FAS | Secrecy | SPB Docs ||| Index | Search |

INTRODUCTIONS

Mr. Bill Isaacs, who is a member of the Security Policy Board staff and serves as the Responsible Federal Officer in support of the SPAB, opened the meeting at 1330hrs. He welcomed all in attendance and introduced the SPAB members.

PRESENTATION

Chairman Welch presented a comprehensive briefing of the findings and recommendations of the Joint Security Commission II. A copy of that briefing is attached.

OPEN DISCUSSION

Following Chairman Welch’s presentation was a period of open discussion of security issues.

1. A member from the audience offered that the significant backlog of investigations at the Department of Defense as well as at other agencies was having a dramatic effect on reciprocity.

The SPAB agreed that the backlog was indeed having an adverse effect on clearance reciprocity. They offered that compliance with the investigative standards was key to promoting reciprocity. They also stated that they thought actions currently underway at the Defense Security Service was movement in the right direction by the Defense Department in addressing its portion of the problem.

2. One of the recommendations of the Joint Security Commission was the establishment of a “Cyber-Corp.” In response to a question, the following was presented by Chairman Welch.

There exists today a plethora of government pilot programs for Civil Service training. What is needed is a device or mechanism that is easily understood and focuses on the needs of the computer security professional. The government must establish a partnership with academia and the private sector if it is to compete for scarce computer professional resources. In a related area, a member from the audience offered that a FY00 budget amendment for Cyber Corps implementation was being prepared. The SPAB response to this was that too many agencies are in charge of computer security policy coupled with significant interest from various entities of the Legislative Branch. With so many in charge no one is truly in charge. Critical networks transcend the classified and unclassified world in today’s environment. The SPAB suggested that government undertake an educational program explaining these “new needs.” They agreed that this issue is difficult, but the need dictates that we get started.

3. A question was presented regarding the issue of no accountability for implementation of the security policies adopted by the Security Policy Board.

SPAB Commentary

The SPAB agreed that there has not been appropriate accountability for policy implementation. The JSC II addressed this issue. Feedback is needed on implementation and any adherence to policy must be at all levels of the Executive Branch.

4. The subject of attestation was discussed. A member from industry expressed concern that failure to follow the deliberative process of the National Industrial Security Program (NISP) as occurred with the Defense Federal Acquisition Regulation (DFAR) change regarding attestation would become the norm for the Department of Defense in effecting future changes to the NISP.

SPAB Commentary

The SPAB stressed that the NISP is necessarily a deliberative process. Attestation has a time constraint and needs to be accomplished quickly. The state of security awareness in the Department of Defense needed something done in a dramatic fashion. The Deputy Secretary of Defense acted accordingly.

5. A question arose as to whether the current Chapter 8 of the NISPOM that is currently in coordination was de-conflicted with the DCID 6-3. This was asked by an industry representative. Mr. Dick Williams from the Department of Defense indicated that the two documents have indeed been de-conflicted. Also, a need for a training module for Chapter 8 implementation was noted. It was offered that a look to the lessons learned in the Special Access Program Security Standards Working Group (SAPSSWG) would be beneficial in the implementation of Chapter 8.

SPAB Commentary

The SPAB will follow up on the implementation of the Chapter 8 to include the development of the training module. Also, they asked industry to respond in their comments on Chapter 8 if they felt the two documents (Chapter 8 and the DCID 6-3) were not de-conflicted.

Mr. Isaacs thanked the ASIS representative for hosting the meeting and adjourned the session at 1500hrs.

FAS | Secrecy | SPB Docs ||| Index | Search |