Electronics Guide

Sources of Compromising Emanations

Electronic equipment generates emanations through several mechanisms that can carry information content:

Direct emanations result from the functional operation of equipment. Video displays emit signals correlated with screen content. Keyboards generate distinct electromagnetic signatures for each keystroke. Processors emit patterns related to the instructions being executed and data being processed.

Modulated emanations occur when information-bearing signals modulate carrier signals that would otherwise be benign. A computer's clock signal, for example, might be modulated by data bus activity, causing the clock harmonics to carry information that was never intended to be transmitted.

Impulsive emanations arise from switching events in digital circuits. Each transition generates a broadband pulse whose timing corresponds to the logic activity. The cumulative effect of many such pulses creates a complex electromagnetic signature that can reveal processing patterns.

Conducted emanations travel along power lines, signal cables, and ground connections. These conducted signals can radiate from cables acting as antennas or couple to other systems, potentially carrying information outside protected areas.

Display Emanations

Video displays have historically been among the most significant sources of compromising emanations. The raster scan pattern creates predictable timing relationships between screen position and signal content, enabling reconstruction of displayed images from intercepted emissions.

Cathode ray tube (CRT) displays generated particularly strong emanations due to the high voltages and currents involved in deflection and video amplification. The video signal directly modulated the electron beam intensity, creating emissions that could be received and displayed on another monitor to recreate the original image.

Modern flat-panel displays generate different but still potentially compromising emanations. LCD panels require less power but still produce signals correlated with pixel values. The digital interfaces connecting computers to displays (DVI, HDMI, DisplayPort) carry high-speed signals that can radiate from cables.

LED indicators, though seemingly simple, can inadvertently convey information through their blinking patterns. Network activity lights, disk access indicators, and status LEDs may reveal data patterns to visual or optical surveillance.

Processing Emanations

Central processors and associated circuitry generate emanations reflecting computational activity. Different instructions consume different amounts of power and generate different electromagnetic signatures, potentially revealing the sequence of operations being performed.

Memory access patterns create distinctive emanations as data moves between storage and processing elements. Refresh cycles in dynamic RAM, cache accesses, and bus transactions all produce electromagnetic signatures that may contain information about the data being processed.

Cryptographic operations are particularly sensitive because the specific mathematical operations depend on key values. Power analysis and electromagnetic analysis can potentially extract cryptographic keys by correlating emanations with known computational patterns.

Peripheral Emanations

Keyboards generate unique electromagnetic signatures for each key press. The different positions and physical characteristics of keys create distinguishable patterns that can potentially be decoded to recover typed text, including passwords and classified information.

Printers produce emanations that vary with the content being printed. Impact printers were particularly vulnerable, but laser and inkjet printers also generate information-bearing signals through their marking mechanisms and digital processing.

Communication interfaces generate strong signals during data transmission. Even encrypted communications can produce emanations that reveal the plaintext if the encryption is performed in equipment that generates correlated emissions.

Separation Principles

Physical separation provides the most fundamental protection. Red and black systems should be located sufficiently far apart that electromagnetic coupling is negligible. The required separation distance depends on the sensitivity of the information, the emission characteristics of red equipment, and the susceptibility of black systems to coupling.

Electrical isolation prevents conducted coupling between red and black systems. Power supplies, signal lines, and ground connections should be separate, with isolation devices where connections are necessary. Optical isolators, fiber optic links, and isolation transformers can provide the needed separation while maintaining functional connections.

Cable routing must prevent red and black conductors from running in close proximity where coupling could occur. Separate cable trays, conduits, and entry points maintain separation throughout the installation.

Red/Black Installation Guidelines

Installation standards specify detailed requirements for maintaining separation in secure facilities. These requirements address physical layout, cable routing, grounding, power distribution, and shielding.

Minimum separation distances between red and black systems depend on the classification level and the specific equipment involved. General guidance suggests separations of at least one meter, but specific installations may require greater distances based on risk assessment.

Where red and black cables must cross, they should do so at right angles to minimize coupling. Parallel runs of red and black cables should be avoided; where unavoidable, they should be maximally separated and kept as short as possible.

Grounding systems for red and black equipment may need to be separate to prevent common-mode coupling. Where single-point connections are required for safety or lightning protection, carefully designed isolation prevents information coupling while maintaining protective functions.

