This page is about surveillance technology. If a search engine mistakenly led you here, try Shakespeare, Pontiacs, or Arcade Games.
TEMPEST Hardware &
Consulting
US Government Information Sources
Department of Energy
Department of Justice
Geological Survey
Department of State
Treasury Department
National Security Agency
National Institute of Standards and Technology
US Military Information Sources
U.S. Navy
U.S. Air Force
U.S. Army
U.S. Coast Guard
Department of Defense
Other Countries
Here's some of the players in the billion dollar plus a year TEMPEST industry (this is by no means a complete list):
ADI Limited(O) is a big Australian defense contractor that does some TEMPEST testing.
AFC (Antennas for Communications) manufacturers TEMPEST shielding enclosures for antennas.
Advanced Technology System Corporation sells TEMPEST equipment and provides consulting services.
Aerovox manufactures a variety of EMI filters. Nice downloadable catalog (Windows help format) with photos.
Allied Signal Aerospace performs Canadian TEMPEST testing.
Austest Laboratories is a down-under company that provides TEMPEST testing.
DEMCOM provides Soft-TEMPEST fonts in their Steganos II security suite.
Cabrac makes TEMPEST enclosures (nice picture).
Candes Systems Incorporated (X) produces TEMPEST products, including monitors, printers, and laptops. Nice photos and specs.
COS provides TEMPEST design and consulting services.
BEMA Inc. produces shielding products including a slick portable TEMPEST tent.
Braden produces shielded room components.
Computer Security Solutions is a women owned business in Virginia specializing in TEMPEST products.
Compucat (O) is an Australian company that provides a variety of TEMPEST products and services.
Compunetix(O) produces various TEMPEST rated product.
Conductive Coatings, a division of the Chromium Corporation, produces a variety of shielding solutions.
Corcom makes a variety of shielded jacks (RJ type) in its Signal Sentry line.
Corton Inc. manufactures TEMPEST keyboards.
Cryptek(O) sells TEMPEST photocopiers and communication products.
Cycomm sells TEMPEST workstations, terminals, printers, and more to folks like the State Department. Recently merged with Hetra.
D2D/Celestica(O) is a British TEMPEST testing, design, and manufacturing firm.
Dina distributes Emcon TEMPEST products.
Dynamic Sciences (O) is another TEMPEST-oriented company. Among other things, they produce a piece of hardware called the DSI-110, for surveillance and testing purposes.
Einhorn Yaffee Prescott is an architecture and engineering firm that has built TEMPEST buildings for defense contractors.
Elfinco SA(O) is a British company that produces shielding products. Most notable is electromagnetic shielded concrete.
Equiptco Electronics (O) sells a variety of general electronic equipment and supplies, some TEMPEST standard (but you need to dig through their catalog to find it).
EMC Technologies is an Australian company that provides TEMPEST testing.
Emcon Emanation Control Limited, in Onatrio, Canada, has been providing TEMPEST equipment to NATO governments for the past 12 years.
EMP-tronic is a Swedish company specializing in shielded rooms.
ERS is a recruiting service that finds jobs for TEMPEST engineers (and others).
Filter Networks produces inline TEMPEST line filters.
Framatome Connectors International manufactures TEMPEST cables and connectors in the UK, especially suited for marine use.
GEC-Marconi Hazeltine(O) produces COMSEC products as well as TEMPEST design and test facilities.
Glenair is a multi-national company that produces some shielding products.
Greco Systems manufactures factory tools and ruggedized TEMPEST computers.
GSCG. Formerly GRiD Government Systems. Tempest laptops, desktops, and printers.
GTE, the phone people, make a TEMPEST version of their Easy Fax (O) product, complete with a STU-III (encrypted phone) gateway.
HAL Communications Corp. provides TEMPEST shielded modems and radio equipment to the government.
Hetra Secure Solutions (X) sells lots of TEMPEST goodies.
Hewitt Refractories Limited produces Manta, a ceramic material that can be used for shielding.
Hyfral is a French company that specializes in room shielding.
