Redefining Security

A Report to the
Secretary of Defense
and the
Director of Central Intelligence

February 28, 1994

Joint Security Commission
Washington, D.C. 20505

Joint Security Commission
Washington, D.C. 20505

February 28, 1994

The Honorable William J. Perry
Secretary of Defense
Washington, D. C. 20301

The Honorable R. James Woolsey
Director of Central Intelligence
Washington, D. C. 20505

Dear Sirs:

1. Pursuant to your request, the Joint Security Commission was convened on June 11, 1993. The Commission was guided by your direction to develop a new approach to security that would "assure the adequacy of protection within the contours of a security system that is simplified, more uniform, and more cost effective."

2. This report presents the recommendations of the Joint Security Commission to achieve these objectives and to redefine security policies, practices and procedures. The report describes the threats to our nation's security and lays out a vision the Commission believes will shift the course of security philosophy. We also propose a new policy structure and a classification system designed to manage risks better, and we outline methods of improving government and industry personnel security policies. We offer recommendations on developing new strategies for achieving security within our information systems, including protecting the integrity and availability of both classified and unclassified information assets, and we call for a new approach to capture security costs. We provide recommendations for linking traditional physical and technical countermeasures to threat. We believe that implementation of these recommendations will result in a security system that will meet the evolving threat while being fairer, more coherent, and more cost effective.

3. In reaching its conclusions and recommendations, the Commission drew upon the perspectives of policymakers, Congress, the military, industry, and public interest groups. Although our charter was limited to a review of the Intelligence and Defense Communities, we found that many of the problems and solutions have government-wide implications. In those instances where we believe that a government-wide solution is the best answer, we have offered recommendations to that effect.

4. This report represents months of work by the Commissioners, our staff, and a vast number of citizens both in and out of government, who graciously gave us their time and comments. On behalf of the Commission, I would like to thank all who contributed to this effort and to give special recognition to our superb staff, headed so ably by Dan Ryan. Ultimately, of course, the Commissioners bear full responsibility for the analysis and recommendations contained herein.

5. As you have directed, the Commission will remain in place until June 1, to assist in the implementation of our recommendations. We look forward to working with you to achieve the objectives you have laid before us.

Very respectfully,

Jeffrey H. Smith


Executive Summary

Chapter 1. Approaching the Next Century

Chapter 2. Classification Management

Chapter 3. Threat Assessments-The Basis of Smart Security Decisions

Chapter 4. Personnel Security-The First and Best Defense

Chapter 5. Physical, Technical, and Procedural Security

Chapter 6. Protecting Advanced Technology

Chapter 7. A Joint Investigative Service

Chapter 8. Information Systems Security

Chapter 9. The Cost of Security-An Elusive Target

Chapter 10. Security Awareness, Training, and Education

Chapter 11. A Security Architecture for the Future



FAS | Secrecy | Library || Search | Join