COMPUTER-RELATED CRIMES CAN DIRECTLY INVOLVE ANY OR ALL COMPUTER-COMPONENTS--HARDWARE, SOFTWARE, AND DATA--IN THEFT OF COMPUTATIONAL RESOURCES, DISRUPTION OF COMPUTATIONAL SERVICES, UNAUTHORIZED INFORMATION ACCESS, OR UNAUTHORIZED INFORMATION MODIFICATION. THE MOST COMMON FORM OF COMPUTER-RELATED CRIME, HOWEVER, IS THEFT OF COMPUTATIONAL RESOURCES, A CATEGORY INCLUDING BOTH MALICIOUS AND BENIGN DIVERSION OF POWER FOR GAME PLAYING, PRINTING OF PICTURES, CALENDARS, AND OTHER UNAUTHORIZED PURPOSES. RESPONSES TO THE THREAT OF ILLICIT COMPUTER USE HISTORICALLY HAVE BEEN EITHER TO LIMIT THE NUMBER OF PERSONS WITH ACCESS TO COMPUTERS OR TO APPLY STOPGAP TECHNOLOGY FOR SHORT-TERM SOLUTION. THESE STOPGAP MEASURES INCLUDE EXTERNAL CONTROLS OF LOGICAL ACCESS SUCH AS COMMUNICATIONS CRYPTOGRAPHY AND DEDICATION OF COMPUTER TIME TO USER GROUPS FOR PERIODS OF TIME. A CLEAR, WELL-FORMED, PRECISE MANAGEMENT POLICY IS ESSENTIAL TO A SECURE COMPUTER SYSTEM. INFORMATION MUST BE 'LABELED' AS TO ITS NEED FOR PROTECTION, AND USERS AS TO THEIR AUTHORIZATION FOR ACCESS. THE COMPUTER OPERATING SYSTEM SHOULD MAINTAIN THESE LABELS INTERNALLY. TO BUOY THE CONTROLS OF POLICY AND EXTERNAL DEVICES, COMPANIES NEED INTERNAL CONTROLS. ONLY ONE TECHNOLOGY, HOWEVER, KNOWN AS THE SECURITY KERNEL, CAN PROVIDE TRULY IMPENETRABLE INTERNAL CONTROLS. THE KERNEL IS ESSENTIALLY A SMALL SUBSET OF AN OPERATING SYSTEM, WITH ASSOCIATED HARDWARE. ALTHOUGH IT IS NOT YET AVAILABLE FROM MAJOR TECHNOLOGY SUPPLIERS, THE KERNEL IS BEING DEVELOPED BY SEVERAL COMPANIES UNDER GOVERNMENT SPONSORSHIP. (DAG)