IAM Secure Data Systems (O) offers Tempest consulting services.
ILEX Systems sells TEMPEST fax machines and other goodies.
JMK makes a variety of filters (including those of the TEMPEST variety).
Kern Engineering makes TEMPEST backshells for connectors.
Kontron Elektronic is a German company that offers a slick little shielded portable.(O)
LCR Electronics makes Tempest filters.
Lindgren-Rayproof is a British company specializing in shielding.
Logical Solutions builds and sells Tempest cables.
Lynwood is a UK supplier of TEMPEST and ruggedized PCs.
Motorola SSTG EMC/TEMPEST Laboratory(O) - Arizona testing facility.
NAI Technologies (X)(O) produces a variety of TEMPEST standard workstations and peripherals.
Nisshinbo is a Japanese company that provides quite a bit of detail on its TEMPEST shielding products. The DENGY-RITE 20 wideband grid ferrite absorber panels is especially interesting.
P & E Security Analysis - TEMPEST and security consulting. Some good links to government pubs.
Panashield manufactures a variety of shielding enclosures.
Profilon makes a TEMPEST laminate that can be installed over glass.
Pulse Engineering manufactures shielded COMSEC and INFOSEC hardware.
Racal Communications does TEMPEST evaluations.
Radiation Sciences Inc. is a TEMPEST consulting and training firm in Pennsylvania.
Raytheon Systems Company provides TEMPEST testing services (not much detail).
SCI Consulting has done TEMPEST work for clients like the Department of Energy.
Schaffner EMC supplies EMC filtering and testing devices.
Secure Systems Group (SSG) has been around since 1986, providing a variety of TEMPEST computer products.
Security Engineering Services Inc. is a consulting firm that offers TEMPEST courses and other services. The courses are only offered to students who have a security clearance. The interesting thing is the course books appear to be orderable by any U.S. citizen. TEMPEST Hardware Engineering and Design and TEMPEST Program Management and Systems Engineering, with over 800 pages of total material are available for $200.
Seimens makes TEMPEST versions of HP LaserJets and other product.
Shadow Chaser Investigations is a private investigation firm that supposedly does TEMPEST work.
Solar Electronics sells a variety of EMI filters, including TEMPEST specific.
Southwest Research Institute(O) (SwRI) performs TEMPEST and other testing.
SystemWare Incorporated is another consulting company that offers TEMPEST consulting. Not much information at this site.
TRW Specialized Services offers TEMPEST testing, both in the lab and field. This site has a nice Acrobat brochure that describes their services.
TSCM Consultant supposedly offers TEMPEST security consulting (page was under construction).
Tecknit is one of the leaders in shielding products. They specialize in architectural shielding (copper coated doors, panels, etc.) and smaller gaskets and screens for electronic devices. A very informative site, with downloadable Acrobat catalogs.
Tempest Inc. has been around for 13 years and produces TEMPEST standard hardware for the government and approved NATO countries. Their catalog isn't online, but as an example they offer an interesting Secure Voice Switching Unit that's used in USG executive aircraft. Not much technical information here.
Turtle Mountain Communications makes a TEMPEST fax device and other communications equipment.
TUV is a British firm that does TEMPEST testing.
Tempest Security Systems - Vendor of Pilkington architectural glass that reduces emanations.
Wang Federal Systems (O) also sells TEMPEST rated hardware as well as performs testing. This site contains their product and services catalog. Some good information.
Windermere Group performs government TEMPEST testing.
Veda Inc. (O) is a defense contractor who landed a 5.6 million dollar Navy contract for TEMPEST and COMSEC services.
XL Computing is a Florida company with a large catalog of TEMPEST hardware.
ZipperTubing manufactures EMI cable shielding.
There's an interesting EMC-related site that has lots of job listings, many having to deal with TEMPEST. This is a good intelligence source.
A truth in advertising note: Just because a piece of hardware is advertised as "designed to meet NACSIM 5100A" or "designed to meet TEMPEST standards" doesn't mean the device has gone through the rigorous TEMPEST certification process. "Real" TEMPEST hardware will clearly state it has been certified or endorsed.