Equipment Design Considerations

Equipment intended for use in red/black separated environments must be designed to minimize coupling between internal red and black functions. This requires careful attention to layout, shielding, filtering, and isolation within the equipment itself.

Internal shielding may separate red processing sections from black communications interfaces. Filtered power connections prevent emissions from coupling through power pins. Isolated signal paths ensure that information cannot leak from red to black sections through stray coupling.

Equipment certification verifies that devices meet emanations requirements under various operating conditions. Testing evaluates worst-case emission scenarios to ensure that information leakage remains within acceptable limits.

Shielding Principles

Electromagnetic shielding works by reflecting and absorbing electromagnetic energy at the shield surface. The effectiveness depends on the material properties, thickness, and frequency of the signals being attenuated.

Reflection occurs when electromagnetic waves encounter a change in impedance at the air-metal interface. The reflection coefficient depends on the ratio of wave impedance to shield impedance, which varies with frequency and whether the fields are predominantly electric or magnetic.

Absorption attenuates signals that penetrate the shield surface. The absorption depends on skin depth, which decreases at higher frequencies, making shields more effective at higher frequencies. Multiple thin shields can provide better performance than a single thick shield due to multiple reflection events.

Shielding effectiveness typically ranges from 60 dB for basic installations to over 100 dB for high-security facilities. The required level depends on the sensitivity of information being protected, the anticipated threat capability, and the distance to the controlled perimeter.

Shield Construction

Several construction approaches provide the continuous conductive enclosure needed for effective shielding:

Welded steel rooms provide high shielding effectiveness through continuously welded steel plates forming a complete enclosure. All seams are welded to maintain conductivity. This construction offers the highest performance but is expensive and inflexible.

Modular shielded rooms use prefabricated panels with special joint designs that maintain electromagnetic continuity. Clamped, bolted, or spring-loaded contacts at panel edges provide the needed conductivity. These rooms can be reconfigured or relocated but typically offer somewhat lower shielding effectiveness than welded construction.

Architectural shielding integrates shielding materials into building construction. Conductive coatings, metal foils, and wire mesh can be applied to walls, floors, and ceilings. This approach is less expensive for large areas but may provide lower and less consistent shielding.

Copper-lined rooms provide high shielding effectiveness using copper foil or sheet with carefully soldered seams. The excellent conductivity of copper provides high performance, particularly at higher frequencies.

Penetration Management

Every penetration through the shield for power, signals, ventilation, or access represents a potential leak path that must be carefully managed to maintain shielding effectiveness.

Power entry requires filtering to prevent conducted emanations from leaving the shielded enclosure. Power line filters attenuate high-frequency signals while passing the power frequency. Filter housings must bond directly to the shield with no gaps.

Signal penetrations use filtered connectors, waveguide-below-cutoff tubes, or fiber optics depending on the signals involved. Filtered connectors incorporate capacitors and inductors that attenuate high-frequency components. Fiber optic links provide complete isolation for data signals.

Ventilation openings would compromise shielding if left as simple holes. Honeycomb waveguide panels provide air passage while attenuating electromagnetic signals. The many small cells act as waveguides below cutoff, reflecting signals back into the enclosure while allowing air flow.

Door seals maintain conductivity across the movable joint between door and frame. Finger stock, spiral gaskets, and pneumatic seals provide the necessary contact. Door performance often limits overall room performance, requiring careful design and maintenance.

Facility Grounding

Grounding within shielded facilities serves both safety and TEMPEST functions. The shield itself typically serves as the primary ground reference, with all equipment bonded to the shield structure.

External grounding must be carefully managed to prevent the ground connection from becoming a path for emanations to escape the shield. Ground filters may be required to maintain shield integrity while providing necessary ground reference.

Internal grounding systems should minimize common-impedance coupling between sensitive and noisy equipment. Star grounding, with separate conductors from each equipment item to a single point, can reduce crosstalk within the facility.

Equipment Testing

Equipment testing measures radiated and conducted emissions under various operating conditions, correlating the emissions with the information being processed to determine whether compromising information could be extracted.

Testing typically occurs in shielded chambers to eliminate ambient signals and ensure that only equipment emissions are measured. Antennas and probes capture emissions across a wide frequency range, from audio frequencies to gigahertz.

Correlation analysis determines whether emissions contain information. Simple amplitude measurements are insufficient; the timing, modulation, and spectral characteristics of emissions must be analyzed in relation to known processing activities.

