dIDw 39671QO Ping eein ene expressed in this article ere these ef the euther e end dd net represent the e lelel eplnlen SH CBS Out of Control U INTRODUCTION U U In their quest to bene t from the great advantages of networked computer systems the US military and intelligence communities have put almost all of their classi ed information eggs into one very precarious basket computer system administrators A relatively small number of system administrators are able to read copy move alter and destroy almost every' piece of classi ed information handled by a given agency or-organization An insider-gone-bad with enough hacking skills to gain root - privileges might acquire similar capabilities It seems amazing that so few are allowed to control so much - apparently with little or no supervision or security audits The system administrators might audit users but who audits them Even if higher level auditing-of system administrators takes place it is unlikely that such audits are frequent enough or extensive enough to be effective especially against experts who probably know their systems better than their auditors rIfhis is not meant as an attack on the integrity of system administrators as a whole nor is it an attempt to blame anyone for this gaping vulnerability It is rather a i warning administrators are likely to be targeted_ increasingly targeted by - 1 foreign intelligence services because of their special access to information This is especially true for the system administrators of classified networks Historical evidence of foreign intelligence targeting of US communicators people who had _special access to material strongly supports this assertion - U This situation also raises a concern about individual accountability for classified information In short individual users have lost control over access to electronic versions i of their classi ed les If the next Aldrich Ames turns out to be a system administrator If who steals and sells classified reports stored on-line by or other users will the users be liable in any way Clearly steps must be taken to counter the threat to system administrators and to ensure individual accountability for classified information thatlis created processed or stored electronically COMMUNICATORS HAVE BEEN HEAVILY TARGETED f FOR THEIR ACCESS To KEYfS-b ej' 4-3-90 During the Cold War untold numbers of people were recruited by Soviet Bloc intelligence services to spy against the US and the West but-among the most prized agents were U S communicators or others who could supply material and - related information Between 1946 and 1986 If government end ennrered fer by NBA en 03-23 2011 nureuenwl 3525 - an P L 86 36 are - I yearn 3961120 personnel were known to compromise U S systems on behalf of foreign intelligence services primarily those of the Soviet Union Many other individuals also provided U S key to foreign intelligence services but were never formally charged key was and still is hot stuff because acquiring it especially through an agent was the easiest way that the badguys could gain access to hundreds or even thousands of classi ed U S messages I SYSTEM ADMINISTRATORS ARE POTENTIALLY MORE LUCRATIVE HUMINT TARGETS THAN system administrators though the situation is potentia'lly' much worse than it has ever been with communicators In part this is because the system administrators can so easily so quickly so undetectably steal vast quantities of information Communicators of the past usually sent only relatively short messages and nished documents but today s system administrators can'obtain full-length copies of entire reports including draft versions as well as informal e-mail messages electronic calendar appointments and a wide variety of other data U In some cases they might even be able to mount what are called clbsesin technical attacks by remotely activating workstation microphones effectively turning them into audio bugs They also have the- ability to acquire and pre sort high quality information which saves the foreign intelligence service time and resources that would otherwise be devoted to sorting through bulk collection Furthermore system administrators are capable of manipulation destroying or altering data and controlling the availability of networks er speCi c applications FOREIGN INTELLIGENCE SERVICES ARE ALREADY TARGETING COMPUTER 264 86 36 i I I so DOCID 3967120 - 8H6 OUTQFCONTROL v This warning about the HUMINT vulnerability is in no way meant to downplay the need for stringent technical security solutions but just as unbreakable US if has pushed foreign intelligence services- to target the people who control the key so too will stronger network security spur increased targeting of the people who 32 control the computers 265 ll ncxn 3967120 so $0 556557 QUARTERLY 8 6 3 6 THE FOR MORE INDIVIDUAL ACCOUNTABILITY U U This threat highlights the' need to control classi ed electronic lesp but asmost - users of classi ed client-server networks already know individuals less control over their own classi edlelectronic les than they have over their hard In - short people are doing thingswith