Information Resource Security Mandate - IRSM

This section specifies procedures for the handling of information while it is stored or processed by the state, information supplied by the state ro non-state parties, and information supplied to the state by a non-state party, or otherwise generated by a non-state party, pursuant to a pre-existing formal agreement of that party with the state in which provisions for the handling of information are enumerated.

Any computing resource within the state is required to be protected as follows: 1) Except for anonymous retrieve-only access to information designated "published" in this document, all access must be predicated upon the cryptographically secure authentication of the accessor, by uniqueified name, which must be recorded.   2) All classified and personal data must be encrypted in storage, in such a manner that only those with a need to know can decrypt the data.   3) All data must be encrypted in transit.   4) All data must be replicated in electromagnetically impervious media which is stored in a secure building separate from the primary storage facility for the data, and at least 100 miles distant.   Media replication must be performed at least once per week, and can be done in an interval, i.e."delta," fashion.   5) Confidential data can not be accessed with an apparatus which emits radiation which permits eavesdropping.   6) When confidential data is being accessed, authentication must be performed with a personal portable authentication/cipher engine (e.g.   smart card) and authorization must expire within one hour of initialization. 7) No information can be discarded - a record of all data and accesses must be maintained in at least one place in perpetuity.

The following is from to-do, collected and moved here because the section is grossly impoverished without it.

The justices of the xxxxx

Any encrypted information generated within or supplied to the state must include an encapsulation of the decryption key which is usable

must specify a key split escrow system for all state documents.   IRSM archiving should include a central archive for each unit of state. central archives must be coordinated to implement strategically dispersed replication.

each unit of state must have a unique identifier.   each document within a unit of state must have a security classification, and an identifier unique and indefinitely non-recurring within that unit of state.

individual accountability for classification of information, review at intervals requiring positive accountable reclassification.

need to explain that classification as described in this document is confined to state business, and people operating within or on behalf of the state.

need to specify procedure for security clearances.   who is eligible to apply, what the general standards are for each level.   elsewhere, the levels of security classification must be enumerated, with their general meanings stated.   called a security context.  

an individual's security clearance profile must be published.

The generic security contexts, with their corresponding abbreviatory tokens, are:
  -public (P)
  -official use only (O)

The specific security contexts, with their corresponding abbreviatory tokens, are:
  -law enforcement secret (L)
  -personal secret (Q)
  -military secret (M)
  -diplomatic secret (D)696 1494

the context modifiers are, with their corresponding abbreviatory tokens, are:
  -mission-critical (C)
  -sensitive (S)

Specific contexts can be compounded to protect information with complex sensitivities.

Any context can be compounded with C signifying extra measures to assure data survival.   The C token must be followed by an index digit between zero and nine specifying more precisely what procedures are required to assure data survival.

An individual has a need-to-know regarding an item, if he is a thresholded legislator in the unit of state that has custody of the item or in a containing unit of state, or if effective implementation of an order lawfully issued to him in the course of state business requires access to the item.

All specific contexts are strictly need-to-know and can be compounded with S signifying that the document must be confined to secure hardware and environments as specified by law.

Specific context tokens must be followed by an index digit between zero and nine signifying more precisely the sensitivity of the information within the domain of that specifier or modifier.

The handling requirements associated with a particular index digit used as a specific context qualifier must be uniform across the entirety of the state at all levels, regardless of the specific context it qualifies.   These handling requirements must be promulgated by the national legislature, and cannot include particular requirements on who is supplied with information.

