Electrical emissions represent a security threat, however TEMPEST filters are available to prevent the covert interrogation of conducted lines, as discussed by MPE
A longstanding concern of governments, armed forces, municipal authorities and companies has been the fact that electrical and electronic equipment such as computers and peripherals give off unintended electromagnetic emanations which can then be reconstructed as intelligible data. So, to maximise information security, countermeasures for TEMPEST – often regarded as an acronym for ‘Transient ElectroMagnetic Pulse Emanation Standard’ – are aimed at preventing eavesdropping on data radiated as signals via conducting lines (such as power, telephone or control line cables).
Such a signal may be intercepted by an enemy’s intelligence services, or a competitor, rival or fraudster. And well-equipped enemies may not be using a detector van parked in your street with receiving equipment, or a trawler from the Cold War era bristling with antennae. Thus for instance, a classified signal from a laptop inadvertently picked up and transmitted down an unprotected telephone line could potentially be accessed by putting a clamp around a telephone cable many miles away. Just as susceptible are incoming power cables, which can be monitored over similarly long distances. Accordingly the danger is ‘clear and present’.
As far as terminology is concerned, sensitive data – or devices containing or processing sensitive data – are usually referred to as “red”. This does not imply any particular classification, merely that you don’t want the data to escape. Conversely, non-sensitive data and equipment are termed ‘black’. Sensitive or classified data that has been suitably encrypted is also regarded as black. A device processing red data yet incorporating adequate protection to contain emissions can be black too. Meanwhile a cable carrying black data that passes close to red equipment, and thus has the potential to pick up red data, can be considered red.
One solution is to create around the at-risk IT facility a hardened, ‘red’ secured area or Faraday cage lined with steel, aluminium or copper, backed up by the suppression of any conducted EMI which may contain intelligible information by filtering. Another is to site the facility a long way away from its perimeter fencing, given that radiated signals will degrade sharply over distance. For this reason, you will find for example that permanent military command and control centres are usually sited hundreds of metres from the security fences around their compound.
Where a cable has to pass through a red/black boundary, a filter can be inserted as an intended countermeasure to filter out all frequencies except the desired signal. It is normally a low-pass filter that blocks everything above a given frequency, on the basis that any parasitic red signal is likely to be of high frequency. This solution has obvious limitations, since any parasitic signals within the pass band will still get through, and a low-pass filter cannot be used if the desired signal is itself of high frequency. A proper TEMPEST-grade filter must also prevent a radiated red signal from sneaking around the side of the filter and coupling onto the black side.
As an EMC solutions provider, MPE of Knowsley, Liverpool, manufactures ‘Extended Performance’ and ‘Very High Current’ ranges of power line filters which support the highest level of TEMPEST hardening. They provide exceptional insertion loss performance across a very wide frequency spectrum, in standard or custom formats.
The company’s mains supply filters meet the industry standard for TEMPEST EMI filter performance (insertion loss) of 100dB in a frequency range from 10kHz to 10GHz, with a secondary level of TEMPEST protection of 60dB from 100kHz to 1GHz on individual pieces of equipment. This may call for additional power, data, telephone and control line filters to cover all systems under threat.
Housed in electroplated steel cases, the filters are compact in size for easy, flexible, bulkhead or chassis mounting into rack systems and stand-alone computer equipment, especially where low earth leakage is critical. Available in current ratings from 6A to 2400A in both single- and three-phase versions, these filters are ideally suited to combining TEMPEST, EMP and EMC applications in one unit where the very highest performance is required.
The evidence in the 21st Century is that TEMPEST countermeasures are becoming as important for information security in the civilian world as in the military arena. What is more, these solutions to limit electromagnetic emanations can easily be combined with EMC filtering that prevents one device from upsetting the operation of another. So then you get the best of both worlds in a single high-performance filter which accords with all relevant international standards.
MPE
