You may think you know a lot about TEMPEST and information security; well, let's make sure. Here are five things that everyone should know.
- First:TEMPEST refers to National Security Agency specifications related to international intelligence gathering from information systems. The specifications cover surveillance equipment used to gather intelligence from foreign information systems as well as shielding domestic information systems from outside surveillance.
- Second: TEMPEST is also a certification by NATO that a country's equipment has passed the TEMPEST laboratory tests. Canada, Germany, the U.K., and the U.S. all have such labs and publish lists of equipment that passed the test. TEMPEST certification applies to the entire system since one non-complying element can jeopardize an entire system.
- Third: NSA classifies most TEMPEST standards and the government does not disclose specifics about them; however, NSA has disclosed the following information. TEMPEST provides three levels of protection standards: Level I: Compromising Emanations Laboratory Test Standard; Level II: Laboratory Test Standard for Protected Facility Equipment; Level III: Laboratory Test Standard for Tactical Mobile Equipment/Systems. The difference between the standards relates to how quickly an attacker has access to the environment surrounding the information system. Level I is immediate access; Level II is access within 20 meters and Level III is access within 100 meters.
- Fourth: Consider this item one of historical interest. We tend to think of the information age as a relatively recent construct. To the contrary, we've actually known for a while about the threat to our intelligence security from surveillance equipment that can read radio wave emanations from computers. In fact, as far back as World War II, the government received warnings about the difficulty of securing information sent via teleprinters.
- Fifth: Finally, item number five is a warning about your own computer's security. Research indicates that it is possible for intelligence gatherers to "see" the radiation coming from keystrokes, not only from wireless boards, but also from hard-wired keyboards and laptops.