Worst-case operating conditions must be identified and tested. Different software, data patterns, and modes of operation may produce different emission characteristics, and the most compromising conditions must be identified.

Facility Testing

Facility testing verifies that shielded enclosures and installations provide required attenuation. Testing measures shielding effectiveness across the frequency range of concern and identifies any weaknesses that could allow emanation leakage.

IEEE 299 provides standardized methods for measuring shielding effectiveness of enclosures. Testing uses calibrated sources and receivers to measure attenuation at multiple frequencies and positions around the enclosure.

Penetration testing verifies that power filters, signal entry points, doors, and ventilation panels maintain shielding integrity. Each penetration is tested individually and in combination with others.

Red/black separation is verified by measuring coupling between red and black systems under operating conditions. Conducted and radiated paths are both evaluated.

Certification Levels

Multiple certification levels reflect different levels of protection needed for different sensitivity levels and threat environments. Higher levels require lower emissions or greater shielding, with correspondingly more stringent testing.

Specific certification requirements are typically classified, but the general principle is that equipment must meet emission limits appropriate for its intended use environment. Equipment intended for use near adversary collection capabilities requires lower emissions than equipment used deep within controlled facilities.

Zoning concepts apply these levels to geographic areas around facilities. Different zones have different protection requirements based on the distance to areas where adversary collection might occur.

Zone Definitions

Zone definitions typically relate to the distance from the controlled perimeter beyond which adversary collection is possible. The inner zones require the highest protection because emanations from these areas might reach adversary collectors.

The controlled perimeter defines the boundary within which unauthorized access is prevented. Beyond this perimeter, adversaries might position collection equipment, so emanations must be attenuated to undetectable levels before reaching this boundary.

Inspectable space refers to areas that can be verified free of hostile collection equipment. Equipment in inspectable space faces reduced protection requirements because collection is prevented through physical security rather than emission control.

Zone-Based Equipment Requirements

Equipment requirements vary by zone. Equipment in outer zones, far from potential collection points, may need only basic emission controls. Equipment in inner zones, near the controlled perimeter, requires stringent emission limits or shielded enclosures.

Zone considerations influence facility layout decisions. Placing sensitive equipment in inner zones, away from building perimeters, reduces the emanation controls needed. Locating less sensitive or well-protected equipment near perimeters provides a buffer.

Changes in facility use or threat environment may require zone reassessment. New construction nearby that might house collection equipment, or changes in what information is processed, can change zone requirements.

Countermeasures Selection

Zone analysis informs countermeasure selection by identifying what level of protection is needed at each location. Countermeasures range from simple procedural controls to extensive shielding, with cost increasing for higher levels of protection.

Risk-based approaches balance the cost of countermeasures against the consequences of emanation compromise. Highly sensitive information warrants expensive protection, while less sensitive information may be adequately protected by less stringent measures.

Countermeasure verification confirms that selected measures actually provide required protection. Measurement and testing validate analytical predictions and identify any implementation problems.

Cable Installation

Cable installation practices prevent conducted emanations from leaving protected areas and maintain red/black separation:

• Maintain specified separation distances between red and black cables
• Use properly shielded cables where specified, with appropriate shield terminations
• Avoid cable runs along building perimeters where emanations could easily escape
• Filter cables at shield boundaries to prevent conducted escape
• Bond shields to enclosures at entry points for uninterrupted shielding

Equipment Positioning

Equipment positioning within facilities affects emanation control:

• Position sensitive equipment away from perimeters and windows
• Maintain separation between equipment processing different classification levels
• Orient equipment to minimize radiation toward potential collection points
• Consider building structure attenuation when positioning equipment
• Allow adequate space for cable routing while maintaining separation requirements

Grounding and Bonding

Grounding and bonding practices ensure that shields function effectively and that unintended current paths do not create emanation problems:

• Bond equipment enclosures to room shields or facility ground with low-impedance connections
• Maintain separation between ground systems for different classification levels where required
• Clean contact surfaces before bonding and protect from corrosion
• Use specified bonding hardware and techniques
• Verify bonding integrity through measurement

Documentation and Records

Installation documentation supports both initial certification and ongoing maintenance:

• Record equipment locations and cable routing
• Document deviations from standard installation and the approvals obtained
• Maintain as-built drawings showing red/black separation
• Record test results and certification status
• Track modifications and their security implications

Inspection Programs

Regular inspections verify that installed countermeasures remain in place and effective. Inspections check physical integrity, cable routing, separation distances, and other observable indicators of TEMPEST compliance.

