Tempest: a safe haven for secrets: Jonathan Newell finds out from TUV SUD Product Service about Tempest testing for military equipment to ensure critical information doesn't leak out across enemy lines.
Originally created by the National Technical Authority for Information Assurance (CESG), which is now part of the National Cyber Security Centre (NCSC), the purpose of Tempest testing is to overcome the vulnerabilities of classified information held or transmitted by military equipment.
If signals escape from military kit, such as IT equipment, communication systems and vehicles processing classified information, there is the possibility of unauthorised people, including enemy forces, picking up those signals and retrieving the sensitive information being carried. The result is a new battlefield on which the defence forces are fighting. They're no longer just facing men and machines but also increasingly the agents of cyber and electronic warfare.
The word Tempest is used in military circles to describe electromagnetic signals emanating from equipment, systems and entire mobile platforms and which can result in the recovery of sensitive information from a distance. As a result, NATO introduced a Tempest certification and testing programme to address the vulnerability of classified information, ensuring energy from IT equipment, communication systems and military platforms is not accessible to eavesdroppers.
MORE THAN EMC
Tempest testing is therefore more along the lines of cyber security certification than EMC validation, although aspects of both are involved.
Unlike EMC testing, Tempest is less interested in the level of these emissions than the data they carry. As far as Tempest is concerned, it isn't a concern if a product or platform emits radio waves or interferes with other pieces of equipment, but rather if someone from outside can see classified data within those emissions.
The NCSC Tempest service therefore helps manufacturers to understand how vulnerable their ICT system is to unintentionally emitting classified information and then ensures that appropriate countermeasures are put in place for the level of risk.
According to test and certification body TUV SUD Product Service, Tempest certification enables manufacturers of electronic equipment which handles classified information to supply the military and secure government organisations throughout NATO and Europe. This equipment can be anything such as IT, communications systems, crypto products, worn/personal systems and even printers, as well as entire platforms such as ships, aeroplanes and land vehicles.
Tempest certification is based on testing which demonstrates conformity with verifiable and repeatable standards specified by NCSC, which represents NATO in the UK. The Tempest testing service therefore enables manufacturers of electronic products intended to handle classified information to be added to the UK approved products list.
The Tempest Certification Scheme relates to the NCSC implementation of the NATO standard SDIP-55 and seeks to achieve assurance based on compliance at every stage of a product's life, from its initial design onwards. It supports the UK government's cyber strategy, also ensuring that Tempest services comply with the EU's IASG4-04 standard.
Manufacturers wishing to have their product or mobile platform (such as military vehicle or ship) certified must work with an NCSC accredited test facility, such as TUV SUD Product Service, which can issue Tempest product certificates on behalf of NCSC.
The NCSC Tempest Platform Accreditation Scheme has been developed to provide comprehensive, but not exhaustive, Tempest testing for first-of-type military platforms (ships, land vehicles and aircraft), to ensure Tempest risks are identified in order to enable correction or mitigation of that risk prior to entering service. The first-of-type test plans and reports are scrutinised by NCSC before accreditation is awarded.
In order to be accredited, and to verify its performance, a test facility must submit a facility qualification report to NCSC every three years. Test engineers must also have their qualifications revalidated by NCSC every three years.
There are three CESG (NCSC) documents which relate to Tempest and electromagnetic security (EMS), which can be referenced by both test laboratories and manufacturers to support them in their work.
The IA Implementation Guide No 14 (IG14) gives practical guidance to support users with understanding the CESG Good Practice Guide No 14 (GPG14), as well as the NATO Military Committee Communication and Information Systems Security and Evaluation Agency (SECAN) document and information publications policy for testers (specifically SDIP-27 testing of equipment and SDIP-29 installation of equipment). IG14 also interprets SDIP-27 for UK national use.
GPG14 assists anyone involved in managing risks and accrediting ICT systems, as well as those involved in their design and installation, to manage emissions security. GPG14 supports Her Majesty's Government's Security Policy Framework, which states that departments and agencies must follow specific government procedures to manage the risk posed by eavesdropping and electromagnetic emanations.
The IA Busy Reader's Guide No 17 aims to help readers achieve a more pragmatic approach to managing risks associated with electromagnetic vulnerabilities. It does this by clarifying risk management considerations for electromagnetic vulnerabilities and how these support technical risk assessment and treatment processes outlined in the supplement to HMG IA Standard Nos 1 & 2 (Supplement), Technical Risk Assessment and Risk Treatment.
Broadly speaking, the tests consider how close people can get to the equipment in question and how it will be used. For example, is it held within a secure room, or an embassy to which members of the public can get quite close? If it is the latter, there may be a risk that an individual could use an antenna outside the embassy to pick-up what is on a laptop screen within the building.
NCSC qualified engineers will examine a manufacturer's product against the Tempest standard, using NCSC accredited equipment. However, while Formal Tempest Certification Scheme (CFTCS) testing ensures that a new product is tested thoroughly for Tempest emanations, it is only performed on one product sample. Consequently, to ensure that the build standard remains consistent throughout the product's production, Tempest Production Assurance Testing (TPAT) is carried out on samples from the product's production run to ensure Tempest integrity is maintained.
As well as submitting products for testing by an accredited laboratory, manufacturers must also undergo regular NCSC Tempest production audits to maintain certification for their equipment.
* Based on material contributed by Jean-Louis Evans, managing director of TUV SUD Product Service
* To read more on this story online at EEOniine scan the QR code or visit https://goo.gl/e8kXZl
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||DEFENCE INDUSTRY: INFORMATION SECURITY|
|Date:||Oct 1, 2017|
|Previous Article:||Precision bearings enhance gyroscope life: As critical navigational aids that run continuously around the clock, marine gyroscopes require super...|
|Next Article:||Managing submersion: it's more than fitting a snorkel: Military vehicles often have to negotiate rivers or flooded areas, so the challenge is to...|