What Is TEMPEST and How Does It Relate to Cybersecurity?

Posted by Robert Faulkner on April 7, 2022

TEMPEST stands for “Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions”. It is a U.S. National Security Agency (NSA) specification for protecting against data theft through the interception of electromagnetic radiation. Computers and other electronic devices emit radio frequency (RF) signals and electromagnetic radiation that cybercriminals can use to reconstruct intelligible data.

TEMPEST was the codename of a U.S. government project in the late 1960s that studied this threat. Today, it describes various techniques for preventing compromising emanations (CE). It includes strict requirements for the electromagnetic shielding of equipment, rooms, or even entire buildings. It also specifies distances between equipment and walls and building pipes and the space between cables carrying classified vs. unclassified information.

Types of Compromising Emanations

The NSA uses the term “RED baseband signals” to describe CE that could expose national security information (NSI). RED systems include all electronic equipment that processes NSI. BLACK systems process non-NSI data or data that has been encrypted.

RED baseband signals are attenuated, meaning they lose strength or become distorted due to distance, shielding, or other factors. They also exist outside of the device. For example, computer monitors emit electromagnetic radiation that can be intercepted and displayed on another monitor.

Other types of CE include:

  • Line conduction. Signals that are unintentionally conducted or noise-induced over power lines, signal lines, etc.
  • Intended signal modulation. Intended signals that are angle modulated or amplified.
  • Acoustic. Sounds produced by keyboards, relays, and other mechanical devices that can be intercepted and interpreted.

TEMPEST Standards & Requirements

The RED vs. BLACK designation forms the basis of a TEMPEST security strategy. The first step is to separate systems, components, cables, and circuits that handle NSI in plain text from those that do not. The TEMPEST specifications can then be applied to the RED equipment to shield it from electromagnetic and RF radiation threats.

The distinction also helps ensure that BLACK equipment does not become a source of CE threats. For example, signals from RED cables can be unintentionally transmitted by nearby BLACK cables. Therefore, the two must be shielded or separated by adequate distance.

TEMPEST calls for the use of specially shielded devices for processing NSI. There are three categories of TEMPEST-shielded devices, ranging from highly secure equipment available only to U.S. government agencies and approved contractors to devices for general commercial use. However, TEMPEST devices are expensive and tend to lag behind current technology. In many cases, there is not a TEMPEST option for innovative applications.

Another approach is to shield the room that houses RED equipment. U.S. government agencies and contractors often use shielded rooms called SCIFs (Sensitive Compartmented Information Facilities) to protect equipment from eavesdropping.

Building out a SCIF is expensive, and the facility will require ongoing maintenance. When the goal is to shield IT equipment, a more cost-effective approach is to block electromagnetic emanations at the server rack level using copper, aluminum, and other materials. (Check out our blog about what materials block RF signals for more info.) Shielded racks also make it possible to isolate specific equipment and scale the installation by simply adding more racks.

RF Shielded Racks

The Enconnex Shielding Solution

It’s important to note that racks designed for industrial applications do not provide adequate shielding for cybersecurity. Highly sensitive applications and data require a high-performance TEMPEST-compatible server rack that is purpose-built for effectively attenuating signals from 1MHz to 40GHz.

The Enconnex DefenseShield Cabinet is a standard 42U (customizable) rack constructed from aerospace-grade shielded aluminum to effectively block electromagnetic and RF interference. All the seams and penetrations of the cabinet are shielded using copper-nickel gaskets for maximum protection. DefenseShield is a high-performance shielded rack that is lighter and often less expensive than competitor offerings. It has been tested, approved, and implemented by government agencies, internationally accredited labs, communications companies, and tech giants.

The product is customizable, with I/O panels that allow for multiple connectivity options and power line filters that can be outfitted with a range of receptacles or plugs to meet application requirements. You can also select from various shelves, cable management options, etc.

Contact Enconnex to discuss how the DefenseShield Cabinet can enhance your cybersecurity strategy.

Enhance Security

Posted by Robert Faulkner on April 7, 2022

Robert Faulkner is the Vice President of Engineering and Operations at Enconnex. He comes from a strong background in product management with over 20 years in the IT industry. He currently holds an MSME and CDCD certification. He earned his MS degree in Mechanical Engineering at University of Nevada, Reno.

Learn more about Enconnex

Get to know Enconnex with a customized fit-out