"B. Information pertaining to individuals, groups, or organizations who have plotted, attempted, or carried out assassinations of senior officials of domestic or foreign governments.

"C. Information concerning the use of bodily harm or assassination as a political weapon. This should include training and techniques used to carry out the act.

"D. Information on persons who insist upon personally contacting high Government officials for the purpose of redress of imaginary grievances, etc.

"E. Information on any person who makes oral or written statements about high Government officials in the following categories: (1) threatening statements; (2) irrational statements, and (3) abusive statements.

"F. Information on professional gate crashers.

"G. Information pertaining to 'terrorist' bombings.

"H. Information pertaining to the ownership or concealment by individuals or groups of caches of firearms, explosives, or other implements of war.

"I. Information regarding anti-American or anti-U.S. Government demonstrations in the United States or overseas.

"J. Information regarding civil disturbances."

Senator Ervin, who is noted for a piquant sense of humor, said in a speech a few months ago: "Although I am not a 'professional gate crasher,' I am a 'malcontent' on many issues.

"I have written the President and other high officials complaining of grievances that some may consider 'imaginary.' And on occasion I may also have 'embarrassed' high Government officials."

Based on the guidelines, the Senator asserted, he himself is qualified for the computer.

FOREWORD

This booklet has been prepared for an audience of executives and managers, other than computer and ADP managers, in organizations using computers to help them understand the necessity for computer security and the problems encountered in providing for it.

There are still many gaps in our knowledge. Much more work needs to be done before an organization will be able to implement security provisions which are specific and justifiable responses to defined threats. There are, however, measures which may be taken and this booklet provides a general discussion of those solutions which are available today.

A question and answer format was selected to organize the material in a manner which might logically represent a general approach to analyzing computer security problems. The material in this booklet was drawn from the report of a workshop of top technical experts in the field of computer security, held in December 1972.

The Institute for Computer Sciences and Technology at the National Bureau of Standards, U.S. Department of Commerce and the Association for Computing Machinery, the nation's largest technical society for computer professionals. have been jointly sponsoring a series of workshops and action conferences on national issues. These workshops were designed to bring together the best talents in the country in the respective areas to establish a consensus on 1) current state of the art. 2) additional action required, and 3) where the responsibility for such action lies. The workshop on computer security was the first in the series and did, indeed, establish a precedent of satisfying those goals.

BASIC TERMS

Privacy is a concept which applies to an individual. It is the right of an individual to decide what information about himself he wishes to share with others and also what information he is willing to accept from others. The privacy issue has not resulted from the development of computers, but the heightened interest in it can be laid to the capability of computers for storing vast amounts of readily usable data.

Confidentiality is a concept which applies to data. It is the status accorded to data which has been agreed upon between the person or organization furnishing the data and the organization receiving it and which describes the degree of protection which will be provided.

Data integrity exists when data does not differ from its source documents and has not been accidentally or maliciously altered, disclosed or destroyed.

Data security is the protection of data against accidental or intentional destruction, disclosure or modification, using both physical security measures and controlled accessibility.

Controlled accessibility is the set of technological measures of hardware and software available in a computer system for the protection of data.

Physical security is protection against physical destruction and theft of assets, including data.

The National Science Foundation provided financial assistance in planning the series.

WHY SECURITY?

1. WHAT IS COMPUTER SECURITY?

Computer security refers to the technological safeguards and managerial procedures which can be applied to computer hardware, programs and data to assure that organizational assets and individual privacy are protected.

2. WHY SHOULD I CARE ABOUT COMPUTER SECURITY?

Computer data and programs represent an increasingly important part of the assets of every organization in our economy. Every day both business and government become more dependent on computer systems to carry out normal business operations. There are over 130,000 computers installed in the U.S. today representing a current value of $29.2 billion. There is no way to place a value on the millions of data files and programs used on these machines, or on the value of the services performed by these same machines. Their worth in this sense is clearly inestimable. These assets must be safeguarded.

Consumer and public interest groups as well as individuals are now beginning to demand that their concern for protection of individual privacy be taken into account in the design and operation of modern information systems. The President in his 1974 State of the Union address called for attention to this critical national problem at the highest levels of government. His concerns included modern information systems, data banks, credit records, and electronic snooping as well as ostensibly collecting personal data for one purpose and then using it for another. In fact a number of bills are currently being proposed in the states as well as the Federal legis. latures to insure rights of privacy and establish requirements of data protection. Every data processing activity will be impacted by the provisions of the legislation.

Every organization will need to adopt procedures and provide safeguards to protect these valuable assets and meet the requirements of legislation.

3. WHAT MUST I PROTECT THESE ASSETS AND INFORMATION AGAINST?

Threats to computer system security arise from the unpredictability of environmental conditions and people. Data processing facilities and assets must be protected against natural catastrophe and hostile activity so that the impact on the operations of the organization are minimized. These threats include destruction by environmental forces as well as theft or destruction by individuals. Nature only destroys; man both destroys and acquires. Exposure to these threats creates risk for your organization.

4. ARE THE THREATS WHICH CAN BE PERPETRATED BY PEOPLE ON MY COMPUTER SYSTEM REALLY SERIOUS?

Such threats are very real and serious. Companies have been nearly put out of business by unauthorized manipulation of their data files.

The most common situation is the manipulation of computer system resources for personal gain. Direct physical assaults on computer facilities for purposes of destruction are relatively rare. Nevertheless persons motivated by revenge or antipathy toward modern technology have made direct physical assaults resulting in serious damage.

In a study of computer-related crimes, the significant fact appeared that many people who consider themselves honest citizens who would not steal from other people have no compunction about stealing from a computer because it is a faceless nonentity. The same study revealed that the financial gain from computer crime has little appeal for some people, but they will commit a crime for the thrill of “beating the computer".

In reading the following examples, it will be obvious that the individuals involved were apprehended, but it must be assumed that much computer-related crime is not detected and is, in fact, still going on. a. Internal threat, job related: Because of his famil

iarity with a bank's programs and procedures, a teller in a New York bank was able to transfer $1.5 million to his own account without leaving any trace of his activity, completely foiling both