ML20050A641
| ML20050A641 | |
| Person / Time | |
|---|---|
| Issue date: | 09/04/1979 |
| From: | Harris M NRC OFFICE OF ADMINISTRATION (ADM) |
| To: | NRC OFFICE OF ADMINISTRATION (ADM) |
| Shared Package | |
| ML20050A634 | List: |
| References | |
| FOIA-81-409 NUDOCS 8204010527 | |
| Download: ML20050A641 (4) | |
Text
e-o g[o= arc [o,,
UrHTED STATES o
y g
NUCLEAR 9EGULATORY COMMISSION ng 9g WA S W NGT ON, D. C. 205S5 tw a
%...../
Wyhy-MEMORANDUM FOR:
File 7.20, ADP Security - General ' N,W 0
/
y' THRU:
Calvin L. Burch, Chief f
Facilities and System Security Branch FROM:
M. Richard Harris, Chief Systems Security Section
SUBJECT:
VISIT T0 ftATIONAL INSTITUTES OF HEALTH (NIH) COMPUTER CENTER This memo provides information that supplements the summary contained in Chad Pfleger's memo of August 14 on our visit to NIH.
As a result of the visit, it is recommended that a determination be made of exactly what NRC sensitive data sets are currently in use at NIH and the de-gree of sensitivity of those data sets.
It can then be determined whether or not the security measures currently applied to their protection are adequate and what additional security measures, if any, should be applied.
In the first part of the meeting, Jim Oberthaler of NIH suppl. icd us with copies, of several articles on security taken from " Interface, The Technical Notes Issued By The NIH Computer Center". A copy of these articles describing in some detail the security measures ~provided by the Computer Center is attached.,
NIH Computer Center General Security According to the NIH management personnel, the Computer Center must provide the maximum degree of protection to patient's and research scientist's data at minimum cost in order to satisfy NIH requirements. At the same time, they make every effort to satisfy the security requirements for all users outside of NIH within the limits imposed by the Computer Center budget.
The most stringent cost limitation on the Computer Center is imposed by the research scientists, since most of them must produce results with severely limited funding.
The researchers, however, want their data carefully guarded from access by other scientific personnel unless they are authorized access to the research data by the scientist who " owns" the data.- Apparently there is keen competition among the scientists and they don't want anyone else peeking at their results in advance of it being published officially.
The introduction of additional physical and system security controls increases
~
the Center's operating costs.
These costs, in turn, are passed on to their users. As a result the Center has been constrained to limit the security techniques that are introduced to those that can be done with a minimum of added costs.
I O204010527 011204 PDR FOIA SHEARER 81-409 PDR
~
~
_.. ~
The subject of dedicated transmission lines using encryption equipment at both the user's terminal and the Computer Center ports was discussed briefly as a technique for protecting data between the two points.
Since the system is designed so that all of the user's ports are supplied on a dial-up basis to any one of 500 ports, they stated that it is not economically feasible to have There all ports encrypted to satisfy the security requirements of a few users.
are other system design approaches that could be taken, of course, but the subject was dropped at that point because NRC does not have a verified need.
Furthermore, the Computer Center has from its inception consistently taken the approach that it is up to the user to satisfy himself that the security tech-niques employed by the Computer Center and available to the user are sufficient to meet the user's requirements. They graciously offered to provide any infor-mation about the security measures they employ or are available to flRC users so 4
that an adequate evaluation can be made by NRC.
NIH Software Securiti.
~
The NIH Computer Center has available for users four basic methods for protecting sensitive data:
1.
Account Number Identification 2.
User Initials Identification 3.
Keyword Identification 4.
" Code Phrase" Encryption The most stringent method of control available for the security of sensitive data is called " encryption" by NIH. Their use of the word " encryption" is not intended, however, to imply approval by NSA or NBS. The technique they employ is also referred to in their literature as " scrambling" to distinguish that
.o technique from NSA or NBS approved standards. They 'did state that the NBS Data Encryption Standard (DES) was not utilized in their system.
