TEMPEST

TEMPEST is a U.S. government code word for a set of standards for limiting electric or electromagnetic radiation emanations from electronic equipment such as microchips, monitors, or printers. It is a counter-intelligence measure aimed at the prevention of electronic espionage. The term TEMPEST is often used more broadly for the entire field of compromising emanations or Emissions Security (EMSEC).

Related Topics:
U.S. - Electromagnetic radiation - Microchip - Monitors - Printer - Counter-intelligence - Espionage

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Basic TEMPEST information has not been classified since 1995. Although short excerpts from the main U.S. TEMPEST standard, NSTISSAM TEMPEST/1-92, are now publicly available, all the actual emission limits and test procedures defined in it remain classified and have been redacted from the published version. The NATO equivalent AMSG 720B is also still classified. The NSA publishes lists of labs approved for TEMPEST testing and equipment that has been certified. The United States Army has a TEMPEST testing facility, as part of the U.S. Army Information Systems Engineering Command, at Fort Huachuca, Arizona. Similar lists and facilities exist in other NATO countries.

Related Topics:
Classified - U.S. - Redacted - NATO - NSA - United States Army - Fort Huachuca - Arizona

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

TEMPEST certification must apply to entire systems, not just to individual components, since connecting a single unshielded component (such as a cable) to an otherwise secure system could easily make it radiate dramatically more RF signal. This means that users who must specify TEMPEST certification will pay much higher prices, for obsolete hardware, and be severely limited in the flexibility of configuration choices available to them.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Two related areas of emissions security, code named NONSTOP and HIJACK, remain classified. NONSTOP is thought to involve potential compromising emissions from electronic systems when they are inadvertently irradiated by other radio signals, including ordinary cell phones. HIJACK may refer to active attacks of this nature.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

TEMPEST standards require "RED/BLACK separation", i.e. maintaining distance or installing shielding between circuits and equipment used to handle classified or sensitive information (red) and normal unsecured circuits and equipment (black), the latter including those carrying encrypted signals. Manufacture of TEMPEST-approved equipment must be done under careful quality control to ensure that additional units are built exactly the same as the units that were tested. Changing even a single wire can invalidate the tests.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

One aspect of TEMPEST testing that distinguishes it from limits on spurious emissions (e.g. FCC Part 15) is a requirement of absolute minimal correlation between radiated energy or detectable emissions and any plain text data that are being processed. It would stand to reason that this requirement holds in some form for other types of data as well.

Related Topics:
Spurious emission - Part 15

~ ~ ~ ~ ~ ~ ~ ~ ~ ~