Halibozek recommended that the NISP Executive Agent, i.e., the Secretary of Defense, needs to review the current status of the NISP and identify necessary changes and/or enhancements to this program, which will bring it closer to its original objective of a single national program.

      The Chairman responded that Government representatives would be addressing some of the specific issues raised by Mr. Halibozek. However, within the broader context of industry's concerns, he asked the NISPPAC members to consider whether there is something lacking structurally that the NISPPAC could address. He mentioned that it was once proposed that there be established an executive committee within Government that would meet intermittently. The proposed Government executive committee would have been chaired by a senior representative of the Secretary of Defense, and would have included the other signatory agencies on the NISPOM, as well as the Chairman of the NISPPAC. At that time, a large interagency/industry implementing committee was meeting regularly, and the concept of an executive committee was tabled. The Chairman asked, within the context of regaining the initiative for full NISP implementation, whether such a concept now has merit, or alternatively, should the membership consider recommending some other basic change in the structure of the NISP or NISPPAC.

    2. Chapter 8 - Automated Information Systems.
      Mr. Frields, Deputy Director for Industrial Security Programs, OSD, commented that in March 1997, the NISPPAC resolved that the Executive Agent, DOD, would be responsible for redrafting Chapter 8 within a two-month time frame. Mr. Frields said DOD did so and that Bill Leonard reported on the progress at the last NISPPAC meeting in St. Louis. He stated that DOD expected to have something approved and published by January 1998. However, there was no support on the Government side for that product, principally because of the lack of procedural guidelines perceived to be essential. Mr. Frields said further that the process for drafting a product worked, but it's extremely difficult to get Government agencies to buy into a product that they think will not work for their information. He informed the group that there is another plan in place to get that done.

      Mr. Leonard, OSD, informed the group that C3I plans to hold a session including several agencies or activities at which they can come up with a performance based Chapter 8. The next step would then be to have the full coordination process take place. Mr. Leonard mentioned that the draft would be a starting point or foundation for a performance based product. Several members expressed concern with the fact that while a group may be able to come up with a product quickly, how would an impasse be resolved if one occurs.

      Mr. Leonard mentioned that there were several options available, including an elevation of the issues to the Deputy Secretaries of several agencies. John Elliff, Community Management Staff, suggested that the Executive Agent resolve an impasse by engaging the representatives of the Central Intelligence Agency, Department of Energy, and the Nuclear Regulatory Commission in this effort. In regard to this matter, there was general agreement that a motion be offered to move this effort forward to the four signatories of the NISP. The Chairman suggested and Ed Halibozek and Bill Leonard agreed that initially the three of them would work together to develop a draft and circulate it to the membership.

    3. Chapter 9, Section 1 - Investigation Standard for Secret/RD.
      Mrs. Cathy Tullis, DOE, provided the NISPPAC with comments on the investigative standards issue in Chapter 9, Section 1. Mrs. Tullis began with a brief discussion of the DOE policy regarding Secret Restricted Data. She mentioned that before the NISPOM was published, DOE realized that the NISPOM standards differed from DOE's requirements for protecting Secret Restricted Data with respect to:

      1. investigative standards;
      2. physical security storage standards; and
      3. computer security requirements.

      Mrs. Tullis explained that instead of impeding progress on the NISPOM and the NISPOM supplement, DOE formed the Nuclear Weapons Information Access Authorization Review Group. This review group would try to identify the most sensitive information that required the highest level of protection. The review group fed its information into a study that was recently completed. The study had one chief recommendation: that the highest fences should go around the most sensitive classified information. Mrs. Tullis commented further that DOD and DOE are now trying to determine what information should be upgraded to Top Secret. Mrs. Tullis stated that if DOE can take its Secret Restricted Data that requires the highest protection in Government and classify it as Top Secret, then DOE can achieve the level of protection that it needs. The group has had several meetings. A month prior to the NISPPAC meeting, DOE proposed to DOD generic criteria for what information could be upgraded to Top Secret.

      Mrs. Tullis commented further that when DOE hears from DOD, DOE will begin to review classification guides line-by-line to identify what information fits the definition for upgrading. She also mentioned that coordination is necessary to resolve this matter. Mrs. Tullis concluded her remarks by stating that DOE is in the process of changing its security rules and culture, and that once that process is completed, DOE will move forward with the task of revising Chapter 9, Section 1 and its baseline supplement to reflect a uniform standard for protecting Secret Restricted Data.

