There are many ways for industry, government agencies and individuals to protect their data from nefarious threats. Patches, updates, firewalls and other tools are necessary in the ever-evolving battle for information and, while effective, they only protect against virtual threats.
There is another threat to data security that can’t be addressed by the latest data-protection software or security patch. The exploitation of electromagnetic signals emanating directly from electronic equipment is a type of side-channel attack known to be a security risk since World War II.
A formerly classified U.S. and NATO project, code name; TEMPEST, was developed in response to the problem of compromising emanations in the 1960’s. Under the TEMPEST program, a set of standards was developed to test and certify electronic equipment adapted to prevent emanations.
In 1985, a Dutch computer scientist named Wim van Eck published the first unclassified technical analysis of the threat posed by emanating electromagnetic signals or, Van Eck Phreaking.
In van Eck’s, presentation, he demonstrated how data could be intercepted from hundreds of meters away, decrypted and reconstructed into readable documents in seconds with an easily accessible, $15 piece of tuning equipment.
Sensitive and Classified information are critical to National Security and, at greater risk for this kind of eavesdropping, are Government agencies and military installations deployed outside the Continental US (OCONUS).
If we think of data as water, then a display monitor is like a leaky tank.
In 1969, Advanced Programs, Incorporated (API) answered the call to engineer and manufacture products uniquely adapted to prevent electromagnetic signals from “escaping the tank”.
With over 50 years of experience and expertise, API represents the gold standard in TEMPEST engineering for products like; workstations, network and server equipment, video conferencing and VoIP telephony equipment. API’s CTP Engineering team ensures that every TEMPEST product we produce is certified to meet the standards set by NSA.
The National Security Agency (NSA), in partnerships with industry, manages the TEMPEST Certification Programs (TCP) which consists of three closely related NSA programs: the Certified TEMPEST Products Program, the Certified TEMPEST Test Services Program and the Zoned Equipment Program.
| Standard | NATO SDIP-27/1 | USA NSTISSAM | Suitable for NATO SDIP-28/Zones |
| FULL | LEVEL A | LEVEL I | ZONE 0 |
| INTERMEDIATE | LEVEL B | LEVEL II | ZONE 1 |
| TACTICAL | LEVEL C | LEVEL III | ZONE 2 |