Inspection frequency depends on the sensitivity of information and the stability of the installation. Facilities with frequent changes require more frequent inspection than stable installations.

Inspection findings must be documented and tracked to closure. Discrepancies identified during inspection require correction or risk acceptance by appropriate authority.

Retesting Requirements

Changes in equipment or installation may require retesting to verify continued compliance. The extent of retesting depends on the nature and scope of changes.

Equipment modifications that might affect emissions, such as software updates, hardware changes, or repair, may trigger retesting requirements. Modified equipment should be evaluated to determine whether retesting is needed.

Facility changes including construction, equipment relocation, or changes in adjacent areas may affect TEMPEST protection. Shield integrity testing may be required after modifications that might affect shielding.

Continuous Monitoring

Some high-security installations employ continuous monitoring to detect changes in emanation characteristics or unexpected emissions. Automated systems can alert operators to conditions that might indicate compromised protection.

Monitoring systems compare current emissions against baseline measurements, flagging deviations for investigation. Changes might indicate equipment malfunction, degraded shielding, or unauthorized modifications.

External environment monitoring detects changes that might affect security, such as new construction or equipment near the controlled perimeter that might indicate collection activities.

Incident Detection

TEMPEST incidents may be detected through inspection findings, monitoring alerts, reports from personnel, or external intelligence about adversary collection activities. Any indication that emanations might have been compromised triggers incident response.

Detection mechanisms include routine inspections, continuous monitoring systems, self-reporting by facility personnel, and intelligence from other sources about potential compromises.

Initial Response

Initial response secures the situation while investigation proceeds:

• Cease or relocate sensitive processing if compromise is suspected
• Preserve evidence of the conditions that existed during the incident
• Notify appropriate security authorities
• Document initial observations and actions taken
• Prevent further potential compromise while maintaining operations where possible

Investigation

Investigation determines what occurred, how it occurred, and what information may have been compromised. Technical investigation examines equipment, facilities, and installations to identify the source and extent of emanations.

Damage assessment evaluates what information might have been compromised during the period when emanations exceeded acceptable levels. This assessment considers what was processed, the characteristics of the emanations, and the potential for adversary collection.

Root cause analysis identifies the underlying factors that allowed the incident to occur, informing corrective actions to prevent recurrence.

Corrective Actions

Corrective actions address both immediate problems and underlying causes:

• Repair or replace faulty equipment or shielding
• Modify procedures that contributed to the incident
• Retrain personnel on TEMPEST requirements
• Update inspection procedures to detect similar conditions
• Consider whether additional countermeasures are needed

Verification confirms that corrective actions are effective. Retesting may be required to demonstrate that acceptable emanation levels have been restored.

Corporate Information Protection

Corporate information assets including trade secrets, financial data, and strategic plans may warrant protection against emanation-based collection. The threat level is generally lower than government secrets face, but the principles of protection are similar.

Risk assessment identifies what information requires protection and what level of threat exists. Not all corporate information warrants expensive emanation controls, but high-value assets may justify significant investment.

Commercial TEMPEST equipment, while not meeting government standards, may provide adequate protection for commercial applications at lower cost. The protection level should match the threat rather than defaulting to maximum protection.

Financial Sector Security

Financial institutions handle information whose theft could enable fraud, insider trading, or competitive advantage. Transaction data, customer information, and trading strategies all have value to potential adversaries.

Banking regulators increasingly recognize emanation security as part of comprehensive information security. While not requiring full TEMPEST compliance, they expect risk-appropriate protection of sensitive electronic systems.

Payment card processing involves specific security standards that address some emanation concerns, though the primary focus is on data transmission and storage security.

Legal and Medical Privacy

Legal and medical professionals have ethical and legal obligations to protect client and patient information. Electromagnetic emanations represent a potential disclosure path that conscientious practitioners may wish to address.

Attorney-client privilege extends to electronic communications, creating an obligation to protect against interception. Emanation protection may be appropriate for highly sensitive matters where adversaries might attempt collection.

Medical privacy regulations require protection of patient information, though they do not specifically address emanation security. Healthcare organizations processing particularly sensitive information may choose to implement emanation controls.