    4. Chapter 9, Section 3--Intelligence Information.
      David Haag, Central Intelligence Agency (CIA), reported that the CIA is reviewing draft revisions of Chapter 9, Section 3, Intelligence Information. Mr. Haag explained that the proposed revisions mirror Director of Central Intelligence Directive (DCID) 1/7, dealing with Security Controls on the Dissemination of Intelligence Information. Specifically, the changes concern dissemination and marking requirements. Mr. Haag also reported that DCID 1/7 and DCID 5/6, Intelligence Disclosure Policy, will be reviewed this month at the next Intelligence Community Deputies' meeting.

  1. National Industrial Security Program Survey Report.
    Rudolph Waddy, ISOO, commented that ISOO has modified its methodology for conducting surveys of the NISP to reflect feedback received from Government and industry. Mr. Waddy explained that the most recent round of surveys will include meetings with user agencies for their comments on the general observations made by the contractors during the survey. In December 1997 and January 1998, ISOO conducted surveys with contractors in the San Francisco, Albuquerque, and Washington, DC areas. Mr. Waddy added that ISOO will present detailed findings of the recent surveys at the next NISPPAC meeting in September 1998.

  2. Status Report on Safeguarding Directive--SPB.
    Dan Jacobson, Director of the Security Policy Board (SPB) staff, briefed the NISPPAC members on the difficulties that have delayed the final approval of the Safeguarding Directive. Mr. Jacobson explained that after a year and a half of revisions, a draft was forwarded to the National Security Council (NSC). NSC then directed the SPB to coordinate a review by foreign governments (allies) and NATO. When this had been completed and all related issues had been resolved, the draft was endorsed by all SPB members except the Department of Justice. Justice would not endorse the draft unless an annex addressing unauthorized disclosures was provided. NSC's legal counsel supported the Justice position. On Thursday, March 26, the co-Chairmen of the SPB Forum will meet with senior Justice Department officials in an effort to resolve the issue. Mr. Haag, CIA, asked if the Automated Information Systems (AIS) issues in the draft had been resolved. Mr. Jacobson responded that AIS concerns had been resolved and added that the National Security Telecommunications and Information Systems Security Committee (NSTISSC) has commented that there is an umbrella system for protecting AIS classified information.

  3. Status of the Secrecy Legislation.
    The Chairman provided an update on the status of Senate Bill S. 712, "The Government Secrecy Act," introduced by Senators Moynihan and Helms last year. Mr. Garfinkel explained that this year S. 712 has received a much higher profile in the Senate. He noted that tomorrow at the Dirksen Senate Office Building there will be a hearing on S. 712 before the Committee on Governmental Affairs. In addition to Mr. Garfinkel, witnesses for the CIA, DOD, DOE, OMB, the JFK Assassination Records Review Board, and the Federation of American Scientists will testify. Mr. Garfinkel added that the NSC is busily developing the Administration's position on the legislation. Mr. Garfinkel stated that passage of the proposed legislation is still questionable for several reasons, and highly doubtful this year. First of all, the NSC has serious objections to certain provisions of S. 712, particularly as they relate to separation of powers principles and judicial review concerns being expressed most forcefully by the Department of Justice. Second, there appears to be no comparable interest in the legislation on the House side.

  4. Staff Director, SPB Appointed as a Non-Voting Member. The Chairman moved to appoint the Staff Director of the United States Security Policy Board as a non-voting Government member of the NISP, and to amend the NISPPAC bylaws, as may be necessary, to reflect such an appointment. The NISPPAC members unanimously approved the motion.

  5. Outgoing Industry Members/Request for Recommendations. The Chairman reminded the NISPPAC that three of its industry members, Shirley Krieger, Marlyn Miller, and Frank Martin, would be leaving the group after the next NISPPAC meeting in September. The Chairman praised them as outstanding members of the NISPPAC and asked those in attendance to continue to provide him with recommendations for industry representatives. [In July 1998, the Chairman filed a motion to the NISPPAC membership by fax that the NISPPAC bylaws be amended by adding the following language:

    Commencing in fiscal year 1998, the term of membership for industry representatives shall be four years. The terms of industry representatives shall be staggered so that the terms of two industry representatives are completed at the end of each fiscal year. The terms of the industry representatives serving in fiscal year 1998 shall be adjusted so that they permit the establishment of staggered four-year terms.
    This motion has passed, receiving unanimous support from those members who have responded, and surpassing the supermajority of both Government and industry representatives as required to amend the NISPPAC bylaws. As a result of that vote, Ms. Krieger and Gen. Martin have agreed to extend their service on the NISPPAC by another year until September 30, 1999.]

  6. Next NISPPAC Meeting.
    The NISPPAC members unanimously approved the Chairman's motion to hold its next meeting at an appropriate facility in Dallas, Texas, on the afternoon of Thursday, September 17, 1998, at the conclusion of the American Society for Industrial Security's Annual Seminar.

  7. Adjournment. The Chairman adjourned the meeting at approximately 11:00 a.m.