On September 11, 2000, a public meeting of the President’s Security Policy Advisory Board (SPAB) was held at the Orange County Convention Center in Orlando, Florida. The meeting was held in conjunction with the American Society for Industrial Security (ASIS) Annual Seminar & Exhibits. Board Chairman General Larry Welch, USAF (Ret.), presided with Board Member Rear Admiral Thomas Brooks, USN (Ret.). Approximately 100 people from the public and private sector attended.
MinutesSeptember 11, 2000
Security Policy Advisory Board Meeting
ASIS International 2000
Annual Seminar & Exhibits
Orange County Convention Center
The meeting was called to order at 1330 hours by Mr. Bill Isaacs, a member of the Security Policy Board (SPB) staff serving as the Responsible Federal Officer in support of the SPAB. He welcomed all in attendance and introduced the Advisory Board members.
1. Mr. Dan Jacobson, the Executive Director of the Security Policy Board, provided an update on the implementation status of the Joint Security Commission II recommendations. He categorized the recommendations in the following manner: those recommendations where significant accomplishment has occurred in implementation; those recommendations where there have been significant developments; those where there has been partial development; and those recommendations that are on hold. See attachment for briefing charts containing recommendation information.
Board Commentary2. Mr. Edward Wilkinson, the Deputy Executive Director of the Security Policy Board, made a presentation on an initiative called “Tapestry.” The JSC II had identified clearance information sharing as a key to reciprocity. To this end, the Tapestry project was formed to identify existing clearance information databases and the steps to enable the sharing of this information. Subsequently, the SPB Forum recommended that the SPB Excom direct agencies to participate fully in these databases. The three primary database systems are called JPAS/DCII (DOD), SII (OPM), and Scattered Castles (INTEL CMTY). Paramount to the success of this initiative is integrity of the information contained in these databases. Incentives to keep this information current are being developed.
General Welch stated that if the security community is to do effective risk management it must first do effective cost-benefit analysis. He noted that the Clinger-Cohen Act requires capturing the cost of security. He added that the Department of Defense and Intelligence community should move out smartly in implementing “defense in depth” of their computer systems and not wait for a national policy to be issued. He called it a “prescription for paralysis” to wait for a national policy.
Admiral Brooks asked if the systems will show clearance data that crosses boundaries. The response to this question was affirmative.
3. Mr. John McGaffin, Senior Advisor to the NACIC, provided the status and content of the initiative called CI-21. A year ago, the Secretary of Defense, Director of the Federal Bureau of Investigation, and the Director of Central Intelligence established a Special Review Process to examine how well the national counterintelligence community is positioned to meet the CI challenges of the 21st Century. Do current authorities match today’s challenges? The process revealed that to deal with the new CI threat environment, the CI community must be restructured and transposed from a largely reactive state to a modern, innovative program that is much more proactive. The NSC is currently coordinating a Presidential Decision Directive (PDD) that reflects the recommendations for reform put forth by the review group. The hallmark of the new National CI system will be its interaction with policymakers and the private sector on CI issues, ensuring that the CI community is informed by and contributes to the implementation of national policies and strategies. As envisioned, responsibility for national counterintelligence will be vested in a Board of Directors, chaired by the Director of the FBI and composed of the Deputy Secretary of Defense, the Deputy Director of Central Intelligence, and a senior representative from the Department of Justice. A national CI Executive and support organization will be established to carry out the following functions as well as absorb all of the functions currently performed by NACIC. The principle activities of this successor organization will include the identification of the critical assets that must be protected by CI, (described here as the Crown Jewels), formulating a National CI Strategy, overseeing and coordinating the production of strategic CI analysis, evaluating and assisting in the integration of CI budget and resource plans of the community, communicating to the Board the adequacy of these plans to meet the objectives and priorities of the National CI strategy, evaluating the effectiveness in implementing the strategy, identifying collection gaps, and coordinating other national level CI activities. Interaction with the private sector was identified as essential if the new CI executive is to accomplish these objectives.
General Welch agreed that a National CI strategy must determine “what” crown jewels should be protected. The “who” or the hostile nation vector becomes less relevant. This determination must be done with private sector involvement.
An individual from the audience asked if a series of financial penalties should be imposed for lack of security on the part of industrial contractors.
General Welch offered that the result of lack of adequate security measures by an industrial contractor should be eventual loss of the contract with the government in accordance with appropriate contract terms.
An exchange between members of the audience and the board members involving protection of national security information (classified) and the protection of sensitive but unclassified information took place with the Board making the following observation.Board Commentary
General Welch stated that the protection of all information systems is essential for effective operations no matter the classification of the system. He followed by saying that the compromise of some unclassified systems can shut down operations and that overall network security protection is key.Mr. Isaacs adjourned the meeting at 1600 hours.
Briefing Charts on Implementation of Joint Security Commission II Recommendations