TEMPEST stands for “Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions”. It is a U.S. National Security Agency (NSA) specification for protecting against data theft through the interception of electromagnetic radiation. Computers and other electronic devices emit radio frequency (RF) signals and electromagnetic radiation that cybercriminals can use to reconstruct intelligible data.
TEMPEST was the codename of a U.S. government project in the late 1960s that studied this threat. Today, it describes various techniques for preventing compromising emanations (CE). It includes strict requirements for the electromagnetic shielding of equipment, rooms, or even entire buildings. It also specifies distances between equipment and walls and building pipes and the space between cables carrying classified vs. unclassified information.
The NSA uses the term “RED baseband signals” to describe CE that could expose national security information (NSI). RED systems include all electronic equipment that processes NSI. BLACK systems process non-NSI data or data that has been encrypted.
RED baseband signals are attenuated, meaning they lose strength or become distorted due to distance, shielding, or other factors. They also exist outside of the device. For example, computer monitors emit electromagnetic radiation that can be intercepted and displayed on another monitor.
Other types of CE include:
The RED vs. BLACK designation forms the basis of a TEMPEST security strategy. The first step is to separate systems, components, cables, and circuits that handle NSI in plain text from those that do not. The TEMPEST specifications can then be applied to the RED equipment to shield it from electromagnetic and RF radiation threats.
The distinction also helps ensure that BLACK equipment does not become a source of CE threats. For example, signals from RED cables can be unintentionally transmitted by nearby BLACK cables. Therefore, the two must be shielded or separated by adequate distance.
TEMPEST calls for the use of specially shielded devices for processing NSI. There are three categories of TEMPEST-shielded devices, ranging from highly secure equipment available only to U.S. government agencies and approved contractors to devices for general commercial use. However, TEMPEST devices are expensive and tend to lag behind current technology. In many cases, there is not a TEMPEST option for innovative applications.
Another approach is to shield the room that houses RED equipment. U.S. government agencies and contractors often use shielded rooms called SCIFs (Sensitive Compartmented Information Facilities) to protect equipment from eavesdropping.
Building out a SCIF is expensive, and the facility will require ongoing maintenance. When the goal is to shield IT equipment, a more cost-effective approach is to block electromagnetic emanations at the server rack level using copper, aluminum, and other materials. (Check out our blog about what materials block RF signals for more info.) Shielded racks also make it possible to isolate specific equipment and scale the installation by simply adding more racks.
It’s important to note that racks designed for industrial applications do not provide adequate shielding for cybersecurity. Highly sensitive applications and data require a high-performance TEMPEST-compatible server rack that is purpose-built for effectively attenuating signals from 1MHz to 40GHz.
The Enconnex DefenseShield Cabinet is a standard 42U (customizable) rack constructed from aerospace-grade shielded aluminum to effectively block electromagnetic and RF interference. All the seams and penetrations of the cabinet are shielded using copper-nickel gaskets for maximum protection. DefenseShield is a high-performance shielded rack that is lighter and often less expensive than competitor offerings. It has been tested, approved, and implemented by government agencies, internationally accredited labs, communications companies, and tech giants.
The product is customizable, with I/O panels that allow for multiple connectivity options and power line filters that can be outfitted with a range of receptacles or plugs to meet application requirements. You can also select from various shelves, cable management options, etc.
Contact Enconnex to discuss how the DefenseShield Cabinet can enhance your cybersecurity strategy.