electronic copies of classi ed information that would 'never be alloWed with paper For example ifa le is sent to the printer does not print out it is assumed to be a glitch not a lost copy of a classi ed report Assess I 266 Doc ID 3967120 I OUTQF CONTROL U These a_re troubling questions because even though 'the vast majority of - intelligence-personnel are not system administrators they are still legally profeSSi'on'al'ly - and morally responsible for the classified information that they produce handle or store Users of classi ed systems must therefore be given greatercontrol individually over-1 the electronic versions of their'notes reports and other documents The information at risk includes widely disseminated classi ed and sensitive-bu-t-unclassi ed documents highly compartmented information with very strict need to know information protected by the privacy act such as personnel les medical records and security les other high-1y sensitive information such as Inspector General investigations and security investigations for counterintelligence or law enforcement matters CONCLUSIONS AND RECOMMENDATIONS U grovving' threat to system administrators heightens the need for accountability for classified electronic information but there is no one easyanswer to this problem Most users enjoy and appreciate new technology and all of the associated benefits frome-m'ail to bulletin boards to Web browsers to cost saving shared resources It is unlikely thatany'ohe wants to return tothe pr -client-server era even if it were possible _ to do so Still the - military and intelligence communities must do something if they are to- reestablish -- 267 so 1 4 - 31L 86 36 -5E-ERE-T Qatari-gm individual employees control over the information for which they are personally responsible Possible actions include the following I U Allow physical separations from networks Allow each workstation to function 'as both a stand alone and a network terminal with a physical disconnect from the LAN or other network People who need to work on highly sensitive matters could thus do so with less anxiety about network attacks by physically disconnecting from their LAN To be effective this would re uire the more expensive installation of word processing or other applications on each workstation rather than as a shared network resource using licenses - but it would also allow people to be productive during network down time Of course connecting to the network to send e-mail or surf the Web would have to be a relatively quick and easy procedure such as plugging in a cable and then clicking on an icon Wei Provide hard drives and managers should be able to store information on their own workstations individual hard drives in an form that cannot be by anyone else including'system administrators Yes some people will forget a password or something and end up losing an important le but that is the price of individual responsibility - Those who do highly-compartmented or otherwise sensitive work should be provided with removable hard drives that can be and stored in a three-combo safe It would be preferable if in the future all hard drives could be' removed for storage in a safe to prevent theft or damage from re or other disasters But then exit inspections would have to be reinstituted to help prevent people from carrying the drives out An alternative would-be to install sensor-s at each exit'and tag each drive with a trigger mechanism similar to' the technology used by stores to combat shOplifting 43-9999 Give M5 and other security Organizations more money 'It is _unwise to cut security budgets now and it s not only because of the threat of a specially equipped Ryder rental van taking out half of the FANX building _Overall employee susceptibility to foreign intelligence recruitment has probably increased in this era of unprecedented budget cuts and the accompanying low morale In the long term security acts as a force-multiplier because it limits 268 f I - uly vans cl 3961120 OUTQF CONTROL otherwise exponential losses caused by spies and good budget planners know that force multipliers should not be cut at the same rate as regular forces during downsizing so so 1 86h36 i by V52 and the 530 Global Threat - - -1 In formerly a chapter president of Pi Sigma Alpha the National Political Science 15 the primary editor 0 the National INFOSEC Intelligence Review NIIR published aperiodically Summary a reference manual also published by V52 He joined- the Agency and was professionalized as an Intelligence Research IR Analyst in 1990 after graduating from the IR intern program wHe has an M A in national security studies from Georgetown University and-'a-XBA in foreign affairs from the University of Virginia He holds memberships in the National Military Intelligen ii-Association the Association of Old Crows and the International Affairs Institute He was Honor Society He is an award-winning essayist and has publishedtseve ral articles in professional journals at NSA and CIA lat- - 86 36 Derived from 123-2f Dated 3 September 1991 Declassify 0n Source Marked - Date of Source 3 Sep 91 269 asset-1