The highest degree of security currently available for sensitive data in the-
~
NIH system is the encryption / scrambling technique. According to Issue Number 50, p. 10, of " Interface", the periodic newsletter issued by the NIH Computer y
Center, the' encrypting process is controlled by a " code phrase" (equivalent in secure encryption processes to the " key") that is chosen by the user and is never stored in the NIH system. The " code phrase" is used by the user at the terminal end for scrambling purposes when storing' data and for unscrambling s
purposes when retrievi.ng data that has been stored in scrambled form.
As an indication of the degree of security of the scrambling technique, " Interface" states that "there are approximately 2.8 trillion possibilities using only eight-character " code phrases" made up of only letters and digits." "The NIH encrypting allows up to 72 characters per code phrase consisting of letters, digits and all special symbols."
i.
~
In an interactive mode the " code phrase" exists in the computer memory only for the period of time that a data set is being encrypted / scrambled or decrypted /
unscrambled.
The code phrase, therefore, cannot be retrieved from permanent
O L -
storage by a snooper to allow the data to be easily read in the clear. The scrambled data itself can be retrieved, of course, by a very sophisticated snooper, who would than be required to use very sophisticated decoding tech-niques to unscramble the data.
Such decoding techniques would be very ex-pensive and time consuming to apply since they would involve using costly computer equipment. The motivation to break the " code phrase" would, therefore, p
have to be very high.
The next most economical approach for a snooper would be to attack the phone line to the computer with a recording device to obtain the code phrase in order to be able to unscramble the desired data.
The NIH people expressed their belief that the most likely place that the code phrase would be picked up by an unauthorized person would be at the terminal end, i.e., at the user's facility.
In general, there would not be sufficient motivation for 6nyone to use clan-destine techniques to obtain the kind of personal or sensitive data that they are aware is stored and processed at NIH.
As a side note; payroll data is not processed at tha,t NIH facility.
NIH indicated that their policy for many years has been that the user must determine the sensitivity of his data and must assess for himself with whatever information he needs from NIH whether or not the degree of protection provided by the NIH system is adequate for his purposes.
One final point regarding their acquisition of encryption equipment and the degree to which they will secure the facility, the NIH facility also does not process any national security information and has no plans to do so.
,.,,g NIH physical Security' The physical security that exists at the NIH Computer Center and the security improvements that are planned are as follows:
1.
NIH is going to provide a greater degree of physical security with a contract they have recently awarded for a magnetic card access system to control access to the building itself, the Control Center equipment area and individual user pick-up and delivery boxes. The system will permit authorization to any specific area to be controlled by means of the access. code contained on the magnetic card.
2.
There is currently no controlled access to Building 12A, housing the Computer Center. The magnetic card access' system described above will be installed to control access to the lobby of the building.
3.
There is currently no controlled access using guards or controlled doors to the computer area itself. At the time of the visit, it was possible to see the cortputer area from the main lobby and to walk about one hundred feet to the equipment area via the corridor connecting the lobby with the with the~cquipment area. The magnetic card access system will control access to that corridor by means of electrically locked doors that are being installed.
+ - -
I 4-1 J
4 e
4.
Nill does require badging and escorting of outside visitors to the equip-i ment area and plans to continue the practice, t
l Since there is no classified processing done at the Center no NSI clearances i
were or are necessary.
There also did not appear to be anyone in the equipment area except opera-tors. Exactly how extensive the existing access controls are, however, was not clear.
e A-i s
M. Richard Harris, Chief t
Systems Security Section l,,
Attachment:
Nill Computer Center
" Interface" articles l
~
i 4
b I
a 4
3
~
g 8
k I
e
- g 09 g I
e n
h 4
I s
4 ea
{
+
e 6
--m
-c,
---,-m.,
,-m
.