"The National TEMPEST School (at Lackland Air Force Base - here's a map(O)) is responsible for providing training on TEMPEST criteria for installing, designing and testing electronic information processing systems for all U.S. Government departments and agencies, selected non-government agencies, and approved personnel from allied nations." Check out their course listings and schedules (archived here(O)). Gee, wonder if I can enroll in a class or two?
The Department of Energy is an extremely security conscious agency. A variety of their documents provide revealing glimpses of TEMPEST procedures.
While not TEMPEST-specific, the DOE's Computer Incident Advisory Capability (CIAC) has an interesting document called CIAC-2304 Vulnerabilities of Facsimile Machines and Digital Copiers (PDF format). In it, TEMPEST threats to FAX machines and copiers are briefly discussed. There are several papers referenced, including:
The DOE's Safeguards and Security Central Training Academy also has some relevant classified training courses.
The DOE apparently uses a company called DynCorp(O) to perform internal TEMPEST assessments.
Ricoh supplies TEMPEST shielded FAX machines to the FBI, DEA, and U.S. Marshals Service.
Even the map making folks get involved with TEMPEST. Check out the National Security Information Automated Information Systems section of their manual.
In the 1989 Annual Report of the National Computer System Security and Privacy Advisory Board(O), NIST stated that "TEMPEST is of lower priority in the private sector than other INFOSEC issues." It's fairly well known that NIST is influenced by the NSA, so this quote needs to be taken with a grain of salt.
NIST has a list of accredited laboratories) that perform MIL-STD-462 (electromagnetic interference) testing. Some of these also do TEMPEST testing.
While a bit dated (1986), A GUIDELINE ON OFFICE AUTOMATION SECURITY has a few references to TEMPEST, as well as other computer security nuggets.
Brief mention of the Industrial TEMPEST program as well as contacts (may be dated).
The NSA publishes something called the Information Systems Security Products and Services Catalogue (X). It contains a list of TEMPEST compliant hardware (as well as other approved security products). The cost of the catalog is $15 for a single copy or $34 for a yearly subscription (four issues). Requests for this document should be addressed directly to:
Unfortunately, several of the following classified documents can't be ordered:
October 25, 1999 - John Young filed a Freedom of Information Act request for TEMPEST-related material on May 18, 1998. The US government denied access to 22 of the 24 requested documents on grounds of secrecy. Parts of the two released documents (NSTISSAM TEMPEST/1-92 - Compromising Emanations Laboratory Test Requirements, Electromagnetics - Appendix A , Table of Contents, Sections 1 - 5, and Sections 6 - 12, Appendix A, Appendices B-M, Distribution List and NSA/CSS Regulation 90-5, Technical Security Program) are now available for review. John has filed an appeal in an attempt to get additional material disclosed.
November 30, 1999 - John Young has acquired more NSA TEMPEST documents. His growing collection now includes NSA Endorsed TEMPEST Products Program, NSA Endorsed TEMPEST Test Services Procedures, and NSA Zoned Equipment Program.
One interesting tidbit in all of this is the use of the codeword TEAPOT - "A short name referring to the investigation, study, and control of intentional compromising emanations (i.e., those that are hostilely induced or provoked) from telecommunications and automated information systems equipment." Who says the NSA doesn't have a sense of humor. TEMPEST, TEAPOT, ha, ha...
Note: John's release was mentioned over at Wired News and Slashdot, so be sure to check for insightful (or amusing) comments there.
While it's not hard to guess, the State Department uses TEMPEST equipment in foreign embassies. There's a position called a Foreign Service Information Management Technical Specialist - Digital(O), that pays between $30,000 to $38,000 a year. The ideal candidate should have a knowledge of TEMPEST standards as well as the ability to repair crypto hardware.
Along with cryptography, the export of TEMPEST standard hardware or devices for suppressing emanations is restricted by the International Traffic in Arms Regulations (ITAR). However, there is an exception in that: "This definition is not intended to include equipment designed to meet Federal Communications Commission (FCC) commercial electro-magnetic interference standards or equipment designed for health and safety."
