On 14 September 1998, a public meeting of the Security Policy Advisory Board (SPAB) was held at the Dallas Convention Center in Dallas, Texas. The meeting was held in conjunction with the annual meeting of the American Society for Industrial Security (ASIS). Board Chairman General Larry Welch, USAF (Ret) presided with board members Ms. Nina Stewart and Rear Admiral Thomas Brooks, USN (Ret) also in attendance. Numerous members of the public were also in attendance.
AGENDA ITEMS:
INTRODUCTIONS/ PRESENTATION BY CHAIRMAN WELCH
1. The meeting was opened by Mr. Bill Isaacs, who is a member of the Security Policy Board staff and serves as Responsible Federal Officer. He welcomed all in attendance and introduced the advisory board members.
2. Chairman Welch presented an overview of the Security Policy Board and the Security Policy Advisory Board's oversight responsibilities of the SPB process. He indicated that the SPB responsibility is to consider, coordinate, and recommend for implementation to the President, directives for U.S. security policy, procedures and practices. He added that the Advisory Board's purpose was to advise the President on proposed legislative initiatives and executive orders pertaining to U.S. security policy as developed by the Board. The members of the Advisory Board serve as independent and non-government advisors on security policy initiatives and report to the President the implementation of the four principles guiding security policy per Presidential Decision Directive 29. These principles reflect that: policies and practices must match the threat; be consistent and have the ability to allocate resources effectively; result in fair and equitable treatment of all Americans who guard the nation's security; and provide the security needed at an affordable price.
Chairman Welch then presented an update on the first and second year's focus of the Advisory Board's efforts with Personnel Security issues being their centerpiece. In the first year, five areas of observation and recommendation in the report to the President were discussed. They were to: strengthen common investigative and adjudicative standards and ensure reciprocity; give priority to create a central data base; force efficiencies in the demand for investigations; establish standards for compartmented access; and to improve the mechanism for implementing security policy in general. Some progress was made in each area. As examples, the single scope background investigation and common adjudicative standards have been approved. The central data base for tracking clearance information is near completion; and, fee for service for investigations will be implemented in the Department of Defense. The focus of the Advisory Board in its second year found many of the same issues with the addition of the need for a "one stop shop" for requesting threat information. The Advisory Board will continue to monitor these issues and press the security community for continued progress and positive results.
The Chairman then discussed the reconvening of the Joint Security Commission. This will take place in the fall of this year and will have two main thrusts. The commission will review the progress and identify priorities of the original JSC recommendations and expand the focus to protection and assurance of critical mission information relating to national security.
EXTRANET FOR SECURITY PROFESSIONALS (ESP)
3. Mr. James Passarelli of the Security Policy Board staff presented an update on the status of the ESP. He provided a background that identified the ESP concept as having its origin at Defense Advanced Research Projects Agency (DARPA). The original concept was to use existing internet technology in a "virtual private network" that was affordable, trusted and real time. The system offers 128-bit encryption for safeguarding up to and including "For Official Use Only" information for government and industry use. The ESP meets one of the challenges of PDD-29 to provide our nation security at a price it can afford.
Mr. Passarelli offered that the ESP would be developed in three phases. Phase One, which ended in March 1998, saw the ESP funded solely by DARPA and its focus on the development, maturation and operations of the initial infrastructure. Phase Two (April 98 - April 00) found the stewardship of the ESP transferred to the SPB, and the ESP itself transferred to Carnegie-Mellon University/SEI in April 1998. A Board of Governors overseeing the project development was chartered in June 1998 and resources for FY98 were finally acquired in August 1998. Mr. Passarelli offered that the ESP was almost scrapped due to lack of funding but was saved from extinction in August 1998. Also in Phase Two is the requirement to establish an FY99-00 development plan to be approved by the Board of Governors. Next, a plan to transition the ESP to an executive agent and acquire FY99-00 resources must be accomplished. Finally, Phase Two includes a long-term operations plan (post-April 00) to be developed with actual transition to the executive agent to occur in May 2000. Phase Three (May 2000 - outyears) requires the executive agent to provide operations and maintenance to the system which includes the resources required. Phase Three includes any future development that the Board of Governors might see fit as the ESP is considered to be a living system subject to modification. Overall the ESP has the support of government and industry but total development hinges on determining SPB department/ agency system requirements and adequate funding being available.
SPECIAL ACCESS PROGRAMS SECURITY STANDARDS WORKING GROUP (SAPSSWG)
4. Mr. Richard Williams, Director, Security, OASD(C3I), and Dr. John Elliff, CMS, provided a progress report on the Special Access Program Security Standards Working Group (SAPSSWG). The final report of the SAPSSWG was dispatched to the National Security Council at the end of July 1998 within the time constraint tasked to the Security Policy Board by the NSC. Mr. Williams and Dr. Elliff addressed three of the SAP-related "Secrecy" or "Moynihan Commission" recommendations.
Specifically, these are summarized as follows: a) NUMBER TWO -- Implement a single set of security standards for SAP/compartmented programs; b) NUMBER FOUR -- Carefully consider other matters besides just classification when making SAP classification decisions; and c) NUMBER TEN -- Better facilitate SAP access reciprocity within these highly classified programs.
BOARD COMMENTARY
Chairman Welch noted that he was pleased with the progress of the SAPSSWG however he also noted that there is still much work to be done and that he concurred that the committee should extend its time to ensure that their work is effectively carried out. Also, Ms. Nina Stewart queried Mr. Williams and Dr. Elliff regarding the implementation of the NISPOM Supplement Overprint and the on-going efforts to promote reciprocity.
In response to Ms. Stewart's questions, Mr. Williams advised that the Deputy Secretary of Defense has issued guidance to SAP program managers which incorporates the Overprint into SAP program requirements. Further, Mr. Williams indicated that this will be an item of interest in Inspector General review of SAP programs. Also discussed was the work on the Joint Personnel Adjudication System (JPAS) which has been expanded to capture SAP clearance data, etc., thereby contributing to reciprocity and the suggestions to the NSC regarding rewording of E.O. 12958.
5. There was no further commentary and the meeting was adjourned by Mr. Isaacs at 1500 hrs.