The Reagan administration is drafting guidelines to classify all national security-related information throughout the federal government -- including civilian agencies -- as part of an effort to increase computer and telecommunications security.
Much of the information now in government computers is not protected and is widely available. A special national security committee will decide how much of that information needs protection and how that protection should be fashioned.
"We are going to be issuing guidelines for protecting sensitive information for every federal system," said Donald C. Latham, assistant secretary of Defense for communications, command and control. "Every system will require some level of access control."
Latham is chairman of the eight-month-old interagency National Telecommunications and Information Systems Security Committee (NTISSC) that was established to devise policy on electronic security for the government.
This new push for information security also propels the top-secret National Security Agency, the country's largest intelligence organization, into a major role as the nation's arbiter of security technology standards for civilian agency systems as well as military uses.
The guidelines, which will be released over the next few months, promise to rekindle debate over the extent of classification as well as how best to protect sensitive data. The Reagan administration has been vigorous in bringing many different kinds of information under a security umbrella.
"It's very difficult to define classified information," said Robert Conley, deputy assistant Treasury secretary for advanced technology and analysis and a member of the security committee. "There's basically three categories of information: national security, public domain and sensitive. Sensitive information falls between national security and public domain -- it's defined by omission.
"Now you have to decide by what mechanism you want to protect that information," he said.
As the federal government relies on computer networks and ordinary telephone conversations to conduct even the most sensitive business, traditional methods of classification for paper files and documents are seen as no longer adequate.
The fact that computer and telecommunications technologies can be breached by electronic intercept and entry has prompted the decision to launch a set of security countermeasures in both classification and technology.
One result could be that sensitive information now stored in civilian agency computers would fall under a new national security classification. For example, the guidelines may require the Commerce Department to store information on export licenses of high-technology items in a more secure computer system, or insist that certain defense contractors install new procedures to deny unauthorized computer access to their data.
Presumably, implementing the new guidelines would prevent the recurrence of such episodes as the one in which Milwaukee teen-aged computer hackers used their home computers to tap into the files of a Los Alamos National Laboratory computer more than a year ago.
This new emphasis on electronic security policy springs from National Security Decision Directive 145, signed by Reagan last fall, which identified Soviet electronic eavesdropping -- particularly on phone calls -- as a national security threat. It called for a comprehensive approach to protecting both telephone and computer communications.
The most publicized aspect of NSDD 145 has been the announcement that the government plans to procure half a million "secure" phones that scramble conversations.
These computer and communications security initiatives -- which most experts estimate would cost billions of dollars to implement -- give important new powers to the NSA. The NSA, which designs the nation's military codes, will become an electronic security research and development arm, a security standards setter and the agency that transfers security technology into both the federal government and private industry.
An NSA spokesman said the directive and the committee "broadens both the communications and computer security missions of this agency. We will be establishing trusted computer standards that can be met for federal agencies . . . and the private sector."
These standards are being developed by NSA's recently established National Computer Security Standards Center. In the past, other national security directives gave the Commerce Department jurisdiction over nonmilitary computer security standards.
Computer and communications security has historically been a low-priority item for nonmilitary agencies, according to Sanford Sherzen, an information security consultant who recently completed a report on the topic for the Office of Technology Assessment. "It's been almost nonexistent . . . almost a leaderless area," he said.
The White House Office of Management and Budget has stated that it does not want the cost of security to be a special item on the budget when agencies procure data-processing equipment, so there is likely to be a conflict between the level of security that NTISSC requires and the money that OMB is willing to fund for it.
Assessing the ultimate cost of the new security measures is impossible, because nobody knows how many computer systems there are in the government, according to Latham. NTISSC has issued a "data call" throughout the government to find out.