The Treasury Department's Office of Security is mandated with handling TEMPEST and emissions security.
Part of the government's mandate to reduce costs is to make information available online. While the average user doesn't have access to Milnet or Intelink, there are a variety of unclassified, military sources on the Internet that directly or indirectly relate to TEMPEST standards.
Jargon alert. You'll sometimes see references to RED/BLACK systems. A red system is any device that stores or transfers classified data. Black systems store/transfer unclassified data. Gee, with all of the black projects and helicopters around these days, I would have thought it would be the other way around.
The Navy seems to be a further ahead then the other services in putting content online, including:
Chapter 16 of the Navy's AUTOMATED INFORMATION SYSTEMS SECURITY GUIDELINES manual is devoted to emanations security (X). Probably the most interesting section in this chapter deals with conducting a TEMPEST Vulnerability Assessment Request (TVAR). Completing the TVAR questionnaire provides some common sense clues as to how electronic security could be compromised. (The Navy seems to have pulled this. Try this alternate link.(O))
Chapter 21 of the same manual deals with microcomputer security. Section 21.8 Emanations Security, reads: "TEMPEST accreditation must be granted for all microcomputers which will process classified data, prior to actually processing the data. Your security staff should be aware of this and submit the TEMPEST Vulnerability Assessment Request (TVAR) to COMNISCOM. Microcomputers may be able to comply with TEMPEST requirements as a result of a TEMPEST telephone consultation, as permitted by COMNISCOM. Contact the Naval Electronic Security Engineering Center (NESSEC) for further information to arrange a TEMPEST telephone consultation. Use of a secure phone may be required and your request will be followed with written guidance." This leads one to believe that certain PC systems may not be as susceptible as others to emanations monitoring.
C5293-05 TEMPEST Control Officer Guidebook - "Provides guidance to the individual assigned responsibility for TEMPEST implementation at a major activity." Unfortunately, not online, and likely classified.
NISE East Information Warfare-Protect Systems Engineering Division(Information Warfare-Protect Systems Engineering Division - Code 72) puts on a couple of TEMPEST related training courses, (O) including "Tempest Criteria for System/Facility Installation" and "Tempest Fundamentals." These are targeted toward Department of Defense personnel and civilian contractors who must comply with TEMPEST standards as part of their business.
"The Reduction of Radio Noise Emanating from Personal Computers" (O) is a thesis topic at the Department of Electrical Engineering, Naval Postgraduate School.
Electromagnetic Environmental Effects. While not security-related, some good background information.
Check out Grumman Aerospace's spiffy TEMPEST building, where they do development work for the Navy on the EA-6B aircraft.
The Navy's INFOSEC site has lots of interesting information. There's even a TEMPEST related services link. Information Warfare (IW) Protect Systems Engineering Division (Code 72) appears to be the key TEMPEST players.
The Air Force Emission Security Program instruction manual (AF Instruction 33-203) has a remarkable amount of information about TEMPEST. My guess is this site won't remain available to the public for very long.
Even though the DoD started shutting down Web sites back in September for security reasons, there is still a tremendous amount of material being made to the general public. Examples that came from Offut Air Force Base these:
I really doubt these will be available very long. There is a remarkable amount of detail in these documents.
The Air Force's Rome Laboratory has produced a variety of interesting defense related systems. Some developments likely related to TEMPEST include:
The Air Force is currently engaged in research and development for building TEMPEST shielded vans and command shelters using lightweight composite components.
Other Air Force documents:
Lately the Air Force has developed a program called SATE (Security Awareness Training & Education) that integrates COMSEC, COMPUSEC and EMSEC disciplines.
The 497th Intelligence Group (497 IG), out of Bolling Air Force Base, Washington DC, manages TEMPEST related issues for the Air Force.