A document is accessible only to people who are cleared for at least the specified index for each context specifier given, and then only on a need-to-know basis.

all public documents are anonymously available.   all official use only documents are available on a non-anonymous basis to all individuals who have entered an appropriate contract of non-disclosure with the state.   all non-public non-personal documents, are automatically made public 25 years after their initial creation (though they can be made public more quickly, at the discretion of responsible personnel, and according to court order), with the following exceptions: 1) technical plans for nuclear, biological, and chemical weapons, must remain sensitive military secret in perpetuity.   2) technical plans for major machines of war, such as submarines, aircraft, tanks, missiles, and high power beam weapons, can be maintained at their initial classification at the discretion of responsible military personnel.   3) at the discretion of responsible military personnel, technical plans for any other weaponry or armor whose use is directed under actual combat or other non-exercise conditions by current tactical or operational procedures, can be maintained at their initial level of classification until use of that equipment is no longer so directed.   4) information whose dissemination would endanger a particular living individual must remain at its initial level of classification, or a more restrictive one, until after that individual has died, or until that individual has lawfully reviewed the information at issue and concluded that declassification is acceptable to him.   5) any information that describes tactical and operational aspects of current and continuing operations by the military branch, specifically the current location and distribution of materiel, installations, and personnel, can remain classified at the discretion of responsible military personnel.

gradations within named classification levels, a simple 0 to 9 scale 9 being the most sensitive, with practical definitions of the meaning of each.

continuance of classification can only be by a hierarchical superior - the idea is that after, say, the initial year of classification, an item is declassified unless someone above the classifying agent continues the classification.   then at intervals of (say) a year thereafter this continues up the hierarchy, except that the president of the investigative branch can continue classifications indefinitely according to law.

need a FOIA-like framework.

a unit of state must provide all information in its records about an individual, to that individual, within one week of a request, except that it must withhold information as necessitated by security clearance and contexts.   a fee of up to an average hour's wage can be charged for the information.   the individual must be in the state identity database, and the identity of the individual must be confirmed cryptographically.

for one week after it is entered, and except as precluded by security classification and contexts, any new information in a state database about an individual must be retrievable by that individual without fee.   the state must offer a subscription service, by which an individual can specify a method whereby he can be notified when new information is entered, and how it can be retrieved.

an individual always has a "need to know" about information about himself.   if his security clearance is sufficiently high, he must be allowed access to the information, subject to specified handling constraints.

more details on access by justices and legislators to classified information.

security clearances of justices

it is a vital national security interest that the computing and communications infrastructure upon which the economy and state business rely be maximally impervious to passive (information-gathering) and active (corruption of data, usurpation of authority, denial of service, electromagnetic destruction), attack. however, doing so almost invariably conflicts with short term market forces.   thus the state must be endowed with the authority necessary to assure this readiness without regard for short term market forces.

standards for EMP/HIRF hardening, compromising radiation (Van Eck), and security (cryptographic privacy and verification of identity and integrity) are specified generally as follows.   all equipment used to process classified information, and all equipment used to comply with legal requirements or legally bind an agreement, must meet a standard appropriate for the application.   full source code for any software that is a component of this equipment must be published (with full copyright protection if desired).   particularly, communications equipment used in interactions with or by the state, and equipment used to verify licenses, pay use fees (for highway travel, for example), or sign documents in a legally binding manner, must be hardened, Tempestified, and secure.

equipment used in processing money must be hardened, Tempestified, and secure, and source code for software that is a component of this equipment must be published (with full copyright protection if desired).

embedded computers or communications systems in non-recreational machinery not known principally as a computing or communications device must be hardened, Tempestified, and secure.   non-recreational machinery includes but is not limited to all equipment used in earthmoving operations, construction operations, military operations, vehicular transportation including automobiles, airplanes, powered and unpowered boats, and trains, and all industrial systems including those used in generation and distribution of electrical power, fluid pumping, processing, and distribution, factories, and mines. computing and communications devices and systems whose proper operation is necessary for the proper operation of non-recreational machinery must be hardened, Tempestified, and secure.

all equipment covered by this section must undergo a battery of tests in which the equipment's compliance with the above requirements is verified before it can be used in the roles described in this section.

The state reserves the right to require any contractor to adhere to the IRSM if it is clearly determined that the contractor is important to national communication, financial, transportation, agricultural, or manufacturing infrastructure.

previous section "Information Resource Integration Mandate - IRIM"

next section "Human Identification Infrastructure"

back to index for this chapter ("Information Management")

back to top-level index

Send email to me at

Site Search

This is a preliminary draft. Pending changes are in The To-Do List