The U.S. Army Information Systems Engineering Command(O) is headquartered at Fort Huachuca, Arizona (here's the new link for ISEC, with access password protected). The Fort engages in a variety of spook-related activities. One of the classified documents that is referenced is:
The Army Corps of Engineers released a publication called "Electromagnetic Pulse (EMP) and TEMPEST Protection for Facilities" (X) EP1110-3-2, in December 1990 (unclassified). This is a treasure trove of information related to shielding buildings. (Thanks to John Young for digitizing parts of this massive document. It's also available in sections, PDF format, from an Army site.)
The Army Corps of Engineers, Construction Engineering Research Laboratories, has also been experimenting with low cost TEMPEST shielding technologies. Low Cost EMP EMI Tempest Shielding Technology (O) fact sheet link doesn't work anymore, but you can get a summary here(O).
The Army's White Sands Missile Range has a Test Support Division(O) that does TEMPEST testing as well as other things. An interesting photo of the inside and outside of a test truck is shown.
The Army's Blacktail Canyon (X) EMI/TEMPEST facility at Ft. Huachuca (spook-related location in Arizona), recently put up a Web page, with lots of interesting info. Also check the main Electronic Proving Ground site (why it is a .com instead of .mil or .gov site I have no idea).
The Army's Protective Design Center in Omaha specializes in structure designs to resist blasts as well as TEMPEST attacks.
The Coast Guard has a TEMPEST security program(O) in their Security Policy and Management Division (G-WKS-5)
The Department of Defense's Defense Technical Information Center has information regarding the Collaborative Computing Tools Working Group (representatives from private sector and the intelligence and defense communities). The CWG put together some TEMPEST recommendations for video-conferencing products.
From a post to the Cypherpunks list in April of 1994, by Steve Blasingame:
DA Pamphlet 73-1, Part One, 16 Oct 1992 (DRAFT) (X)(O) is an obscure document that discusses survivability and mission performance of military systems. The interesting thing in this pamphlet is a fairly detailed description of the military's Blacktail Canyon facility.
Other Defense Department documents:
Some interesting FOIA Star Wars program computer security requirements, including a TEMPEST separation table.
December 4, 1999 - John Young has found an excellent source for non-classified, military TEMPEST information. The Defense Automated Printing Service has a searchable Web database devoted to military specifications and standards (from nukes to nylons). John reports some of the handbooks and standards contain information the NSA removed from documents that were recently released to him under the FOIA. Here are some of the TEMPEST-related gems. Just enter a title and submit.
MIL-HDBK-232 - Red/Black Engineering-Installation Guidelines
MIL-HDBK-411A - Long Haul Communications (DCS), Power and Environmental Control
for Physical Plant, MIL-HDBK-419 - Grounding, Bonding, and Shielding for
Electronic Equipments and Facilities
MIL-HDBK-1195 - Radio Frequency Shielded Enclosures
MIL-STD-188-124 - Grounding, Bonding, and Shielding for Common Long Haul/Tactical
Communications Systems
MIL-STD-285 - Attenuation Measurement for Enclosures, Electromagnetic Shielding,
for Electronic Test Purposes, Method of
MIL-STD-461E - (Replaces previous 461 and 462) Electromagnetic Interference
Characteristics
Warning: These are huge PDF files, so have lots of bandwidth available.
Also, if you're interested in these documents, you might want to get them
now. There's no telling if and when the DoD might decide to shut down
this open source site.
The US isn't the only one playing the TEMPEST game. Here's some additional sources from various countries.
Australia
A brief defense document on emanation security.
COMMUNICATIONS SECURITY ESTABLISHMENT PUBLICATIONS
I love it when governments can't keep their acronyms/codewords straight. There is an official TEMPEST testing lab, but TEMPEST stands for Thermal, Electromagnetic & Physical Equipment Stress Testing and deals with devices used in animal tagging. Sheesh...
The French information security service (SCSSI) has a large amount of information devoted to TEMPEST. Have BabelFish or your favorite translator ready.
The British Central Computer and Telecommunications Agency(O) publishes a variety of computer security titles including:
Last changed December 25, 2001
Copyright 1996,1997, 1998, 1999, 2000, 2001 Joel McNamara